GasMask Executor_[unknowncheats[.]me]_[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

GasMask Executor_[unknowncheats.me]_.zip
Size

771KB
MD5

9b1de012ae24036758ef062f1757f003
SHA1

e1033513516dcc96c66b79e3b80cbc005b49c272
SHA256

49167e99d3e433f3e6200768e122df9df07a80f558d2fb80cf7d0992fc9be72d
SHA512

91c52fae678a6f43f849a79efc01e3fc6185946f635c768e09fbf76100e4678b7ed921dca6f2cce4ac92a02b5186b435593c1e18b0308d51cf911118a0392395
SSDEEP

12288:zMYUpjK/h2uyr9aERrwiLchd+awJduhyoA6cAt0WHrKdyqzS9hE:liu/y9aurw+SEroAoCurKdyqKhE

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GasMask Executor/GasMask.dll
unpack001/GasMask Executor/GasMaskAgent.dll
unpack001/GasMask Executor/__yr9ybs72ZOlsw1fQYEia.exe

Files

GasMask Executor_[unknowncheats.me]_.zip
.zip
GasMask Executor/GasMask.dll
.dll windows:6 windows x86 arch:x86

e41edf75e3f1b2cd492ba70a839748a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
LoadLibraryA
LockResource
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
K32GetModuleInformation
CreateThread
LoadResource
SetFileAttributesA
GetProcAddress
GlobalLock
CreateFileMappingA
GetCurrentProcessId
FlushInstructionCache
WideCharToMultiByte
CreateDirectoryA
MapViewOfFile
GlobalUnlock
VirtualQuery
OpenThread
CreateDirectoryW
GetVolumeInformationW
FindFirstFileExW
GetFullPathNameW
FindNextFileW
FindClose
GetLastError
GetLogicalDriveStringsA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
DisableThreadLibraryCalls
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetStdHandle
SetFilePointerEx
CreateFileA
GetFileAttributesA
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
GetModuleHandleA
UnmapViewOfFile
ResumeThread
FindResourceA
Thread32First
Thread32Next
TerminateProcess
GetFileSizeEx
HeapSize
VirtualAlloc
GetCurrentProcess
VirtualProtect
WriteConsoleW
SizeofResource
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
HeapCreate
HeapFree
GetCurrentThreadId
SuspendThread
HeapReAlloc
HeapAlloc
GetThreadContext
SetThreadContext
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
CreateFileW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

user32

GetCursorPos
SetClipboardData
MessageBoxA
GetKeyState
LoadCursorA
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetClipboardData
ScreenToClient
MessageBeep
GetAsyncKeyState
OpenClipboard
CloseClipboard
EmptyClipboard

d3dx9_43

D3DXCreateTextureFromFileA

shlwapi

PathFindFileNameA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

Sections

.text
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GasMask Executor/GasMaskAgent.dll
.dll windows:6 windows x86 arch:x86

58e32fbfd19a2e546b21e0ba61ef846f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CreateRemoteThread
Thread32First
Thread32Next
GetCurrentProcess
VirtualAllocEx
GetProcAddress
CloseHandle
LoadLibraryA
GetLastError
GetModuleHandleA
ResumeThread
VirtualAlloc
VirtualFree
VirtualProtect
WriteProcessMemory
OpenThread
HeapFree
GetCurrentThreadId
HeapCreate
SuspendThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
VirtualQuery
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

MessageBoxA

advapi32

CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove
__std_terminate
memset
wcsstr
memcpy

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_cexit
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GasMask Executor/__yr9ybs72ZOlsw1fQYEia.exe
.exe windows:6 windows x86 arch:x86

a42e5ab832e1c0b2e0d5a9bdcd8ccc91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError
CreateFileA
LoadLibraryA
CloseHandle
VirtualProtectEx
GetThreadContext
GetExitCodeThread
VirtualAllocEx
GetFileSize
ExitProcess
ReadProcessMemory
CreateRemoteThread
CreateProcessA
VirtualFreeEx
CreateFileW
ResumeThread
WaitForSingleObject
VirtualAlloc
SetConsoleTitleA
VirtualFree
WriteProcessMemory
GetProcAddress
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFullPathNameW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
MultiByteToWideChar
MoveFileExW
WideCharToMultiByte
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e41edf75e3f1b2cd492ba70a839748a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3dx9_43

shlwapi

imm32

Sections

.text Size: 753KB - Virtual size: 753KB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 11KB - Virtual size: 42KB

.rsrc Size: 162KB - Virtual size: 162KB

.reloc Size: 23KB - Virtual size: 23KB

58e32fbfd19a2e546b21e0ba61ef846f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 944B

a42e5ab832e1c0b2e0d5a9bdcd8ccc91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 753KB - Virtual size: 753KB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 11KB - Virtual size: 42KB

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 23KB - Virtual size: 23KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 944B

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB