ghg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ghg.exe
Size

47.1MB
MD5

b1ebef61946b7b7f52bf4b4dca833a12
SHA1

ac2ce16f67162f3370cc052d9b2b7a18bfda9500
SHA256

fcaca782ddf4f7fdc49db3108412c65ccec5742f1ef5e9ebb1f3433754eca4da
SHA512

99c50b278f72cd363156da3ef420b463fe8d6aec244d4fcd8609c070722c590a8526a9ff44601c851d5d0da9f55abb9dabef2ee59f3d0673efb413a6c29aee8d
SSDEEP

786432:kQ1FalZicAFJMZNHY5SiPVo/odJiezn7NaG9z+8M5SX988BCTJ/gEM5lw:k8alsUZNHYJnKsn7zzZte8YTJ/olw

Score

1^/10

Malware Config

Signatures

Files

ghg.exe
.exe windows:6 windows x64 arch:x64

0beaed5eaa62ee04ec3d2d1db420d661

Code Sign

2a:b1:7c:34:97:ff:7f:a4:46:55:8f:8d:4c:f0:ce:08
Certificate

Issuer

CN=CLEX

Not Before

16/08/2024, 13:40

Not After

16/08/2025, 14:00

Subject

CN=CLEX

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:bf:2d:7a:18:3d:db:53:80:c6:97:76:fe:5e:17:a4:ae:23:82:68:8a:9e:bd:79:17:ff:88:08:d2:5d:61:bb
Signer

Actual PE Digest

29:bf:2d:7a:18:3d:db:53:80:c6:97:76:fe:5e:17:a4:ae:23:82:68:8a:9e:bd:79:17:ff:88:08:d2:5d:61:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

advapi32

AdjustTokenPrivileges

msvcp140

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.decrypt
Size: - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.decrypt
Size: - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vlizer
Size: - Virtual size: 45.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.decrypt
Size: - Virtual size: 14.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.decrypt
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.decrypt
Size: 47.1MB - Virtual size: 47.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0beaed5eaa62ee04ec3d2d1db420d661

Code Sign

2a:b1:7c:34:97:ff:7f:a4:46:55:8f:8d:4c:f0:ce:08Certificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

29:bf:2d:7a:18:3d:db:53:80:c6:97:76:fe:5e:17:a4:ae:23:82:68:8a:9e:bd:79:17:ff:88:08:d2:5d:61:bbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 8KB

.rdata Size: - Virtual size: 9KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 804B

.decrypt Size: - Virtual size: 480B

.decrypt Size: - Virtual size: 88B

.vlizer Size: - Virtual size: 45.5MB

.decrypt Size: - Virtual size: 14.9MB

.decrypt Size: 3KB - Virtual size: 2KB

.decrypt Size: 47.1MB - Virtual size: 47.1MB

.rsrc Size: 512B - Virtual size: 469B

2a:b1:7c:34:97:ff:7f:a4:46:55:8f:8d:4c:f0:ce:08
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

29:bf:2d:7a:18:3d:db:53:80:c6:97:76:fe:5e:17:a4:ae:23:82:68:8a:9e:bd:79:17:ff:88:08:d2:5d:61:bb
Signer

.text
Size: - Virtual size: 8KB

.rdata
Size: - Virtual size: 9KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 804B

.decrypt
Size: - Virtual size: 480B

.decrypt
Size: - Virtual size: 88B

.vlizer
Size: - Virtual size: 45.5MB

.decrypt
Size: - Virtual size: 14.9MB

.decrypt
Size: 3KB - Virtual size: 2KB

.decrypt
Size: 47.1MB - Virtual size: 47.1MB

.rsrc
Size: 512B - Virtual size: 469B