gupax-v1[.]3[.]8-windows-x64-standalone[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

gupax-v1.3.8-windows-x64-standalone.zip
Size

7.9MB
MD5

fa76960ef9f44358d7f5ce2597cc18e4
SHA1

fec2f88b29c81096ad87daf7522e84417e82d631
SHA256

0442998b23923fd9d8607984e1d14d624805f6a797bc912e63d2a9a812af4f46
SHA512

eaf24dc4e1a2ab7476e7cd9049b7a9b546f2afdc51054d35f1d09e11017acb163747e2734a528b7e5453b54dd5172cc2b663b3a3f834c293d97bb829ee10e418
SSDEEP

196608:SxmyEO1sS974MxALv+3giI4z59G5B1p5O10AuWBVUYW:MmAsFMxNmwi1pDFgVFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gupax-v1.3.8-windows-x64-standalone/Gupax.exe

Files

gupax-v1.3.8-windows-x64-standalone.zip
.zip
gupax-v1.3.8-windows-x64-standalone/Gupax.exe
.exe windows:6 windows x64 arch:x64

8ec3bbdb79c68a71c1af052ef1440fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

GetExitCodeProcess
SleepEx
WriteFileEx
TerminateProcess
FindClose
PostQueuedCompletionStatus
HeapReAlloc
lstrlenW
GetSystemInfo
GetCurrentProcessId
GetDiskFreeSpaceExW
GetCurrentProcess
SetEnvironmentVariableW
GetStdHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
UnmapViewOfFile
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetProcAddress
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetThreadErrorMode
LoadLibraryExW
GetCurrentThreadId
GlobalLock
GlobalSize
GlobalUnlock
GetCurrentThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetFileType
GetNamedPipeInfo
ReadFile
WriteFile
LocalAlloc
CreateEventW
UnlockFileEx
SetFilePointer
SetEndOfFile
LockFileEx
LoadLibraryW
GetConsoleMode
GetFileInformationByHandleEx
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
CreatePipe
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetProcessId
SetErrorMode
SetLastError
FreeLibrary
WriteConsoleW
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
SetWaitableTimer
FindNextFileW
CreateDirectoryW
FindFirstFileW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
CreateNamedPipeW
CreateThread
ReadFileEx
ExitProcess
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
DeviceIoControl
SetHandleInformation
GetProcessTimes
OpenProcess
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
SetConsoleMode
CreateFileMappingW
MapViewOfFile
VirtualProtect
CreateEventA
RemoveVectoredExceptionHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
LoadLibraryExA
FlushFileBuffers
GetTickCount
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
UnlockFile
HeapDestroy
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
CreateMutexW
GetTempPathW
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
CreateWaitableTimerExW
EncodePointer
GlobalMemoryStatusEx
QueryPerformanceFrequency
Sleep
SwitchToThread
GetTickCount64
GetSystemTimePreciseAsFileTime
QueryPerformanceCounter
GetLastError
CloseHandle
LocalFree
CreateFileW
HeapFree
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFilePointerEx
RtlPcToFileHeader

bcrypt

BCryptGenRandom

advapi32

GetLengthSid
GetTokenInformation
SystemFunction036
ImpersonateAnonymousToken
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegEnumValueW
CopySid
OpenProcessToken
IsValidSid

ntdll

NtReadFile
NtQuerySystemInformation
NtWriteFile
NtQueryInformationProcess
NtCreateFile
RtlGetVersion
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx

shlwapi

AssocQueryStringW

user32

IsIconic
GetActiveWindow
GetSystemMetrics
SendMessageW
SetCursorPos
SetWindowTextW
SetWindowDisplayAffinity
FlashWindowEx
GetForegroundWindow
MapVirtualKeyW
SendInput
SetForegroundWindow
MonitorFromWindow
GetWindowLongPtrW
GetDC
MonitorFromPoint
RegisterClassExW
CreateWindowExW
PeekMessageW
RegisterTouchWindow
SetWindowPos
InvalidateRgn
GetAsyncKeyState
GetKeyState
GetKeyboardState
IsProcessDPIAware
GetMonitorInfoW
ChangeDisplaySettingsExW
GetWindowPlacement
SetWindowPlacement
RedrawWindow
GetMenu
ScreenToClient
LoadCursorW
SetCursor
MonitorFromRect
SetCapture
ReleaseCapture
TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
GetClientRect
CreateIconFromResourceEx
EnumDisplayMonitors
SetPropW
RegisterRawInputDevices
GetMessageW
SetTimer
KillTimer
TranslateMessage
DispatchMessageW
GetRawInputData
ValidateRect
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
CreateIcon
GetClassNameW
GetClassInfoExW
CreateWindowExA
RegisterClassExA
DefWindowProcA
SystemParametersInfoA
RegisterWindowMessageA
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
ShowWindow
GetSystemMenu
EnableMenuItem
SetWindowLongW
GetWindowLongW
AdjustWindowRectEx
GetClipCursor
ClipCursor
ShowCursor
ClientToScreen
RemovePropW
SetWindowLongPtrW
ReleaseDC
DestroyIcon
PostMessageW
DefWindowProcW
DestroyWindow
CallWindowProcW
OpenClipboard
GetCursorPos
GetPropW

shell32

CommandLineToArgvW
DragFinish
DragQueryFileW
SHGetKnownFolderPath

gdi32

DeleteObject
CreateRectRgn
SetPixelFormat
SwapBuffers
ChoosePixelFormat
GetPixelFormat
GetDeviceCaps
DescribePixelFormat

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertDuplicateCertificateContext
CertOpenStore

secur32

FreeContextBuffer
AcquireCredentialsHandleA
FreeCredentialsHandle
EncryptMessage
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext

ws2_32

getsockname
recv
ioctlsocket
WSAIoctl
send
bind
WSASocketW
getpeername
connect
getaddrinfo
freeaddrinfo
closesocket
WSAStartup
getsockopt
WSAGetLastError
setsockopt
shutdown
WSACleanup
WSASend
socket

psapi

GetModuleFileNameExW
GetPerformanceInfo

ole32

RevokeDragDrop
CoUninitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
CoInitializeEx
OleInitialize
CoInitializeSecurity
CoSetProxyBlanket

pdh

PdhRemoveCounter
PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryA

uiautomationcore

UiaReturnRawElementProvider
UiaGetReservedNotSupportedValue
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaHostProviderFromHwnd
UiaLookupId

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
GetErrorInfo
SetErrorInfo

opengl32

wglDeleteContext
wglMakeCurrent
wglCreateContext
wglGetCurrentDC
wglShareLists
wglGetProcAddress
wglGetCurrentContext

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmGetCompositionStringW

iphlpapi

GetIfEntry2

powrprof

CallNtPowerInformation

d3dcompiler_47

D3DCompile

uxtheme

SetWindowTheme

api-ms-win-crt-math-l1-1-0

log10
ceil
atan2f
_hypotf
pow
sinf
cosf
trunc
acosf
cbrtf
roundf
floorf
ceilf
sin
__setusermatherr
powf
exp2f
fmod
fmodf
round
log
exp2
cos
expf
floor

api-ms-win-crt-string-l1-1-0

wcslen
strspn
strncmp
strlen
strcmp
strcspn
strcpy_s
wcsncmp

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode
_aligned_free
_aligned_malloc
_msize
realloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
__p___argc
_exit
_initialize_onexit_table
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_c_exit
_register_onexit_function
_set_app_type
_seh_filter_exe
_crt_atexit
_wassert
terminate
abort
_endthreadex
_beginthreadex
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ec3bbdb79c68a71c1af052ef1440fa6

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

bcrypt

advapi32

ntdll

shlwapi

user32

shell32

gdi32

crypt32

secur32

ws2_32

psapi

ole32

pdh

uiautomationcore

oleaut32

opengl32

dwmapi

imm32

iphlpapi

powrprof

d3dcompiler_47

uxtheme

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 12.5MB - Virtual size: 12.5MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 30KB - Virtual size: 34KB

.pdata Size: 189KB - Virtual size: 189KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 265KB - Virtual size: 265KB

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 12.5MB - Virtual size: 12.5MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 30KB - Virtual size: 34KB

.pdata
Size: 189KB - Virtual size: 189KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 265KB - Virtual size: 265KB

.reloc
Size: 80KB - Virtual size: 79KB