579a9e36a3fa17d70e8f07b951cbb8605ed7442a828d27670032fe83ebc6fb05

Sharing

Copy URL Twitter E-mail

General

Target

579a9e36a3fa17d70e8f07b951cbb8605ed7442a828d27670032fe83ebc6fb05
Size

461KB
MD5

559a1b07b3e9fd908cf1acb00138bc76
SHA1

4af6a76d13d49d5ae71844007c0f8f4cd6ceabab
SHA256

579a9e36a3fa17d70e8f07b951cbb8605ed7442a828d27670032fe83ebc6fb05
SHA512

dea495bd6cd346fdf86825227fed0943c8897963c786a383af39e4d2c7079af7f5f730559567dd0f68e24067c7a3831f6dd137271560068e152b9a941c91c126
SSDEEP

12288:fd+LZrNwWrmwMNoz4vGYNOYZabtK7RBjvrEH79:fYLZreW2vFPabI7PrEH79

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
579a9e36a3fa17d70e8f07b951cbb8605ed7442a828d27670032fe83ebc6fb05

Files

579a9e36a3fa17d70e8f07b951cbb8605ed7442a828d27670032fe83ebc6fb05
.dll windows:5 windows x86 arch:x86

18a9672c82a5e7523b8185670465b54e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\b\build\slave\win\build\src\out\Release\gcapi_dll.dll.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

kernel32

GetCommandLineW
LocalFree
IsDebuggerPresent
GetCurrentProcess
WaitForSingleObject
GetCurrentThreadId
Sleep
RaiseException
CreateDirectoryW
ReadFile
GetTempPathW
GetFileAttributesW
GetCurrentDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetNativeSystemInfo
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetTickCount
FindClose
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
VirtualQuery
GetSystemInfo
HeapAlloc
HeapReAlloc
HeapFree
OpenProcess
FindResourceW
SetHandleInformation
HeapSize
ReadConsoleW
UnlockFileEx
LockFileEx
GetWindowsDirectoryW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetEnvironmentVariableW
CreateProcessW
ResumeThread
AssignProcessToJobObject
FormatMessageA
GetCurrentProcessId
CloseHandle
DeleteFileW
GetLastError
CreateFileW
GetModuleFileNameW
OutputDebugStringA
WriteFile
SetLastError
GetLocalTime
lstrlenW
LoadResource
LockResource
VirtualProtect
FreeLibrary
LoadLibraryExA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
GetConsoleCP
GetConsoleMode
ExitProcess
GetFullPathNameW
SetStdHandle
GetFileType
GetProcessHeap
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetACP
WriteConsoleW
GetDriveTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringW
SizeofResource

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemFree

user32

CharUpperW
SetWindowPos
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId

advapi32

CreateProcessAsUserW
ConvertSidToStringSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
SystemFunction036
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

oleaut32

SysAllocString
SysFreeString
VariantClear

rpcrt4

UuidCreate

Exports

Exports

CanOfferReactivation
CanOfferRelaunch
GetHandleVerifier
GoogleChromeCompatibilityCheck
GoogleChromeDaysSinceLastRun
LaunchGoogleChrome
LaunchGoogleChromeInBackground
LaunchGoogleChromeWithDimensions
ReactivateChrome
SetRelaunchOffered

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18a9672c82a5e7523b8185670465b54e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

winmm

kernel32

ole32

user32

advapi32

userenv

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 13KB

.gfids Size: 1024B - Virtual size: 808B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 13KB

.gfids
Size: 1024B - Virtual size: 808B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB