9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1)

Sharing

Copy URL

Twitter E-mail

General

Target

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1)
Size

25.9MB
MD5

e663ff1bb6be044d698d15a3bc74b822
SHA1

f67ec8ed6895296fa115e8a4443e41a0dbd733c2
SHA256

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073
SHA512

d93fe2f67ce89fa6b8b195f14b9341186a2218ba382100a49c0d96f03a6224247ec3ce69a9928b9e4feee056a13f7b7a157d46d0fe65dd761a578a40e8ed7013
SSDEEP

196608:p5H3zHriM3lONIfjm0S6VFWxtswdO8Nw3MRfW8+IiAp7kz8roTsWbbh7nkMz9ha4:frmKSPoTsWbbh7nkMJRNc4Y/kyZpJIV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1)

Files

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1)
.dll regsvr32 windows:5 windows x86 arch:x86

7a3f4df5134515e5cd11f422da6c8d86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\p4builds\Products\GoToMeeting\release-723\output\G2M_Dll.pdb

Imports

rpcrt4

NdrCStdStubBuffer_Release
UuidToStringW
UuidCreate
RpcStringFreeW
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_IsIIDSupported

netapi32

NetApiBufferFree
Netbios
NetUserGetInfo
DsGetDcNameW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleInformation
GetModuleFileNameExW

wsock32

send
recv
WSAGetLastError
shutdown
recvfrom
ntohl
inet_addr
sendto
setsockopt
select
ntohs
htonl
getsockopt
getsockname
getpeername
connect
WSACleanup
__WSAFDIsSet
gethostname
gethostbyname
accept
bind
closesocket
inet_ntoa
htons
ioctlsocket
listen
socket
WSAStartup
WSASetLastError

shlwapi

PathRemoveExtensionW
PathStripPathW
StrChrW
StrFormatByteSizeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

powrprof

CallNtPowerInformation

secur32

InitSecurityInterfaceA
GetUserNameExW

wininet

HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetSetOptionW
InternetConnectW
InternetReadFileExA
InternetErrorDlg
HttpEndRequestW
HttpSendRequestExW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetOpenW
InternetCreateUrlW
HttpOpenRequestW

kernel32

GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GlobalMemoryStatusEx
LocalAlloc
GetSystemInfo
lstrcmpiW
lstrlenA
GetLocaleInfoW
OpenProcess
GetCurrentThread
GetShortPathNameW
GetModuleHandleExW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindClose
SetFileTime
GetTempFileNameW
GetDiskFreeSpaceExW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetLocalTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
CreateMutexW
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
InitializeCriticalSection
TerminateProcess
GetExitCodeProcess
CreateProcessW
CompareFileTime
FindNextFileW
WaitForMultipleObjects
GetProcessTimes
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatW
GetDateFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ResetEvent
CreateEventW
OpenEventW
QueryDosDeviceW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
LoadResource
SizeofResource
FindResourceW
HeapReAlloc
HeapSize
GetProcessHeap
OpenMutexW
MulDiv
GetTempPathA
CreateDirectoryA
GetWindowsDirectoryW
GetEnvironmentVariableW
TlsFree
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
lstrcmpW
CreateWaitableTimerW
SetWaitableTimer
SetProcessShutdownParameters
GetCommandLineW
GetVersionExA
GetFileTime
LockResource
GlobalFree
Thread32First
Thread32Next
ExitProcess
InterlockedExchange
InterlockedExchangeAdd
GetProcessId
DuplicateHandle
CreateThread
OpenFileMappingW
lstrlenW
LoadLibraryExA
HeapAlloc
HeapDestroy
HeapCreate
GetSystemWindowsDirectoryW
LoadLibraryW
SetEvent
CreateEventA
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSize
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
LoadLibraryExW
GetVersionExW
IsBadReadPtr
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
FreeLibrary
OutputDebugStringW
FormatMessageW
LocalFree
SetThreadLocale
GetThreadLocale
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
InterlockedDecrement
InterlockedIncrement
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DisableThreadLibraryCalls
DecodePointer
IsValidLocale
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
SetEnvironmentVariableW
HeapFree
ReadConsoleInputA
SetConsoleMode
LocalFileTimeToFileTime
RtlUnwind
GetACP
ExitThread
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
FindFirstFileExW
GetCommandLineA
VirtualFree
VirtualAlloc
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
VirtualProtect
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
FormatMessageA
GetStringTypeW
EnumSystemLocalesW
AreFileApisANSI
GetStdHandle
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
ReadConsoleW
ReleaseSemaphore
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetSystemDefaultLCID
EnumResourceLanguagesW
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetUserDefaultUILanguage
OpenThread
VerifyVersionInfoW
VerSetConditionMask
InterlockedCompareExchange
OpenEventA
GetFileSizeEx
GetExitCodeThread
MoveFileA
FindNextFileA
FindFirstFileA
GetFileAttributesExA
SetThreadAffinityMask
GetProcessAffinityMask
CreateWaitableTimerA
SetPriorityClass
FreeConsole
AllocConsole
OutputDebugStringA
CreateMutexA
GetLocaleInfoA
GetNativeSystemInfo
CreateSemaphoreA
GetOverlappedResult
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
FoldStringW
GetVolumeInformationW
CreateNamedPipeW
SetThreadExecutionState
ExpandEnvironmentStringsW
FreeResource
GetThreadTimes
GetUserDefaultLCID

gdi32

GetRegionData
FillRgn
SetPixel
SetROP2
GetClipRgn
IntersectClipRect
CreateBitmap
GetObjectA
ExtTextOutW
EqualRgn
CreateRectRgnIndirect
DPtoLP
OffsetRgn
GetSystemPaletteEntries
CreatePalette
Polyline
GetPaletteEntries
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
SaveDC
RestoreDC
GetDCOrgEx
CreateDCW
GetRgnBox
PtInRegion
CreatePen
Polygon
SetPolyFillMode
PaintRgn
FrameRgn
SetDCPenColor
SetDCBrushColor
Rectangle
CreateEllipticRgn
GetTextMetricsW
SetBkColor
CreatePolygonRgn
CreateRoundRectRgn
SetStretchBltMode
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetPixelV
SetMapMode
SelectClipRgn
LineTo
GetPixel
GetClipBox
SetRectRgn
ExcludeClipRect
CreateRectRgn
CombineRgn
GetTextExtentPoint32W
SetDIBits
GetDIBits
CreateDIBitmap
GetBitmapBits
TextOutW
SetTextColor
GetTextColor
GetBkMode
CreateFontW
CreateFontIndirectW
SetBrushOrgEx
SetBkMode
CreatePatternBrush
GetObjectW
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

comdlg32

GetSaveFileNameW
ChooseColorW
CommDlgExtendedError
GetOpenFileNameW

ole32

OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetCurrentProcess
StringFromGUID2
CoCreateInstance
CoInitialize
CoRegisterClassObject
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
StringFromCLSID
PropVariantClear
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoInitializeEx
CoRevokeClassObject
CoRegisterPSClsid
CoGetCallContext
CoSetProxyBlanket
CoDisconnectObject
CoInitializeSecurity
CoGetObject
CoCreateGuid
IIDFromString
OleRun
CoFreeUnusedLibraries
CoUninitialize
OleUninitialize
OleInitialize
StringFromIID

oleaut32

OleLoadPicture
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
OleLoadPicturePath
VarBstrCat
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen
VarUI4FromStr
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
OleCreatePropertyFrame
VariantCopy
VarBstrCmp
SystemTimeToVariantTime
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
LPSAFEARRAY_UserUnmarshal

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

comctl32

ord412
InitCommonControlsEx
ord413
ord410

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

mixerClose
mixerGetNumDevs
timeSetEvent
timeKillEvent
timeGetTime
mmioAscend
mmioDescend
mmioRead
mmioClose
mmioOpenA
mmioOpenW
waveOutPause
waveInGetPosition
waveInReset
waveInStop
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInGetErrorTextW
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutGetErrorTextW
waveOutSetVolume
waveOutGetVolume
timeBeginPeriod
mixerSetControlDetails
timeEndPeriod
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
waveInGetNumDevs
mixerGetDevCapsW
mixerOpen
waveOutMessage
waveInMessage
waveOutGetDevCapsW
waveInGetDevCapsW
waveOutGetNumDevs
waveInOpen
waveOutOpen
waveInClose
waveOutClose
mixerGetID
waveInGetID
waveOutGetID

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

d3d9

Direct3DCreate9

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamOpen
acmStreamClose

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringA
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertAddEncodedCertificateToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CertOpenStore

ws2_32

WSAAddressToStringA
getaddrinfo
freeaddrinfo
getnameinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
WSASend
WSAIoctl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
g2mcomm_winmain
g2minstaller_winmain
g2minsthigh_winmain
g2mlauncher_winmain
g2mstart_winmain
g2mui_winmain
g2muninstall_winmain
g2mupdate_winmain
g2mupload_winmain
g2mvideoconference_winmain

Sections

.text
Size: 20.5MB - Virtual size: 20.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 694KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IPPDATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 938KB - Virtual size: 938KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a3f4df5134515e5cd11f422da6c8d86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

netapi32

psapi

wsock32

shlwapi

version

powrprof

secur32

wininet

kernel32

gdi32

comdlg32

ole32

oleaut32

wtsapi32

comctl32

userenv

winmm

avicap32

d3d9

msacm32

setupapi

iphlpapi

crypt32

ws2_32

Exports

Exports

Sections

.text Size: 20.5MB - Virtual size: 20.5MB

.orpc Size: 2KB - Virtual size: 4KB

IPPCODE Size: 694KB - Virtual size: 696KB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 396KB - Virtual size: 1012KB

IPPDATA Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

_RDATA Size: 5KB - Virtual size: 8KB

.rsrc Size: 938KB - Virtual size: 938KB

.text
Size: 20.5MB - Virtual size: 20.5MB

.orpc
Size: 2KB - Virtual size: 4KB

IPPCODE
Size: 694KB - Virtual size: 696KB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 396KB - Virtual size: 1012KB

IPPDATA
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

_RDATA
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 938KB - Virtual size: 938KB