gc (1)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gc (1).exe
Size

27.9MB
MD5

e763a1fec822fbd77b99d43397e92661
SHA1

1bd59e61bbdd226357445a927a222afa5c06b347
SHA256

5e47cbd87cd87c776732724c6c64c7ee1d4454ee0e05dc09d75b46e13ef009a4
SHA512

61e48f175f2aeee0227505ae7fa4b71ff1265124826a47d1578509755d3933a0bc6e11bbbca6ce7b6d3fe55094b9ff9575dc807a1e65fed9aef5f5c5b282e013
SSDEEP

393216:YfMQ6WMaPS7cMG1Ve4UzVc6VfMA5vudn17OJBE9rSCTZ7ibIhwJwWJggfYjiU:VWM4QIuVc6VE2vu517EE927a12wj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gc (1).exe

Files

gc (1).exe
.exe windows:6 windows x64 arch:x64

Password: 123

d341c38557c419704106fcbade2e4659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TerminateProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

OpenSCManagerW

ole32

CoInitializeEx

oleaut32

VariantClear

crypt32

CryptUnprotectMemory

winhttp

WinHttpSetStatusCallback

ntdll

RtlVirtualUnwind

version

GetFileVersionInfoSizeW

bcrypt

BCryptDestroyHash

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9F6
Size: - Virtual size: 16.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Peg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ee=
Size: 27.9MB - Virtual size: 27.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

d341c38557c419704106fcbade2e4659

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

crypt32

winhttp

ntdll

version

bcrypt

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 277KB

.data Size: - Virtual size: 86KB

.pdata Size: - Virtual size: 65KB

_RDATA Size: - Virtual size: 500B

.9F6 Size: - Virtual size: 16.9MB

.Peg Size: 3KB - Virtual size: 3KB

.Ee= Size: 27.9MB - Virtual size: 27.9MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 277KB

.data
Size: - Virtual size: 86KB

.pdata
Size: - Virtual size: 65KB

_RDATA
Size: - Virtual size: 500B

.9F6
Size: - Virtual size: 16.9MB

.Peg
Size: 3KB - Virtual size: 3KB

.Ee=
Size: 27.9MB - Virtual size: 27.9MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 480B