geqm1bza[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

geqm1bza.exe
Size

8.8MB
MD5

838e0ba4238058489f861d558a0b23eb
SHA1

70348588f0e72c59c9031b4a3787a915a1e4fbca
SHA256

c194e1a2661d507d69cbadb11427540e27fec52dd16b733fc746312a0b7c6ba8
SHA512

7551ae37b48d3e61ce90bf0711280391c29054800c11d08ebf5fe016ce9f19c9752ae8ca7ed1dc6d5f8d0a2f609e87460c71917a9f2c08d52118714da828a8f4
SSDEEP

49152:fNyppqqHnysR+EUydyz8RzeDbyLiyvy3ydy3ydyk5WynyHydyo5TydyHydyLQ5Es:lypzn/VgHT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
geqm1bza.exe

Files

geqm1bza.exe
.exe windows:6 windows x86 arch:x86

5a32448f90cdc839ca4813e575db87fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcrypto-3

EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_free
RAND_bytes
EVP_EncryptInit_ex
EVP_aes_256_cbc
EVP_CIPHER_CTX_new
EVP_DecryptInit_ex
EVP_DecryptFinal_ex
EVP_DecryptUpdate

libcurl

curl_easy_perform
curl_global_init
curl_easy_init
curl_easy_cleanup
curl_easy_setopt
curl_multi_remove_handle
curl_multi_add_handle
curl_multi_wait
curl_multi_cleanup
curl_multi_strerror
curl_multi_perform
curl_multi_init

xinput1_3

ord2

kernel32

FindClose
FindFirstFileW
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SleepConditionVariableSRW
FindFirstFileExW
FindNextFileW
GetModuleFileNameA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
SetConsoleCtrlHandler
SetConsoleTextAttribute
GetStdHandle
ExpandEnvironmentStringsW
GetFileAttributesW
GetConsoleWindow
GlobalAlloc
GlobalFree
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
GetFileAttributesExW
AreFileApisANSI
GetLastError
CreateFileW
GetCurrentDirectoryW
MultiByteToWideChar
GetFileInformationByHandleEx
LocalFree
FormatMessageA
AcquireSRWLockExclusive
GetLocaleInfoEx
WakeAllConditionVariable
ReleaseSRWLockExclusive
GlobalLock

user32

ShowWindow
SetClipboardData
EmptyClipboard
FindWindowW
GetWindowLongW
DefWindowProcW
SetWindowPos
CreateWindowExW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
DispatchMessageW
PeekMessageW
SetWindowDisplayAffinity
SetLayeredWindowAttributes
TranslateMessage
SetWindowLongW
PostQuitMessage
FindWindowA
UpdateWindow
DestroyWindow
UnregisterClassA
TrackMouseEvent
GetKeyState
GetMessageExtraInfo
ScreenToClient
GetCapture
ClientToScreen
GetClipboardData
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
SetForegroundWindow
ReleaseCapture
IsWindowUnicode
MessageBoxW
GetAsyncKeyState

shell32

ShellExecuteW

winmm

joyGetNumDevs
joyGetDevCapsW

msvcp140

??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Xbad_function_call@std@@YAXXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_counter
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
_Strxfrm
?_Xruntime_error@std@@YAXPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
strchr
strstr
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memset
memchr
memcpy
memmove
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_register_onexit_function
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initialize_narrow_environment
system
_controlfp_s
abort
exit
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
fgetc
__p__commode
_set_fmode
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
fwrite
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
fgetpos
setvbuf
ungetc
_get_stream_buffer_pointers
fputc
_fseeki64
fread
fsetpos

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-string-l1-1-0

strncmp
_wcsicmp
strncpy

api-ms-win-crt-conio-l1-1-0

_getwch

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
_CIfmod
_CIatan2
__setusermatherr

Sections

.text
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 520KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a32448f90cdc839ca4813e575db87fb

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-3

libcurl

xinput1_3

kernel32

user32

shell32

winmm

msvcp140

d3d11

d3dcompiler_43

dwmapi

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 453KB - Virtual size: 452KB

.rdata Size: 7.5MB - Virtual size: 7.5MB

.data Size: 520KB - Virtual size: 527KB

.rsrc Size: 373KB - Virtual size: 373KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 453KB - Virtual size: 452KB

.rdata
Size: 7.5MB - Virtual size: 7.5MB

.data
Size: 520KB - Virtual size: 527KB

.rsrc
Size: 373KB - Virtual size: 373KB

.reloc
Size: 20KB - Virtual size: 19KB