GD[.]G[.]3[.]0[.]321[.]exe

Resubmissions

02/09/2024, 13:33

240902-qtzbhsscjg 8

02/09/2024, 13:28

240902-qqxnhs1dmk 8

Sharing

Copy URL Twitter E-mail

General

Target

GD.G.3.0.321.exe
Size

253.0MB
MD5

5b419617aa729c2b9054bc9fdbd38e99
SHA1

c683032706ff47b79a88572934e20855c21414fc
SHA256

db2e9c23205d4b9ec36873ff57ddf2f82b4ae52ce5fd613e573e30c850c7f30e
SHA512

3c335d2ee3a694be68d67f6798ba4b8efd4cfed28abeb0f1b5318f8a936bb03697e5d39ff4c679d9dd85c215af09316273ca36e77aae3e7fa660fbbcf5e6ffe7
SSDEEP

3145728:9BYZb4QLFzS0Qqyxm/CDRq0mylE2cuNByVf+gKCZkdMPe16XOpD5Im3GlepC3Hzi:9uvFzNyo/CDRnlEbQUVVNP5GDSleQDi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GD.G.3.0.321.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

GD.G.3.0.321.exe
.exe windows:5 windows x86 arch:x86

Password: test

a85d1ff8430aa5b4659e57bfe09aba1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Branch\win\Release\stubs\x86\setup.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
WriteFile
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
LoadLibraryExW
FreeLibrary
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
DecodePointer
CloseHandle
GetShortPathNameW
CreateEventW
GetCurrentProcessId
GetCommandLineW
SetCurrentDirectoryW
CreateThread
WaitForSingleObject
SetEvent
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
CopyFileW
GetExitCodeThread
SetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetTempPathW
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
GetLogicalDriveStringsW
GetFileSize
ReadFile
GetDiskFreeSpaceExW
GetEnvironmentVariableW
SetFilePointer
SetEndOfFile
InterlockedExchange
EnumResourceLanguagesW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateProcessW
GetExitCodeProcess
GetWindowsDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
OutputDebugStringW
InitializeCriticalSection
GetLocalTime
FlushFileBuffers
MulDiv
TerminateThread
CreateNamedPipeW
ConnectNamedPipe
FormatMessageW
GetFileTime
GetStdHandle
GetStringTypeW
GetLocaleInfoA
MoveFileW
ResetEvent
GlobalFree
GetVersionExW
Sleep
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
CompareFileTime
CopyFileExW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetACP
ExitProcess
GetModuleHandleExW
GetFileType
GetCPInfo
IsValidCodePage
GetOEMCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: test

a85d1ff8430aa5b4659e57bfe09aba1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 293KB - Virtual size: 293KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 312B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 293KB - Virtual size: 293KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 312B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 14KB - Virtual size: 13KB