25394713bf81b386c33736a0c52dfb4cda2e3e0c04d4c55815f380a9e22962c8

Sharing

Copy URL Twitter E-mail

General

Target

25394713bf81b386c33736a0c52dfb4cda2e3e0c04d4c55815f380a9e22962c8
Size

4.0MB
MD5

a7f45027a4885080e0c9fd80dea5da5e
SHA1

ce2bc42f357a8f742892cd90592d362e731c9fe8
SHA256

25394713bf81b386c33736a0c52dfb4cda2e3e0c04d4c55815f380a9e22962c8
SHA512

8d8cdf91c8abbb811f0558617b17dc2acc7567c26edf1783cb02e385abb99ba30fb27019ddac948cd935afdf34cc5dad3deec1ce232832428ae1e0aad4950dac
SSDEEP

98304:ynRZxgZmwspTI8ntiqOYmpvFH4exS5wpFFJ8J1cAw8m3ok:CJg4wspTttiq8ZFxrFo+mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25394713bf81b386c33736a0c52dfb4cda2e3e0c04d4c55815f380a9e22962c8

Files

25394713bf81b386c33736a0c52dfb4cda2e3e0c04d4c55815f380a9e22962c8
.exe windows:6 windows x86 arch:x86

5fc0e13a9c6e6f7da75af3ba3ec3c4c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\code\gssp\bin\gssp.pdb

Imports

kernel32

WideCharToMultiByte
CreateProcessA
CreateEventA
GetCurrentProcess
InitializeCriticalSectionEx
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
RaiseException
DecodePointer
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
lstrcmpiW
EnterCriticalSection
TerminateProcess
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryW
ResetEvent
LocalFree
FindFirstFileA
FindNextFileA
FindClose
lstrcmpA
GetModuleHandleA
OpenProcess
CopyFileA
GetFileAttributesA
MoveFileExA
DeleteFileA
GetSystemWow64DirectoryA
GetStartupInfoA
GetModuleHandleW
CreateDirectoryA
GetConsoleCP
HeapSize
CreateThread
GetSystemDirectoryA
SetEvent
OpenMutexA
Sleep
MultiByteToWideChar
LocalAlloc
WaitForSingleObject
GetVolumeInformationA
CreateMutexA
SetLastError
OpenEventA
GetModuleFileNameA
SetFileAttributesA
LoadResource
LockResource
FindResourceA
WriteFile
SizeofResource
CloseHandle
CreateFileA
GetLastError
SetFilePointer
OutputDebugStringA
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetProcAddress
ReadFile
GetSystemTimeAsFileTime
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
MoveFileExW
GetStdHandle
GetConsoleMode
WriteConsoleW
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryExW
CreateEventW
FlushFileBuffers
GetStartupInfoW
GetCurrentThreadId
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTimeZoneInformation
SetEnvironmentVariableW
GetComputerNameW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FindFirstFileExW
IsValidCodePage
GetOEMCP
SetFilePointerEx

advapi32

RegisterEventSourceW
CreateServiceW
SetFileSecurityA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenServiceW
ReportEventW
SetSecurityDescriptorDacl
SetFileSecurityW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
StartServiceW
InitializeSecurityDescriptor

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0cf
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26.0MB - Virtual size: 26.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fc0e13a9c6e6f7da75af3ba3ec3c4c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

Sections

.text Size: 398KB - Virtual size: 397KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 10KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 496B

.tls Size: 512B - Virtual size: 9B

.0cf Size: 672KB - Virtual size: 672KB

.reloc Size: 25KB - Virtual size: 24KB

.rsrc Size: 26.0MB - Virtual size: 26.0MB

.text
Size: 398KB - Virtual size: 397KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 10KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 496B

.tls
Size: 512B - Virtual size: 9B

.0cf
Size: 672KB - Virtual size: 672KB

.reloc
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 26.0MB - Virtual size: 26.0MB