Static task
static1
General
-
Target
UpdateGGzeraSpoofer.exe
-
Size
17.9MB
-
MD5
d5bdedd0cedc7691e80adef45989a0ed
-
SHA1
aa947414b2ee92f6625528ed568d4e5b9ed195af
-
SHA256
ed83265a2cd9a74dd50580337d46f3807911e0825999901204c26f8f8bb8a5a6
-
SHA512
df040cc163480a2c15fb06971c2296fee90bd6f0aae9bb6eb500bb2aff6da00ac30af0f42dd77981ccae2920e3d9a8932aec538dd9b5afa8bcd8f99d52ab2adb
-
SSDEEP
393216:yr1wYzf2tGcRZLB+Q10j13nAWrOoekmBIS0XWvP1gjw/f:21BWDX+XPekmBI2P1e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource UpdateGGzeraSpoofer.exe
Files
-
UpdateGGzeraSpoofer.exe.exe windows:6 windows x64 arch:x64
ed7f936abc76583b09b76332150c6df9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
VirtualFree
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
user32
GetClientRect
advapi32
CryptDestroyKey
shell32
ShellExecuteA
msvcp140
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
imm32
ImmReleaseContext
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
wininet
InternetOpenUrlW
normaliz
IdnToAscii
wldap32
ord27
crypt32
CertFreeCertificateChain
ws2_32
gethostbyaddr
rpcrt4
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-stdio-l1-1-0
_popen
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
isspace
api-ms-win-crt-heap-l1-1-0
malloc
api-ms-win-crt-runtime-l1-1-0
_crt_atexit
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-multibyte-l1-1-0
_mbscmp
api-ms-win-crt-math-l1-1-0
sin
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-filesystem-l1-1-0
_stat64
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 7.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.![Q Size: - Virtual size: 6.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.Y/K Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.de# Size: 17.9MB - Virtual size: 17.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ