c7b75a2e452c498eb6beab83bba0290b19065b63f2f7a540877a2b13a4f003fa

Sharing

Copy URL

Twitter E-mail

General

Target

c7b75a2e452c498eb6beab83bba0290b19065b63f2f7a540877a2b13a4f003fa
Size

128KB
MD5

494439a384a9ff443cad1782218b1f2c
SHA1

7c5bded1ca65858eb0fe17ff5df298b500499989
SHA256

c7b75a2e452c498eb6beab83bba0290b19065b63f2f7a540877a2b13a4f003fa
SHA512

c2c538c67000708c2370a26cea3990d8cae077567e234aa85d2e1fc02f2170fc885e47d2742cbdc161fb7141bd542cd492cf960b6bc9966d08a9e5ed42c5fbde
SSDEEP

3072:01HYxzauNTQJpFqGeudPqjU/uZCAS1H1bASKaP6Yua5pD:aHGNNrulNEk8Sviy5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_gppl06.exe

Files

c7b75a2e452c498eb6beab83bba0290b19065b63f2f7a540877a2b13a4f003fa
.cab
e_gppl06.exe
.exe windows:4 windows x64 arch:x64

21d0123c5fb6aad1f44ac1d94767acb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
ExitThread
CreateThread
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetCurrentProcess
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetThreadLocale
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
WritePrivateProfileStringW
GetModuleHandleA
FormatMessageW
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalUnlock
GlobalReAlloc
TlsAlloc
TlsGetValue
lstrlenW
GetCurrentProcessId
GlobalAddAtomW
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GlobalDeleteAtom
CreateEventW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
SetLastError
CreateFileW
ReadFile
GlobalLock
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
LocalAlloc
CreateMutexW
CreateFileMappingW
OpenFileMappingW
LocalFree
ReleaseMutex
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetVersionExW
Sleep
WaitForSingleObject
LoadLibraryW
GetExitCodeThread
FreeLibrary
GetPrivateProfileStringW
GetUserDefaultLangID
GetLastError
lstrcmpW
GlobalFree
GlobalAlloc
GetProcAddress
ResetEvent
GetStartupInfoA
SetEvent

user32

LoadCursorW
GetSysColorBrush
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDlgCtrlID
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnregisterClassW
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
DestroyMenu
GetClassInfoW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
GetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
MoveWindow
PostMessageW
SendMessageW
UnregisterClassA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
CreateBitmap
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
PtVisible

winspool.drv

ClosePrinter
GetJobW
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21d0123c5fb6aad1f44ac1d94767acb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 13KB - Virtual size: 44KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 13KB - Virtual size: 44KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB