E:\Develop\krkrz\branch\master\1.4\krkrz_dev\src\tvpwin32.pdb
Static task
static1
1 signatures
General
-
Target
galfamily.exe
-
Size
4.5MB
-
MD5
1075d36ffc2de5c712e602baa37b0df0
-
SHA1
e6e1291ae2a506072d2a4ba316e11858e5e78aab
-
SHA256
983ed746ccfb6ed5d6df800e1924e175dda7e73755f98576ee10fab28ef8241f
-
SHA512
aabd34df307a557ca690cd685960f6d475f3b660b9f9ecc365f9b860dc1f11ead9454e41f8532ddcd2cd63ecadde9d92e925d3bcd547255fc37fd4cdedc26320
-
SSDEEP
98304:TC6mO4OhKfPxRKgYUztphOy3tm+/MSTZ:TpmEhKfjKgYUztpEmT
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource galfamily.exe
Files
-
galfamily.exe.exe windows:6 windows x86 arch:x86
bc6ebb5274cec331c0705d6c86f51677
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
Sleep
LockResource
GlobalAlloc
GlobalFree
HeapSetInformation
LoadResource
FindResourceW
SetCurrentDirectoryW
GetProcessHeap
GlobalMemoryStatusEx
GetSystemTime
IsBadReadPtr
VirtualQuery
CreateMutexW
HeapWalk
GetNativeSystemInfo
GetProcessHeaps
HeapCompact
HeapQueryInformation
GetConsoleTitleW
GetConsoleMode
AttachConsole
GetConsoleProcessList
FreeConsole
GetLocalTime
WriteConsoleW
SetConsoleTitleW
SetThreadAffinityMask
GetProcessAffinityMask
TerminateProcess
GlobalMemoryStatus
SetThreadPriority
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
MulDiv
FormatMessageW
OutputDebugStringW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
InitializeCriticalSectionEx
RaiseException
DecodePointer
MultiByteToWideChar
GetVersionExA
LoadLibraryExW
SearchPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalLock
GlobalUnlock
SuspendThread
ResumeThread
ExitThread
CreateEventW
GetThreadPriority
GetSystemInfo
SetThreadIdealProcessor
HeapCreate
HeapFree
HeapAlloc
HeapDestroy
LocalSize
GetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
OpenProcess
GetCurrentProcessId
GetConsoleCP
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetFileAttributesExW
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
HeapReAlloc
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlUnwind
FreeLibraryAndExitThread
GetThreadTimes
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceCounter
EncodePointer
WaitForSingleObjectEx
WideCharToMultiByte
GetStringTypeW
lstrcmpW
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
ExitProcess
GetVersionExW
GetCurrentThreadId
SetProcessAffinityMask
GetFullPathNameW
SizeofResource
LocalUnlock
LocalFree
LocalLock
GetDriveTypeW
FindNextFileW
GetTickCount
FindFirstFileW
GetModuleHandleW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
DeleteFileW
GetFileAttributesW
CreateFileW
GetTempPathW
SetEndOfFile
SetFilePointer
RemoveDirectoryW
GetVolumeInformationW
CreateDirectoryW
FlushFileBuffers
CreateProcessW
SetStdHandle
CloseHandle
DuplicateHandle
CreatePipe
GetModuleFileNameW
WriteFile
GetStdHandle
GetCurrentProcess
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
HeapSize
FindClose
LeaveCriticalSection
FindFirstFileExW
EnterCriticalSection
user32
GetClassInfoExW
SetWindowLongW
PostMessageW
DestroyWindow
RegisterClassExW
ChangeDisplaySettingsW
GetDC
SetTimer
KillTimer
GetPriorityClipboardFormat
OpenClipboard
CloseClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
LoadStringW
DefWindowProcW
GetWindowLongW
GetWindowRect
SetWindowPos
GetParent
MessageBoxW
PostQuitMessage
RegisterWindowMessageW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
GetSysColor
SystemParametersInfoW
LoadCursorFromFileW
EnumDisplaySettingsW
CreateWindowExW
MoveWindow
GetFocus
MonitorFromWindow
SetWindowRgn
SetCaretPos
GetMonitorInfoW
ClientToScreen
EnumDisplaySettingsExW
CreateCaret
GetKeyboardLayout
GetForegroundWindow
SetFocus
DestroyCaret
SetCapture
SetCursorPos
GetWindowTextLengthW
GetSystemMenu
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
GetMenu
IsWindowVisible
SetActiveWindow
GetMenuItemCount
ScreenToClient
SetWindowTextW
GetCapture
TrackMouseEvent
IsWindowEnabled
SetPropW
LoadIconW
GetClientRect
SetRect
UpdateWindow
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
GetWindowTextW
GetCursor
WindowFromPoint
LoadCursorW
SetCursor
EndDialog
SetDlgItemTextW
GetDlgItem
DialogBoxParamW
EnableWindow
WaitMessage
LoadAcceleratorsW
ShowWindow
DispatchMessageW
DestroyAcceleratorTable
PeekMessageW
CreateAcceleratorTableW
TranslateAcceleratorW
TranslateMessage
IsIconic
GetSystemMetrics
GetAsyncKeyState
GetWindowThreadProcessId
SendMessageW
EnumWindows
GetCursorPos
ReleaseDC
gdi32
SetPixel
GetPixel
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
EnumFontFamiliesExW
EnumFontsW
GetStockObject
DeleteDC
GetObjectW
SelectObject
GetTextMetricsW
GetFontData
CreateFontIndirectW
ExtCreateRegion
CreateRectRgn
DeleteObject
CombineRgn
GetTextExtentPoint32W
GetGlyphOutlineW
GetOutlineTextMetricsW
GetDeviceCaps
CreateCompatibleBitmap
comdlg32
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
shell32
ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetKnownFolderPath
ole32
GetRunningObjectTable
CreateItemMoniker
CoInitialize
CoFreeUnusedLibraries
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
PropVariantClear
oleaut32
VariantClear
winmm
timeKillEvent
timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeSetEvent
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
mpr
WNetGetUniversalNameW
shlwapi
PathIsDirectoryW
PathFileExistsW
imm32
ImmGetOpenStatus
ImmGetContext
ImmIsIME
ImmSetConversionStatus
ImmSetOpenStatus
ImmAssociateContext
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetConversionStatus
ImmReleaseContext
dbghelp
MiniDumpWriteDump
quartz
AMGetErrorTextW
propsys
PropVariantToDouble
mfplat
MFShutdown
MFStartup
MFFrameRateToAverageTimePerFrame
mf
MFCreateMediaSession
MFCreateSourceResolver
MFCreateTopology
MFCreateVideoRendererActivate
MFCreateAudioRendererActivate
MFCreateTopologyNode
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.adata Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1011KB - Virtual size: 1010KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 42KB - Virtual size: 683KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 1024B - Virtual size: 796B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 446KB - Virtual size: 446KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 149KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ