Groove Machine[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Groove Machine.exe
Size

3.5MB
MD5

c72619417c30ab6856660aca98b1e56f
SHA1

6d2b2e0be1d15784fe0218201b7e86aafda7f8c7
SHA256

63db5560440222025f7a7e031e7372a83c49e9025c75a907fae0edb6228ae585
SHA512

8ca5cc714d4adb66f3fb589b9ab324ff5892dbd62269aa3cbd2f9500a89dc76bddf3542417e082315bc31121d535ca4b0dbe9e9538101935da18a38b04d24cef
SSDEEP

49152:2DmPc8QseCJe7f8Su+k14hZ2RTA6anWUY:2Dmk8QseCJe7fbu+OfS6GWUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Groove Machine.exe

Files

Groove Machine.exe
.exe windows:4 windows x86 arch:x86

Password: infected

30fd9ea23653f1bab4d60e32b60d2970

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
OutputDebugStringW
FindFirstFileW
GetFileAttributesExW
GetLogicalDriveStringsW
GetModuleHandleW
LeaveCriticalSection
IsDebuggerPresent
GetOverlappedResult
ReleaseMutex
QueryPerformanceFrequency
CreateMutexW
WaitForMultipleObjects
GetDriveTypeW
SetEvent
EnterCriticalSection
QueryPerformanceCounter
ReadFile
WriteFile
GetModuleFileNameW
TerminateThread
SetFilePointer
CreateEventW
DeleteCriticalSection
FindNextFileW
CloseHandle
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetVolumeInformationW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
GetConsoleMode
GetConsoleCP
SetHandleCount
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
TerminateProcess
GetCPInfo
RaiseException
RtlUnwind
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetTimeZoneInformation
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
HeapFree
HeapAlloc
HeapReAlloc
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
PeekNamedPipe
InitializeCriticalSection
FindClose
GetTickCount
GetCurrentDirectoryW
GetCommandLineW
GetVersionExW
GetLastError
WaitForSingleObject
GetTempPathW
MoveFileW
FlushFileBuffers
GetFileAttributesW
ExitProcess
CancelIo
SetThreadAffinityMask
ConnectNamedPipe
RemoveDirectoryW
GetCurrentThreadId
FreeLibrary
DisconnectNamedPipe
CreateFileW
CreateDirectoryW
FormatMessageW
TryEnterCriticalSection
SetCurrentDirectoryW
GetCurrentThread
GetWindowsDirectoryA
SetPriorityClass
LoadLibraryA
LoadLibraryW
GetThreadPriority
GetProcAddress
GetCurrentProcess
SetThreadPriority
GetPriorityClass
Sleep
GetEnvironmentStringsW
SetEnvironmentVariableA

user32

WindowFromPoint
EnableMenuItem
GetWindowRect
MoveWindow
GetWindow
SetWindowLongW
DefWindowProcW
UnregisterClassW
GetWindowLongW
RegisterClassExW
GetDesktopWindow
CreateWindowExW
CallWindowProcW
SendMessageW
EnumDisplayMonitors
GetIconInfo
SetCursor
LoadCursorW
SetCapture
GetSystemMenu
CloseClipboard
MessageBoxW
GetClipboardData
SetForegroundWindow
GetMessageExtraInfo
EndPaint
ShowCaret
GetMessagePos
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
GetMessageW
SendMessageTimeoutW
GetFocus
EnumWindows
PeekMessageW
TranslateMessage
SetFocus
GetWindowTextW
DispatchMessageW
GetWindowPlacement
GetAncestor
GetUpdateRgn
OpenClipboard
GetActiveWindow
InvalidateRect
GetWindowInfo
SetWindowTextW
ReleaseDC
GetDC
ReleaseCapture
CreateCaret
GetAsyncKeyState
GetClientRect
BeginPaint
DestroyIcon
MapVirtualKeyW
SetCaretPos
DestroyCursor
GetCursorPos
GetForegroundWindow
GetSystemMetrics
SetClipboardData
TrackMouseEvent
CreateIconIndirect
GetParent
DestroyCaret
RedrawWindow
GetCapture
IsChild
GetMessageTime
EmptyClipboard
SetCursorPos
SystemParametersInfoW
ShowWindow
MessageBeep
IsWindow
DestroyWindow
PostMessageW
SetLayeredWindowAttributes

gdi32

CombineRgn
CreateRectRgn
ExcludeClipRect
CreateBitmap
CreateDIBSection
StretchDIBits
GetDeviceCaps
SaveDC
SetMapperFlags
CreateCompatibleDC
GetOutlineTextMetricsW
SelectObject
GetKerningPairsW
EnumFontFamiliesExW
DeleteDC
GetGlyphOutlineW
CreateFontIndirectW
SetMapMode
GetGlyphIndicesW
GetTextMetricsW
DeleteObject
RestoreDC
CreateRectRgnIndirect
GetPixel
GetRegionData
GetObjectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW

shell32

ExtractAssociatedIconW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
OleInitialize

ws2_32

WSAStartup
select
__WSAFDIsSet
setsockopt
inet_ntoa
recv
accept
closesocket
getsockopt

shlwapi

PathStripToRootW

winmm

midiInStop
timeGetTime
midiOutGetDevCapsW
midiInGetDevCapsW
midiOutOpen
midiInPrepareHeader
midiOutPrepareHeader
midiOutLongMsg
midiInReset
midiOutShortMsg
midiInUnprepareHeader
midiInGetNumDevs
midiOutUnprepareHeader
midiOutClose
midiInClose
midiInAddBuffer
midiInStart
midiOutGetNumDevs
midiInOpen
timeBeginPeriod

msvfw32

DrawDibDraw
DrawDibOpen

imm32

ImmGetContext
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmNotifyIME
ImmReleaseContext

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

30fd9ea23653f1bab4d60e32b60d2970

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

shlwapi

winmm

msvfw32

imm32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 60KB - Virtual size: 68KB

.rsrc Size: 280KB - Virtual size: 279KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 60KB - Virtual size: 68KB

.rsrc
Size: 280KB - Virtual size: 279KB