GPlayer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GPlayer.exe
Size

4.7MB
MD5

7d429f3152a62dcf2b17bdd5f259df63
SHA1

2e3310e68323991dc1766628370ad23e49ce399c
SHA256

fb9cace32f28bb140cb52d7ef15e87ecd82ceaec4469daf0dc28a7d6cb36fdb5
SHA512

5a454ed9e2b75fa83500f1a3aa4f0e490567c8c9c15dc9b267d5ea32212758c855545ef417e9515b9f6a63551d6cf6b79f3f2d792918dc643490ba87296ff246
SSDEEP

49152:Rpsd0hANAERtg20FlqtroYiZfHoPOBKr+T5v8B7Ft0zjB3E+rlFRISJJYnFo+/DQ:M0hAbBrrcfHC+TGZK68FRISr+/D3Zm

Score

1^/10

Malware Config

Signatures

Files

GPlayer.exe
.exe windows:4 windows x86 arch:x86

801951556bccb0df8064efedee284ad8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:9f:80:42:d6:56:1c:2e:b1:e6:65:84:d1:34:16:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2014, 00:00

Not After

18/05/2015, 23:59

Subject

CN=Exent Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Exent Technologies Ltd.,L=Petah-Tikva,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutGetNumDevs
joyGetDevCapsA
waveOutGetDevCapsA
timeGetTime
joyGetNumDevs
joyGetPosEx
PlaySoundW

user32

GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
AdjustWindowRectEx
ScrollWindow
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
WinHelpW
GetClassInfoW
GetMenu
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
IntersectRect
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
IsWindowEnabled
GetShellWindow
MonitorFromWindow
GetMonitorInfoW
GetActiveWindow
GetCapture
SetCapture
ClientToScreen
MoveWindow
BeginDeferWindowPos
DeferWindowPos
GetForegroundWindow
AttachThreadInput
BringWindowToTop
SetFocus
IsIconic
LoadMenuW
ReleaseDC
GetIconInfo
GetSysColorBrush
GrayStringW
TabbedTextOutW
GetAsyncKeyState
SetRect
SetWindowRgn
wvsprintfA
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
GetSubMenu
DrawEdge
InflateRect
GetKeyboardLayout
MapVirtualKeyW
GetKeyNameTextW
MsgWaitForMultipleObjects
GetKeyState
ShowWindow
GetWindow
LoadIconW
PtInRect
DefWindowProcA
UnregisterClassA
RegisterClassA
CreateWindowExA
ReleaseCapture
FillRect
OffsetRect
WaitForInputIdle
GetLastInputInfo
SystemParametersInfoA
FindWindowA
PostMessageA
GetSystemMetrics
wsprintfA
CopyImage
LoadBitmapW
GetSysColor
DestroyCursor
SetClassLongW
MessageBeep
SetCursor
DrawFrameControl
DrawIconEx
DrawTextW
SetWindowTextW
wvsprintfW
GetWindowDC
BeginPaint
EndPaint
SetDlgItemTextW
GetWindowThreadProcessId
IsDialogMessageW
MapDialogRect
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageW
RegisterClipboardFormatW
SetWindowContextHelpId
CharUpperW
CharNextW
LoadStringW
PostThreadMessageW
CopyAcceleratorTableW
GetNextDlgGroupItem
PostThreadMessageA
GetMessageA
PeekMessageA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DispatchMessageA
SendMessageA
GetPropA
SetPropA
SetWindowLongA
GetClassNameA
IsWindowUnicode
GetWindowLongA
SetWindowsHookExA
RemovePropA
CallWindowProcA
CharNextA
DefDlgProcA
GetClassInfoA
DrawFocusRect
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
ShowCaret
HideCaret
EndDeferWindowPos
GetWindowTextLengthA
GetDesktopWindow
WindowFromPoint
GetParent
GetClassNameW
FindWindowW
GetDC
MessageBoxW
wsprintfW
CheckMenuItem
RegisterWindowMessageW
DefWindowProcW
DestroyIcon
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
GetFocus
GetSystemMenu
InsertMenuW
SystemParametersInfoW
RedrawWindow
CreatePopupMenu
AppendMenuW
EnableMenuItem
TrackPopupMenuEx
DestroyMenu
UpdateWindow
GetClientRect
CopyRect
SetWindowPos
PostMessageW
IsWindowVisible
LoadCursorW
SetForegroundWindow
IsWindow
LoadImageW
GetWindowLongW
SetWindowLongW
SetTimer
InvalidateRect
KillTimer
GetCursorPos
ScreenToClient
SendMessageW
GetWindowRect
EnableWindow

gdi32

GetMapMode
DPtoLP
GetBkColor
EnumFontFamiliesExW
LPtoDP
LineTo
GetBitmapBits
GetObjectA
ExtTextOutA
MoveToEx
IntersectClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
GetTextExtentPoint32W
GetTextExtentPointA
GetTextMetricsW
GetObjectW
CreateFontIndirectW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapMode
SetBkMode
SetTextAlign
CreatePen
GetWindowExtEx
GetViewportExtEx
SelectPalette
RestoreDC
SaveDC
GetClipBox
SetTextColor
PatBlt
SetBkColor
StretchBlt
CreateDCA
CreatePalette
GetDeviceCaps
RealizePalette
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateDIBSection
GetPixel
CombineRgn
DeleteDC
ExtCreateRegion
GetRgnBox
CreateRectRgn
CreateDIBitmap
CreateBitmap
CreateSolidBrush
DeleteObject
BitBlt
SetViewportOrgEx
GetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
Rectangle
GetTextColor
CreateFontW
SelectObject

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
ExitThread
GetFileType
SetStdHandle
GetLocalTime
GetTimeZoneInformation
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
SetFileTime
GetFileTime
GetCurrentDirectoryW
FindResourceExW
GetProcessVersion
LocalReAlloc
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GetUserDefaultLCID
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
UnlockFile
LockFile
DuplicateHandle
LCMapStringA
LCMapStringW
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
IsValidLocale
QueryPerformanceFrequency
GetPriorityClass
lstrcmpW
lstrcmpiA
FileTimeToLocalFileTime
lstrcmpiW
SetPriorityClass
GetSystemDefaultLangID
VerLanguageNameA
GlobalAddAtomA
VirtualProtect
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
VirtualAllocEx
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
GetPrivateProfileIntW
GetEnvironmentVariableW
GetFullPathNameW
LoadLibraryExW
FindResourceExA
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceA
GetProcessAffinityMask
SetThreadAffinityMask
GetSystemDirectoryA
GetTempPathW
GetPrivateProfileIntA
OutputDebugStringA
lstrcatA
SystemTimeToFileTime
GlobalMemoryStatus
GetLogicalDriveStringsA
GetDriveTypeA
lstrlenA
GetTempFileNameW
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetVersionExW
GetUserDefaultLangID
GlobalReAlloc
SetEndOfFile
FlushFileBuffers
SetFilePointer
GetSystemTime
MulDiv
GetExitCodeProcess
LocalAlloc
TlsAlloc
TlsGetValue
TlsSetValue
FormatMessageW
FormatMessageA
LocalFree
DeviceIoControl
CreateFileA
GetDiskFreeSpaceA
lstrcpynA
lstrcmpA
CreateDirectoryExA
CopyFileA
RemoveDirectoryW
RemoveDirectoryA
MoveFileW
MoveFileA
DeleteFileA
FindNextFileA
SetFileAttributesA
GetFileAttributesA
CreateDirectoryA
CreateProcessA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryW
GetPrivateProfileStringW
GetModuleHandleA
ExpandEnvironmentStringsW
GetCurrentProcess
GetVersion
GetProcessHeap
HeapAlloc
GetCurrentThread
HeapFree
CreateMutexA
GetVolumeInformationA
GetWindowsDirectoryA
ReleaseMutex
lstrcpyA
GetVersionExA
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
GlobalLock
LockResource
GlobalUnlock
GlobalFree
FindFirstFileA
GetTempPathA
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
Module32FirstW
Module32NextW
CreateProcessW
GetModuleFileNameW
GetModuleFileNameA
IsValidCodePage
SetLastError
InterlockedIncrement
WritePrivateProfileStringW
GetSystemPowerStatus
OutputDebugStringW
WaitForMultipleObjects
CreateThread
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryW
CreateEventA
SetCurrentDirectoryA
CreateToolhelp32Snapshot
GetProfileStringA
Process32First
Process32Next
GetTimeFormatA
Sleep
GetFileSize
ReadFile
FileTimeToSystemTime
GetDateFormatA
CreateDirectoryW
SetFileAttributesW
DeleteFileW
lstrlenW
lstrcpynW
CompareFileTime
CreateEventW
ResetEvent
SetEvent
LoadLibraryA
FreeLibrary
WritePrivateProfileStringA
GetFileAttributesW
FindNextFileW
GetTickCount
CopyFileW
CreateFileW
GetLastError
WriteFile
CloseHandle
lstrcpyW
InterlockedDecrement
GetModuleHandleW
GetProcAddress
FindFirstFileW
FindClose
WaitForSingleObject
GetLocaleInfoA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
OpenEventA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
OpenMutexA
LoadLibraryExA
GetTimeFormatW
GetDateFormatW
TerminateThread
VirtualQuery
GetComputerNameA
QueryPerformanceCounter
FlushConsoleInputBuffer
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
FindResourceA
GetSystemTimeAsFileTime
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
LockFileEx
HeapValidate
GetSystemInfo
GetFullPathNameA
GetFileAttributesExW
GetDiskFreeSpaceW
CreateMutexW
CreateFileMappingW
CreateFileMappingA
AreFileApisANSI
InterlockedCompareExchange
WaitForSingleObjectEx
WaitForMultipleObjectsEx
FileTimeToDosDateTime
GetFileInformationByHandle
DosDateTimeToFileTime
CreateMailslotA
GetMailslotInfo

advapi32

RegEnumKeyExA
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegEnumKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegOpenKeyA
IsTextUnicode
OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
CreateProcessAsUserA
SetTokenInformation
ConvertStringSidToSidA
DuplicateTokenEx
StartServiceA
CreateServiceA
RegDeleteKeyA
RegCreateKeyExW
RegSetValueExW
RegEnumValueA
CheckTokenMembership
OpenProcessToken
AllocateAndInitializeSid
FreeSid
GetTokenInformation
GetLengthSid
CopySid
ImpersonateSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenThreadToken
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
MakeSelfRelativeSD
RevertToSelf
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegQueryValueW
GetUserNameA
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathA
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathA
ord165
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconW
SHGetSpecialFolderLocation
ShellExecuteW
SHChangeNotify

comctl32

_TrackMouseEvent
ImageList_GetImageCount
ImageList_Create
ImageList_Destroy
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Remove
ImageList_GetIcon
ImageList_ReplaceIcon

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CoTaskMemAlloc
CoRegisterMessageFilter
CoFreeUnusedLibraries
CoGetClassObject
OleInitialize
CoInitializeSecurity
CoCopyProxy
CoSetProxyBlanket
CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateInstance
OleRun
CoRevokeClassObject
CoTaskMemFree
OleUninitialize
OleFlushClipboard
CLSIDFromString
OleIsCurrentClipboard
CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize

olepro32

ord253
ord251

oleaut32

VariantTimeToSystemTime
LoadTypeLi
GetErrorInfo
SysAllocString
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantCopy
QueryPathOfRegTypeLi
SysAllocStringLen

wininet

InternetConnectA
InternetGetConnectedState
FindFirstUrlCacheEntryA
InternetSetStatusCallback
FindNextUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntry
CreateUrlCacheEntryA
CommitUrlCacheEntryA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetSetOptionA
InternetOpenA
InternetQueryOptionA
InternetGoOnlineW
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetSetCookieW
InternetCrackUrlA
InternetSetCookieA
InternetQueryOptionW
InternetCrackUrlW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

shlwapi

PathFileExistsW
PathRemoveFileSpecA
PathFileExistsA
PathRemoveFileSpecW
PathMatchSpecA

imagehlp

ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates

wsock32

gethostname
WSACleanup
WSAStartup
gethostbyname

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueA

mpr

WNetAddConnectionA
WNetGetConnectionA
WNetCancelConnection2A

oledlg

OleUIBusyW

sensapi

IsNetworkAlive

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

crypt32

CryptUnprotectData

Exports

Exports

Sync

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 348KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

801951556bccb0df8064efedee284ad8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6b:9f:80:42:d6:56:1c:2e:b1:e6:65:84:d1:34:16:86Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

winmm

user32

gdi32

kernel32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

wininet

wtsapi32

shlwapi

imagehlp

wsock32

version

mpr

oledlg

sensapi

winspool.drv

comdlg32

crypt32

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 576KB - Virtual size: 573KB

.data Size: 348KB - Virtual size: 393KB

.rsrc Size: 224KB - Virtual size: 221KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6b:9f:80:42:d6:56:1c:2e:b1:e6:65:84:d1:34:16:86
Certificate

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 576KB - Virtual size: 573KB

.data
Size: 348KB - Virtual size: 393KB

.rsrc
Size: 224KB - Virtual size: 221KB