gfwlivesetup[.]exe

Resubmissions

04/07/2024, 05:12

240704-fvz94aybjd 8

04/07/2024, 05:08

240704-fsyy9awcpr 1

Sharing

Copy URL

Twitter E-mail

General

Target

gfwlivesetup.exe
Size

627KB
MD5

0e20d50b6ad6229520911b203deeef36
SHA1

80959e47d83691e8427ad51e6923478b397ac649
SHA256

c8582a16f4647365e0be04826442a77de257b9bb26bac610fc1fb74319a2548b
SHA512

b2ada7862eb99560c1cb3ffc6771a544e10376f88a2d48426e7080d4023fa804e6db33adb861bdd90ab337e075398c949222068ed53e9c51d8aed6239b4b4a2a
SSDEEP

12288:kQH0cfWMSrveg+gp1y40+RCM/MRCD7cm+gg3L4Z1H:k1qSrp1y40cCM/0CD+XMPH

Score

1^/10

Malware Config

Signatures

Files

gfwlivesetup.exe
.exe windows:6 windows x86 arch:x86

Password: https://doxbin.com/upload/PARLODOXXED

0fc17b9f73355ba0229af588149c226f

Code Sign

61:03:f7:ad:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft LIVE PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2010, 23:03

Not After

12/10/2011, 23:03

Subject

CN=Microsoft LIVE Gaming for Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:0f:ec:c8:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

23/10/2006, 23:54

Not After

24/10/2018, 00:04

Subject

CN=Microsoft LIVE PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:93:c5:22:b3:11:05:da:3c:3d:89:96:73:aa:7a:7b:14:20:96:67
Signer

Actual PE Digest

8e:93:c5:22:b3:11:05:da:3c:3d:89:96:73:aa:7a:7b:14:20:96:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gfwlivesetup.pdb

Imports

kernel32

GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapAlloc
HeapSize
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
GetLocaleInfoW
GetLocaleInfoA
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
LoadLibraryW
CloseHandle
GetEnvironmentStringsW
LocalFree
MulDiv
LockResource
LoadResource
FindResourceExW
ReadFile
SetFilePointer
CreateFileW
SetEvent
CreateEventW
GetWindowsDirectoryW
GetFileAttributesW
WaitForSingleObject
DeleteFileW
GetFileSizeEx
GetDiskFreeSpaceExW
GetVolumePathNameW
GetTempFileNameW
GetTempPathW
LocalAlloc
GetFileSize
InitializeCriticalSection
QueueUserWorkItem
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
FindFirstFileW
CreateThread
RemoveDirectoryW
GetPrivateProfileStringW
GetUserDefaultUILanguage
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemTime
GetDriveTypeW
GetProcessHeap
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
WaitForMultipleObjects
OpenEventW
GetExitCodeThread
GetProcessId
GetExitCodeProcess
GetFullPathNameW
VerifyVersionInfoA
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSetInformation
GetProcAddress
Sleep
ExitThread
ResumeThread
GetModuleHandleA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
EnumResourceLanguagesW
GetModuleHandleW
SetUnhandledExceptionFilter
RtlUnwind
RaiseException
GetUserDefaultLangID
FreeResource
GetNumberFormatW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
SizeofResource
OutputDebugStringW
LoadLibraryExW
SetErrorMode
GetStartupInfoW
CreateMutexW

advapi32

CryptCreateHash
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
GetSidSubAuthorityCount
CryptAcquireContextW
GetSidSubAuthority

gdi32

GetDeviceCaps
CreateFontW
DeleteObject
SetBkMode
GetStockObject
SetTextColor

user32

LoadImageW
PostMessageW
CreateDialogIndirectParamW
GetWindowRect
SetWindowPos
SetCapture
GetParent
ScreenToClient
GetFocus
SetFocus
ShowWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetDlgItem
SendMessageW
BeginPaint
EndPaint
GetCursorPos
ReleaseCapture
PostQuitMessage
GetDlgCtrlID
GetWindowLongW
GetClassNameW
GetWindowTextW
GetClientRect
EnumChildWindows
MessageBoxW
SystemParametersInfoW
CreateDialogParamW
LoadCursorW
SetParent
SetWindowLongW
CharLowerBuffW
SetDlgItemTextW
GetDlgItemTextW
ExitWindowsEx
SetWindowTextW
CreateWindowExW
SendDlgItemMessageW
KillTimer
SetTimer
EnableWindow
GetDC
InvalidateRect
ReleaseDC

ole32

StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoInitialize
IIDFromString

oleaut32

SysAllocStringByteLen
VariantInit
SysAllocString
SysStringByteLen
SysFreeString
SysStringLen
VariantClear

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
ShellExecuteExW
CommandLineToArgvW
ord680
SHGetMalloc
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderLocation

shlwapi

PathFindFileNameW
SHSetValueW
PathAddBackslashW
PathCombineW
PathStripToRootW
SHEnumKeyExW
PathRemoveExtensionW
PathRemoveFileSpecW
SHRegGetValueW
PathIsDirectoryW
PathFileExistsW
SHAutoComplete
PathCanonicalizeW
PathIsNetworkPathW
PathGetDriveNumberW
PathMatchSpecW
PathStripPathW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrustEx
IsCatalogFile
WTHelperProvDataFromStateData

crypt32

CryptProtectData
CertVerifyCertificateChainPolicy

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

msi

ord190
ord116
ord32
ord159
ord160
ord118
ord158
ord8
ord92
ord111
ord113
ord141
ord137
ord70
ord169
ord88
ord171
ord80
ord232
ord34
ord205
ord115

comctl32

ord413
ord410
_TrackMouseEvent
ord17

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipDeleteBrush
GdipDrawString
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree

setupapi

SetupIterateCabinetW

rpcrt4

RpcBindingFree
RpcMgmtIsServerListening
RpcEpResolveBinding
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
NdrClientCall2
RpcMgmtWaitServerListen
RpcServerListen
RpcServerInqCallAttributesW
NdrServerCall2
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingInqAuthClientExW
RpcServerRegisterAuthInfoA
RpcEpRegisterA
RpcBindingVectorFree
RpcEpUnregister
RpcMgmtStopServerListening
RpcServerInqBindings
RpcServerRegisterIf2
RpcStringBindingComposeA
RpcStringFreeA
RpcServerUseProtseqA

urlmon

URLDownloadToFileW

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: https://doxbin.com/upload/PARLODOXXED

0fc17b9f73355ba0229af588149c226f

Code Sign

61:03:f7:ad:00:00:00:00:00:1bCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:0f:ec:c8:00:00:00:00:00:1bCertificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

8e:93:c5:22:b3:11:05:da:3c:3d:89:96:73:aa:7a:7b:14:20:96:67Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

gdi32

user32

ole32

oleaut32

shell32

shlwapi

version

wintrust

crypt32

psapi

msi

comctl32

gdiplus

setupapi

rpcrt4

urlmon

Sections

.text Size: 367KB - Virtual size: 367KB

.data Size: 6KB - Virtual size: 19KB

.rsrc Size: 227KB - Virtual size: 227KB

.reloc Size: 19KB - Virtual size: 18KB

61:03:f7:ad:00:00:00:00:00:1b
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:0f:ec:c8:00:00:00:00:00:1b
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

8e:93:c5:22:b3:11:05:da:3c:3d:89:96:73:aa:7a:7b:14:20:96:67
Signer

.text
Size: 367KB - Virtual size: 367KB

.data
Size: 6KB - Virtual size: 19KB

.rsrc
Size: 227KB - Virtual size: 227KB

.reloc
Size: 19KB - Virtual size: 18KB