goonto-windows[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

goonto-windows.exe
Size

4.3MB
MD5

518264ee20b425fca7df9356c76244d4
SHA1

a669619358ed9341238f8c1d6cd0aa3e97b3438e
SHA256

4f9df58bc2bf30f26249cff53b06bbe43e059a4a0695c8de4604679232eb6f5f
SHA512

bd3e3301d1078c2276c708c02bca5c6a5ac229f16cac016e1cae8bf12207948948459279bd854d296e7ed2474c97f7978883324787e280e3b7bcb9021465bf01
SSDEEP

49152:AdeigVs3TCcIxQYPQIoQlY0m+CnkLNXSFGqLq1iycRW2ZWW9zIkoS5IU6i/QM2b2:APDP/+zkGZ4ZxpoS++/Kb2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
goonto-windows.exe

Files

goonto-windows.exe
.exe windows:6 windows x64 arch:x64

5934010dd1baa77044eee71d80be8eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
GetCurrentThreadId
LoadLibraryW
EnterCriticalSection
GetComputerNameA
GetACP
IsDebuggerPresent
InitializeCriticalSection
GetLogicalDrives
GetFileAttributesW
GetCommandLineW
MulDiv
WideCharToMultiByte
GetCurrentDirectoryA
SetCurrentDirectoryA
GetLocaleInfoA
GlobalLock
GlobalUnlock
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemInfo
PostQueuedCompletionStatus
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
CopyFileExW
ReleaseSRWLockShared
AcquireSRWLockShared
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
CreateThread
FindFirstFileW
CreateDirectoryW
FindNextFileW
SetFilePointerEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CreateFileW
GetModuleFileNameW
GetEnvironmentVariableW
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
ReleaseMutex
CreateMutexA
GetCurrentProcess
LoadLibraryA
WaitForSingleObjectEx
GetCurrentDirectoryW
FormatMessageW
GetModuleHandleW
QueryPerformanceFrequency
Sleep
SetWaitableTimer
CreateWaitableTimerExW
SetLastError
WriteConsoleW
MultiByteToWideChar
WaitForSingleObject
GetConsoleMode
GetStdHandle
GetCurrentThread
GetProcAddress
GetModuleHandleA
SetHandleInformation
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
lstrlenW
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
CreateMutexW
AcquireSRWLockExclusive
FindClose
ReleaseSRWLockExclusive
GetCurrentProcessId
SwitchToThread
LocalFree
CloseHandle
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SystemFunction036

gdi32

SetDIBits
Polyline
PolyPolygon
Pie
Arc
Polygon
MoveToEx
SelectClipRgn
RectInRegion
LineTo
EqualRgn
SetStretchBltMode
StretchDIBits
StretchBlt
ExtCreatePen
RealizePalette
GetStockObject
CreateSolidBrush
CreatePen
CreatePalette
GdiFlush
GetObjectA
GetDIBits
GetDCOrgEx
OffsetRgn
DPtoLP
GetTextMetricsA
SetTextColor
GetCharacterPlacementW
GetTextExtentPoint32W
GetGlyphOutlineW
EnumFontFamiliesW
CreateFontW
SetWindowOrgEx
LPtoDP
CreatePolygonRgn
SetPixel
SelectPalette
GetWindowOrgEx
GetRegionData
ExtCreateRegion
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
PlayEnhMetaFile
GetEnhMetaFileHeader
UpdateColors
SetTextAlign
SetDIBitsToDevice
SetBkMode
SelectObject
SaveDC
RestoreDC
GetRgnBox
GetDeviceCaps
DeleteObject
CreateRectRgn
CreateBitmap
CombineRgn
TextOutW

user32

DestroyWindow
SendInput
VkKeyScanW
MapVirtualKeyW
GetAsyncKeyState
DefWindowProcW
SetLayeredWindowAttributes
GetWindowLongPtrA
SetWindowLongPtrA
GetKeyboardLayout
RegisterWindowMessageW
TranslateMessage
DispatchMessageW
PeekMessageA
PeekMessageW
SendMessageA
RegisterClassExW
CreateWindowExA
IsWindow
ShowWindow
OpenIcon
GetWindowPlacement
IsIconic
BringWindowToTop
OpenClipboard
CloseClipboard
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetKeyState
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
GetSystemMetrics
GetDC
ReleaseDC
GetUpdateRgn
InvalidateRect
ValidateRgn
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
ClientToScreen
MapWindowPoints
LoadCursorA
LoadIconA
DestroyIcon
CreateIconIndirect
SystemParametersInfoA
SendMessageW
CallWindowProcA
GetForegroundWindow
GetWindowLongPtrW
PostMessageA
SetWindowRgn
SetWindowTextW
SetRect
GetParent
GetWindow
SetActiveWindow
MessageBeep
GetSysColor
SetForegroundWindow
WindowFromPoint
PostThreadMessageA
MessageBoxA
FillRect
GetKeyboardState
RegisterClassW
RegisterHotKey
SetWindowPos
GetWindowLongA
SetWindowLongA
BlockInput
CreateWindowExW

ntdll

NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
RtlGetNtVersionNumbers
NtCancelIoFileEx

ole32

CoInitializeEx
CoTaskMemFree
OleInitialize
RegisterDragDrop
CoInitializeSecurity
ReleaseStgMedium
DoDragDrop
CoCreateInstance
RevokeDragDrop

oleaut32

VariantInit
SysStringLen
GetErrorInfo
SysAllocStringLen
SysFreeString

shell32

SHGetPathFromIDListA
SHGetKnownFolderPath
SHBrowseForFolderW
DragQueryFileW
CommandLineToArgvW
ShellExecuteA
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW

bcrypt

BCryptGenRandom

ws2_32

setsockopt
getsockopt
connect
ioctlsocket
WSASocketW
WSASend
closesocket
select
__WSAFDIsSet
WSAIoctl
getsockname
WSAGetLastError
getpeername
shutdown
send
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
bind

comctl32

_TrackMouseEvent

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

gdiplus

GdipDeletePen
GdipSetPenStartCap
GdipCreateSolidFill
GdipSetPenEndCap
GdipSetPenLineJoin
GdiplusStartup
GdipDeleteBrush
GdipCreatePath
GdipCloneBrush
GdipDeletePath
GdipClosePathFigure
GdiplusShutdown
GdipFree
GdipAddPathLine2
GdipAddPathLineI
GdipAlloc
GdipAddPathLine2I
GdipCreatePen1
GdipSetSolidFillColor
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipScaleWorldTransform
GdipDrawLineI
GdipDrawPath
GdipFillPath
GdipAddPathPolygonI
GdipDrawArcI
GdipFillPieI
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenColor

vcruntime140

__intrinsic_setjmp
__current_exception
__current_exception_context
__C_specific_handler
strrchr
strstr
strchr
longjmp
_purecall
_CxxThrowException
memcmp
memmove
memset
__CxxFrameHandler3
memcpy

api-ms-win-crt-math-l1-1-0

acosf
__setusermatherr
acos
ceilf
lround
cosf
sin
cos
pow
ceil
floorf
round
floor
fmodf
sinf
log
trunc
fminf
atan2f
sqrt
tanf
sqrtf
roundf

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
isalnum
isspace
strncmp
isdigit
tolower
isxdigit
toupper
isupper
isalpha
_strnicmp
strcmp
wcsncpy
wcslen
islower
strlen
strcspn

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
realloc
malloc

api-ms-win-crt-stdio-l1-1-0

fputc
fflush
_wfopen
_lseeki64
_wopen
_set_fmode
_open
_read
_write
_close
__stdio_common_vsprintf
__stdio_common_vsscanf
fwrite
__acrt_iob_func
__stdio_common_vfprintf
__p__commode
fclose
fseek
fgets
fread
getc
__stdio_common_vfscanf
feof
ferror
fopen
ftell
_wsopen_dispatch

api-ms-win-crt-convert-l1-1-0

wcstombs
atol
_strtoi64
strtol
atoi
mbstowcs

api-ms-win-crt-utility-l1-1-0

rand
bsearch
qsort

api-ms-win-crt-time-l1-1-0

_ftime64
_time64

api-ms-win-crt-runtime-l1-1-0

abort
_register_onexit_function
_crt_atexit
_wsystem
terminate
raise
strerror
_errno
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initterm_e
_initialize_onexit_table
_set_app_type
_exit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
exit

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_stat64i32
_wchmod
_wchdir
_wrename
_wmkdir
_wunlink
_wrmdir
_waccess

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv
_wputenv
_wgetcwd

api-ms-win-crt-process-l1-1-0

_wexecvp

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
_create_locale
_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5934010dd1baa77044eee71d80be8eb1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

ntdll

ole32

oleaut32

shell32

bcrypt

ws2_32

comctl32

comdlg32

gdiplus

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 17KB - Virtual size: 47KB

.pdata Size: 140KB - Virtual size: 139KB

.rsrc Size: 201KB - Virtual size: 200KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 17KB - Virtual size: 47KB

.pdata
Size: 140KB - Virtual size: 139KB

.rsrc
Size: 201KB - Virtual size: 200KB

.reloc
Size: 20KB - Virtual size: 20KB