golddragon | payload[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

payload.exe
Size

481KB
MD5

e647b3366dc836c1f63bdc5ba2aef3a9
SHA1

a7b0711b45081768817e85d6fc76e23093093f87
SHA256

3903958eb28632aa58e455eb87482d1ccef38a6fe43512baad30902e8bfdd6d5
SHA512

39166d31017b238b4cae861ab263e3dd11260c0203fc8dcfd41461f3b850126ba954bcf9fb7678ceb63dc2e2f252bd6e20f7f33aed1a81db8c0d89c56be5dfcb
SSDEEP

12288:L5VaR+IeIcFHazhjpniikvx4/qs6iDwEHtDWT:L5SjcFyhjp0x4/qs6VEt

Score

10^/10

backdoor golddragon

Malware Config

Signatures

GoldDragon 2021 Stage1 backdoor 1 IoCs
Detect GoldDragon backdoor Stage 1.
backdoor

Processes:

resource yara_rule

sample golddragon_stage1
Golddragon family
golddragon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

payload.exe

resource	yara_rule
sample	golddragon_stage1

resource
payload.exe

Files

payload.exe
.dll windows:6 windows x86 arch:x86

194f714c2987b8432496320ebae1cc55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalAlloc
GlobalFree
Sleep
GetTempPathA
GetTempFileNameA
SetFileAttributesA
DeleteFileA
ReadFile
CloseHandle
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WaitForSingleObject
FindFirstFileW
FindNextFileW
GetProcAddress
GetSystemDirectoryW
GetLogicalDriveStringsW
GetLocalTime
CopyFileW
GetCommandLineW
GetModuleFileNameW
InitializeCriticalSectionEx
GetModuleHandleA
TerminateThread
RaiseException
CreateThread
DecodePointer
DeleteCriticalSection
FreeLibrary
CreateProcessW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
FindClose
WriteConsoleW
GetStringTypeW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedFlushSList
SetLastError
RtlUnwind
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
GetACP
GetStdHandle
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetFileAttributesExW
CompareStringW
LCMapStringW

user32

ShowWindow

ole32

CoCreateInstance

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

shlwapi

PathFindExtensionW
StrCmpIW
PathAppendA
StrStrIW
PathAppendW
PathFindFileNameW
StrStrIA

advapi32

SystemFunction036

Exports

Exports

Run

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

194f714c2987b8432496320ebae1cc55

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

shell32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 49KB - Virtual size: 53KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 288B

.rsrc Size: 247KB - Virtual size: 246KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 49KB - Virtual size: 53KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 288B

.rsrc
Size: 247KB - Virtual size: 246KB

.reloc
Size: 7KB - Virtual size: 6KB