g2m[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

g2m.dll
Size

6.6MB
MD5

267eb3b01b4f63299425f5a7a9516e80
SHA1

f8788fc20b9487042006c7af99849652bfe0dac9
SHA256

3dee4573911345d6b845257b391a90861bb3c345e2f5b445cdd5edbffb58b75a
SHA512

d505e240d7b831a453c802b855235cc37d64cd0f64c0ca19a673a85c23cdf749963f8bfbeb0d4f745419fbfcb23725704f4c1034b7c9a15cc07537499b2a7e4e
SSDEEP

98304:qqHQXidDnBW0hcthSDnqDO5rzRQfaxcxVwdqaBAN:qXi9gDmyhmMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

g2m.dll

resource
g2m.dll

Files

g2m.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7e160f4153291da1ea63960c8e40216d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\p4builds\Products\GoToMeeting\v4.5_builds\output\G2M.pdb

Imports

kernel32

SetEvent
WaitForMultipleObjects
CreateEventW
InterlockedDecrement
InterlockedIncrement
SetLastError
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
DeleteFileW
ReadFile
GetFileInformationByHandle
CreateFileW
WriteFile
LocalFree
FormatMessageW
LoadLibraryW
GetTimeZoneInformation
GetWindowsDirectoryW
GetCurrentProcess
GetTempPathA
CreateDirectoryA
GetVersionExW
GetCurrentThreadId
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetDiskFreeSpaceExW
CreateProcessW
CreateMutexW
GetShortPathNameW
GetSystemDirectoryW
GetLocalTime
SystemTimeToFileTime
GetSystemTime
SetWaitableTimer
CreateWaitableTimerW
WritePrivateProfileStringW
ReleaseMutex
GetDateFormatW
OpenMutexW
GetLocaleInfoW
VirtualFree
VirtualAlloc
GlobalLock
GlobalUnlock
GlobalAlloc
lstrlenW
FlushInstructionCache
lstrcmpW
MulDiv
GetTimeFormatW
FileTimeToSystemTime
GetVersionExA
GetTempPathW
ExpandEnvironmentStringsW
MultiByteToWideChar
LockResource
SizeofResource
LoadResource
FindResourceW
GetTickCount
CompareFileTime
GetModuleFileNameW
QueryPerformanceCounter
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileSize
GetFileAttributesW
GetFileTime
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DisableThreadLibraryCalls
LoadLibraryExW
lstrcmpiW
SetThreadPriority
IsBadReadPtr
SetUnhandledExceptionFilter
ResumeThread
GetThreadContext
SuspendThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
TerminateThread
ResetEvent
OpenEventW
GetSystemWindowsDirectoryW
GetComputerNameW
GetSystemInfo
GlobalMemoryStatusEx
lstrlenA
SetFilePointer
SetEndOfFile
FlushFileBuffers
CopyFileW
GetTempFileNameW
MoveFileW
TryEnterCriticalSection
WideCharToMultiByte
RemoveDirectoryW
SetCurrentDirectoryW
GetSystemTimeAsFileTime
ReleaseSemaphore
CreateSemaphoreW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
TlsFree
GetVolumeInformationW
GetLogicalDriveStringsW
GetProcessHeap
GlobalMemoryStatus
GetDiskFreeSpaceW
GetDriveTypeW
SetErrorMode
CreateThread
GetTimeFormatA
InterlockedExchange
GetModuleFileNameA
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetCurrentThread
TerminateProcess
OpenProcess
GetLastError
GetCurrentProcessId
GetCommandLineW
WaitForSingleObject
CloseHandle
GetProcAddress
FreeLibrary
Sleep
TlsAlloc
TlsSetValue
TlsGetValue
GetExitCodeProcess
ExitProcess
RaiseException
GetDateFormatA
GetVersion
CreateEventA
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
ExitThread
RtlUnwind
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetFullPathNameA
PeekNamedPipe
CreateFileA
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FoldStringW
QueryPerformanceFrequency

gdi32

SaveDC
BitBlt
CreateSolidBrush
SetBkMode
SetBrushOrgEx
CreateCompatibleBitmap
CreatePatternBrush
CreateCompatibleDC
SelectObject
GetPixel
SetPixel
DeleteDC
DeleteObject
GetObjectW
GetStockObject
CreateFontIndirectW
GetDCOrgEx
GetClipBox
CombineRgn
SetRectRgn
CreateRectRgn
GetTextExtentPoint32W
SetTextColor
SetBkColor
TextOutW
GetTextMetricsW
RestoreDC
CreateDIBSection
CreateFontW
SetDIBits
SetDIBColorTable
GetDIBits
SetPixelV
MoveToEx
LineTo
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
ExcludeClipRect
SelectClipRgn
StretchBlt
SetStretchBltMode
CreateRoundRectRgn
CreatePolygonRgn
PaintRgn
GetSystemPaletteEntries
Polyline
EqualRgn
GetRgnBox
OffsetRgn
CreateRectRgnIndirect
GetRegionData
FillRgn
SetROP2
CreateBitmap
ExtTextOutW
FrameRgn
Polygon
SetPolyFillMode
CreatePen
GetDIBColorTable
GetPaletteEntries
CreateDIBitmap
CreatePalette
GetDeviceCaps

shlwapi

PathRemoveExtensionW
PathStripPathW
StrFormatByteSizeW

wininet

HttpOpenRequestW
InternetReadFileExA
HttpQueryInfoW
HttpSendRequestExW
InternetQueryOptionW
HttpEndRequestW
InternetErrorDlg
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetSetStatusCallbackW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
g2mchat_winmain
g2mcomm_winmain
g2mfeedback_winmain
g2mhost_winmain
g2minstaller_winmain
g2minsthigh_winmain
g2mlauncher_winmain
g2mmatchmaking_winmain
g2mmaterials_winmain
g2mpolling_winmain
g2mqanda_winmain
g2mrecorder_winmain
g2msessioncontrol_winmain
g2mstart_winmain
g2mtesting_winmain
g2mtranscoder_winmain
g2mui_winmain
g2muninstall_winmain
g2mview_winmain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 963KB - Virtual size: 963KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e160f4153291da1ea63960c8e40216d

Headers

File Characteristics

PDB Paths

Imports

kernel32

gdi32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.orpc Size: 2KB - Virtual size: 4KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 88KB - Virtual size: 148KB

.rsrc Size: 963KB - Virtual size: 963KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.orpc
Size: 2KB - Virtual size: 4KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 88KB - Virtual size: 148KB

.rsrc
Size: 963KB - Virtual size: 963KB