df871a823f8b02aa9b2ed3b63b7a777cc0652772dd8ff93ee8efeffa2f654013

Sharing

Copy URL Twitter E-mail

General

Target

df871a823f8b02aa9b2ed3b63b7a777cc0652772dd8ff93ee8efeffa2f654013
Size

2.8MB
MD5

c605fd038aea220d1885791e391c7295
SHA1

36a03bd1aa182682e714f108db26cbe87d305e9e
SHA256

df871a823f8b02aa9b2ed3b63b7a777cc0652772dd8ff93ee8efeffa2f654013
SHA512

51dfd55b8d930deee09493f5db46c4c6c86571412c608ef29c47b9985daf56c5eed14069349f4f61df9cd7cf80c635e79a5f2fee997a37438cb3f6f786acdfd9
SSDEEP

24576:y0kV4rxnMetg7Nyy9y89SeqrDRZSU+CS9xAk3q+D1fhDbtDYo17VeB/02t9FHrU5:yIO96WVCS9xAk3q+DRgo1eW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df871a823f8b02aa9b2ed3b63b7a777cc0652772dd8ff93ee8efeffa2f654013

Files

df871a823f8b02aa9b2ed3b63b7a777cc0652772dd8ff93ee8efeffa2f654013
.exe windows:6 windows x86 arch:x86

449e2f210c0167c861076a93ba1c6156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\VCtest\Projects\NEWGZXTEST\KF\Release\GZX.pdb

Imports

mfc140u

ord2486
ord12541
ord12542
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11982
ord11983
ord2409
ord3147
ord9128
ord6497
ord968
ord9139
ord6549
ord2215
ord2246
ord3697
ord10472
ord4885
ord8464
ord14466
ord12531
ord5357
ord4222
ord8744
ord2993
ord3872
ord8062
ord6490
ord6129
ord5935
ord13703
ord11717
ord6877
ord14596
ord14137
ord7923
ord8324
ord12865
ord8386
ord8470
ord1525
ord14234
ord9126
ord3145
ord8817
ord13628
ord462
ord7495
ord4225
ord6220
ord13756
ord3305
ord3302
ord13800
ord5419
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9132
ord12089
ord3838
ord11936
ord12793
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1526
ord1722
ord3833
ord4219
ord1770
ord1756
ord1002
ord1777
ord890
ord4936
ord1391
ord6589
ord11038
ord5003
ord4948
ord10255
ord5984
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord12247
ord4589
ord8217
ord10433
ord12251
ord12219
ord12928
ord5249
ord5549
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6860
ord1113
ord6489
ord6566
ord3882
ord2304
ord1111
ord1133
ord1447
ord1070
ord1066
ord1180
ord4092
ord13911
ord7313
ord13442
ord952
ord2205
ord7997
ord1472
ord995
ord7653
ord10379
ord12884
ord5110
ord5850
ord8067
ord7820
ord2990
ord2996
ord13806
ord4886
ord8746
ord4227
ord6607
ord3932
ord2526
ord14377
ord13646
ord6533
ord4859
ord290
ord9210
ord4966
ord4960
ord9235
ord5790
ord12168
ord4954
ord3265
ord5013
ord4997
ord12173
ord2760
ord3371
ord3372
ord4942
ord5019
ord13752
ord6218
ord4974
ord3941
ord3164
ord4912
ord12124
ord2682
ord4927
ord1744
ord3403
ord4988
ord4502
ord9693
ord4494
ord3055
ord13656
ord12637
ord1067
ord2477
ord4815
ord2385
ord2389
ord296
ord360
ord13253
ord13960
ord280
ord1045
ord286
ord265
ord266
ord1511
ord3404
ord11396
ord11015
ord9040
ord12131
ord12763
ord8712
ord12921
ord14590
ord1513

kernel32

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetSystemInfo
GetQueuedCompletionStatus
lstrcatA
OutputDebugStringA
lstrlenA
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetLastError
CreateIoCompletionPort
InitializeCriticalSection
GetCurrentDirectoryA
GetPrivateProfileStringW
GetModuleFileNameW
WritePrivateProfileStringW
CreateFileA
DeviceIoControl
GetVolumeInformationA
VirtualQuery
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetCurrentThread
QueryPerformanceFrequency
MultiByteToWideChar
GetProcAddress
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MoveFileExA
WaitForSingleObject
GetSystemTime
SetUnhandledExceptionFilter
GetPrivateProfileIntA
Sleep
CloseHandle
WritePrivateProfileStringA
IsBadReadPtr
OutputDebugStringW
VirtualProtect
GetProcessHeap
HeapFree
WideCharToMultiByte
GetTickCount
GetPrivateProfileStringA
GetFileSize
ReadFile
TerminateThread
CreateThread
GlobalSize
GlobalLock
GlobalUnlock
InitializeCriticalSectionEx
HeapAlloc
DeleteCriticalSection
WaitForMultipleObjects
SetLastError
GetModuleHandleA
GetModuleHandleW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetFileAttributesW
CreateDirectoryW
CreateEventA
GetDriveTypeA
GetFileAttributesA
CreateDirectoryA
SleepEx
GetPrivateProfileIntW

user32

wsprintfA
MessageBoxW
KillTimer
CloseClipboard
GetClipboardData
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuW
GetClientRect
SetTimer
MessageBoxA
IsIconic
GetSystemMetrics
DrawIcon
LoadMenuW
GetSubMenu
GetCursorPos
GetWindowTextA
OpenClipboard
SendMessageW

advapi32

CryptImportKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey
OpenThreadToken
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt

shell32

SHFileOperationW
SHGetSpecialFolderPathW
DragQueryFileA
SHGetSpecialFolderPathA
ShellExecuteW

comctl32

InitCommonControlsEx

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xbad_function_call@std@@YAXXZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
_Strxfrm
_Strcoll
??Bid@locale@std@@QAEIXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

ws2_32

socket
WSACleanup
WSASetLastError
WSAWaitForMultipleEvents
WSAResetEvent
__WSAFDIsSet
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
setsockopt
WSAIoctl
WSARecv
WSASend
send
gethostbyname
ioctlsocket
connect
select
recv
htonl
getpeername
getsockname
ntohs
accept
recvfrom
sendto
listen
bind
inet_addr
WSAGetLastError
WSASocketW
inet_ntoa
ntohl
htons
WSAEventSelect
freeaddrinfo
inet_ntop
getaddrinfo
gethostname
WSAStartup
closesocket
shutdown

vcruntime140

_except_handler4_common
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__CxxFrameHandler3
memset
memchr
__std_exception_destroy
__std_exception_copy
strstr
strchr
_purecall
strrchr
memcpy
memmove
__std_terminate

plfl32

P_CardReCharge
P_UserReg
P_GetLoginValue
P_UserLogin
P_LoadSystem
P_GetInfo
P_GetDataValue

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

dbghelp

MiniDumpWriteDump

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-runtime-l1-1-0

_errno
exit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
__sys_nerr
__sys_errlist
_beginthreadex
_initterm
_initterm_e
_exit
_cexit
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
calloc
free

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_localtime64_s
_time64

api-ms-win-crt-stdio-l1-1-0

fseek
_set_fmode
__acrt_iob_func
fputs
__stdio_common_vswprintf
feof
__stdio_common_vsscanf
_open
fgets
_fseeki64
fflush
_lseeki64
__stdio_common_vfprintf
fwrite
fputc
_read
_write
_fileno
_close
__stdio_common_vsprintf_s
__stdio_common_vsprintf
fclose
fread
ftell
fopen
__p__commode

api-ms-win-crt-convert-l1-1-0

strtoll
atoll
strtoul
atoi
strtol
wcstombs
_wtoll

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
strtok
strspn
strpbrk
strcspn
strncmp
toupper

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_access
_unlink

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

bcrypt

BCryptGenRandom

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA

normaliz

IdnToAscii
IdnToUnicode

wldap32

ord50
ord45
ord60
ord211
ord46
ord217
ord41
ord301
ord200
ord30
ord79
ord35
ord33
ord22
ord26
ord27
ord143
ord32

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

449e2f210c0167c861076a93ba1c6156

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

advapi32

shell32

comctl32

msvcp140

ws2_32

vcruntime140

plfl32

wininet

iphlpapi

dbghelp

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

bcrypt

crypt32

normaliz

wldap32

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 5KB - Virtual size: 3.0MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 5KB - Virtual size: 3.0MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.1MB - Virtual size: 2.1MB