Gooper[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gooper.exe
Size

1.4MB
MD5

df9cf8ea9c50bac05aac093a48955bfe
SHA1

5829ea8c4b8882752efd9dce498ba6e48636a713
SHA256

b788ce97c5af5cf526c60035936f98448b258b2a42828213f5e072be0534b386
SHA512

f14c1a88ad17ae2e7fa99951e7382665ab61c5ad675b40aa815d0e02a7c72ab7e6d823102b3ef2197f2c453444df8624d5114d34be4f09f6e98d2f662268c5ec
SSDEEP

24576:zoOJol9AEqDazRYVg/q4gYl9xipPmRDA98CGfqBzQgpcWTL:zVLEqGdzpl3eP4DKBzQwrT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Gooper.exe

Files

Gooper.exe
.exe windows:6 windows x64 arch:x64

a5632eea8162ed1c9c724ecb894c1086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
HeapFree
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCurrentProcess
GetModuleHandleA
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsDebuggerPresent
SetHandleInformation
CreatePipe
GetShortPathNameA
GetModuleFileNameA
GetEnvironmentVariableA
GetComputerNameA
PeekNamedPipe
GetCurrentDirectoryA
CreateProcessA
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
HeapCreate
TryEnterCriticalSection
ReadFile
GetEnvironmentStringsW
GetOEMCP
UnlockFile
AreFileApisANSI
GetACP
RtlUnwind
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetFileType
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
GetLocaleInfoEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandleEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

advapi32

GetCurrentHwProfileA
GetUserNameA

shell32

ShellExecuteA

crypt32

CryptUnprotectData

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptDestroyKey
BCryptGetProperty

wininet

InternetCheckConnectionA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5632eea8162ed1c9c724ecb894c1086

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

crypt32

bcrypt

wininet

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 19KB - Virtual size: 26KB

.pdata Size: 50KB - Virtual size: 49KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 19KB - Virtual size: 26KB

.pdata
Size: 50KB - Virtual size: 49KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB