GR20240705153633[.]exe

Resubmissions

05-07-2024 11:12

240705-nbajbsxcpk 4

05-07-2024 11:09

240705-m86scsxckr 3

Sharing

Copy URL

Twitter E-mail

General

Target

GR20240705153633.exe
Size

21.6MB
MD5

9680ee4acc88e028656ab9ea55928f30
SHA1

514d53f0b964e1669a20ad0df3817e42eb1c6d7a
SHA256

ba92eb823d3b1d5facc65d30790776e611303a7da8d2fff2a35700e13b91c195
SHA512

7f0b433f1fc2866f8898c45ad49075aee3333b5a55aa4fdcdc357168f38ac288a8ead133a3c3866a0d2a6ec162c265bca18502b21e6040a01e9305c99ac9061e
SSDEEP

393216:+6QUymCcLYmETFte+syGa4cFRD8iuSiGFGquJGeRZ+Bfo:+6UmbYrte+s4WSiGFG55v0fo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GR20240705153633.exe

Files

GR20240705153633.exe
.exe windows:5 windows x86 arch:x86

71c95913c9831973a528454c1eeaa100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Documents\Visual Studio 2010\Projects\msedge_pwa_launcher\Release\msedge_pwa_launcher.pdb

Imports

msvcr100

_onexit
_lock
_except_handler4_common
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__dllonexit
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_stricmp
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
strlen
strstr
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memcmp
memcpy
memchr
memmove
memset
strcat
strcpy
_CxxThrowException
??2@YAPAXI@Z
_mktime64
_time64
rand
srand
sprintf_s
sscanf
strtok
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
free
??_V@YAXPAX@Z
atoi
?__ExceptionPtrCopy@@YAXPAXPBX@Z
__FrameUnwindFilter
__CxxFrameHandler3
_cexit
__getmainargs
_amsg_exit
??3@YAXPAX@Z
vsprintf_s
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ

kernel32

CreateToolhelp32Snapshot
GetLocalTime
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
CreateMutexA
SetLastError
ReadProcessMemory
VirtualQueryEx
CloseHandle
GetSystemInfo
OpenProcess
lstrlenA
Process32Next
QueryFullProcessImageNameA
Process32First
SetErrorMode
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
EncodePointer
SetUnhandledExceptionFilter
DecodePointer

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

wininet

InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
HttpAddRequestHeadersA
InternetReadFile
InternetOpenA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mscoree

_CorExeMain

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

71c95913c9831973a528454c1eeaa100

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

kernel32

msvcp100

wininet

version

mscoree

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 1KB - Virtual size: 14KB

.rsrc Size: 21.3MB - Virtual size: 21.3MB

.reloc Size: 125KB - Virtual size: 125KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 1KB - Virtual size: 14KB

.rsrc
Size: 21.3MB - Virtual size: 21.3MB

.reloc
Size: 125KB - Virtual size: 125KB