gorefield[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

gorefield.exe
Size

59.4MB
MD5

b2fd4fd59d79e0cdf7962d54daddc210
SHA1

b760050702eb3acadb939fdd6a5ce6d9872b9c98
SHA256

84961eff95ca1ed62449ea0d5268862f03656ce7faa009d08ba3203bfc6d0f37
SHA512

8dc0e29c0ebc634eac47721526a1b3d21b939b5b814ae3fdd9b90a5a08ca3598ee1359bf5a869a6fac7cd91cb8cd8ccef83b707d226068bf94806c017f779f6e
SSDEEP

393216:A+t88+s+OafbcibtMAvv8fT1KpOvaORayB+JJHbLTvOVAJ1P83ThApWX:A0MZUfnp3TGpW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gorefield.exe

Files

gorefield.exe
.exe windows:6 windows x64 arch:x64

27c107c7d286a4a75a6442383135cd94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\XenoV\Documents\Flixel Shit\FNF\CodenameEngine-Dsv\export\release\windows\obj\ApplicationMain.pdb

Imports

user32

SetProcessDPIAware
MessageBoxA
FindWindowA
FindWindowExA
GetActiveWindow

ws2_32

htons
inet_addr
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
sendto
getpeername
shutdown
socket
gethostbyaddr
gethostbyname
gethostname
WSAStartup
WSAGetLastError
getaddrinfo
freeaddrinfo
bind
accept
__WSAFDIsSet
getsockname
closesocket
ioctlsocket
connect
setsockopt

advapi32

RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegSetKeyValueW
RegQueryValueExW
CryptAcquireContextA
RegCreateKeyExW

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

dwmapi

DwmSetWindowAttribute

ole32

CoCreateInstance

libvlc

libvlc_audio_get_channel
libvlc_audio_get_delay
libvlc_audio_get_mute
libvlc_audio_get_track
libvlc_audio_get_track_count
libvlc_audio_get_volume
libvlc_audio_set_channel
libvlc_audio_set_delay
libvlc_audio_set_mute
libvlc_audio_set_track
libvlc_audio_set_volume
libvlc_errmsg
libvlc_event_attach
libvlc_event_detach
libvlc_media_add_option
libvlc_media_get_duration
libvlc_media_get_mrl
libvlc_media_new_fd
libvlc_media_new_location
libvlc_media_new_path
libvlc_media_player_can_pause
libvlc_media_player_event_manager
libvlc_media_player_get_chapter
libvlc_media_player_get_chapter_count
libvlc_media_player_get_length
libvlc_media_player_get_position
libvlc_media_player_get_rate
libvlc_media_player_get_role
libvlc_media_player_get_time
libvlc_media_player_is_playing
libvlc_media_player_is_seekable
libvlc_media_player_new
libvlc_media_player_next_chapter
libvlc_media_player_pause
libvlc_media_player_play
libvlc_media_player_previous_chapter
libvlc_media_player_release
libvlc_media_player_set_chapter
libvlc_media_player_set_media
libvlc_media_player_set_pause
libvlc_media_player_set_position
libvlc_media_player_set_rate
libvlc_media_player_set_role
libvlc_media_player_set_time
libvlc_media_player_stop
libvlc_media_player_will_play
libvlc_media_release
libvlc_new
libvlc_release
libvlc_video_set_callbacks
libvlc_video_set_format_callbacks

kernel32

GetFileSizeEx
GetTimeZoneInformation
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
SetEnvironmentVariableW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCurrentThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
FreeLibraryAndExitThread
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
GetCommandLineA
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
GetDateFormatW
FindFirstFileW
ResumeThread
ExitThread
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
InitializeCriticalSectionEx
SetFileInformationByHandle
DecodePointer
EncodePointer
GetLocaleInfoEx
TlsGetValue
GetStdHandle
GetPhysicallyInstalledSystemMemory
AllocConsole
SetConsoleTextAttribute
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
SystemTimeToFileTime
RtlCaptureContext
TlsSetValue
TlsAlloc
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreW
CreateThread
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryW
GetCommandLineW
LoadLibraryA
ReadFile
WriteFile
DuplicateHandle
CreatePipe
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
GetTickCount
FormatMessageA
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
RtlUnwind
FindNextFileW
GetFileAttributesW
GetFullPathNameW
Sleep
GetProcessTimes
GetModuleFileNameW
GetLastError
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
PeekNamedPipe
WaitNamedPipeW
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
GetSystemTimeAsFileTime
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapFree
HeapCreate
AreFileApisANSI
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SleepConditionVariableSRW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
hx_cffi

Sections

.text
Size: 45.2MB - Virtual size: 45.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.7MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

memcpy_
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1024B - Virtual size: 863B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 870KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27c107c7d286a4a75a6442383135cd94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ws2_32

advapi32

crypt32

dwmapi

ole32

libvlc

kernel32

Exports

Exports

Sections

.text Size: 45.2MB - Virtual size: 45.2MB

.rdata Size: 8.8MB - Virtual size: 8.8MB

.data Size: 2.7MB - Virtual size: 3.1MB

.pdata Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 14KB - Virtual size: 13KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

memcpy_ Size: 1024B - Virtual size: 828B

_RDATA Size: 1024B - Virtual size: 863B

.rsrc Size: 440KB - Virtual size: 439KB

.reloc Size: 870KB - Virtual size: 870KB

.text
Size: 45.2MB - Virtual size: 45.2MB

.rdata
Size: 8.8MB - Virtual size: 8.8MB

.data
Size: 2.7MB - Virtual size: 3.1MB

.pdata
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 14KB - Virtual size: 13KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

memcpy_
Size: 1024B - Virtual size: 828B

_RDATA
Size: 1024B - Virtual size: 863B

.rsrc
Size: 440KB - Virtual size: 439KB

.reloc
Size: 870KB - Virtual size: 870KB