GoLink[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GoLink.exe
Size

54KB
MD5

4ead375706b5a8963c492f4607eaf1fb
SHA1

3acc2eac17041c32efed94749139d0f410a1c3e3
SHA256

24388acced5cb4889ae4f1b447f5bbda5f100ab068f59b83f79a4ad9513806c1
SHA512

c0dba6ec07c786a2b75517cfa61cc0bf5f5765a7ff1c6f7ad6da7db94ac1bb68f682c1410e50926e3a366bcba7103a5a474ce7277f8479a5692801fa62f1b12d
SSDEEP

768:aDW20i/eFtBKrbfKxH9jk/42uUicRtLq3fZbHhfsFxeaRUB95GPDKmXUmTHohiGe:aD7K3Krb4sic7kZbB0+a1LgmE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GoLink.exe

Files

GoLink.exe
.exe windows:5 windows x86 arch:x86

1122e7219a5e3c832dde487f6ded1788

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
WriteFile
WriteConsoleA
GetStdHandle
FlushConsoleInputBuffer
WaitForSingleObject
VirtualAlloc
VirtualQuery
VirtualFree
WideCharToMultiByte
CreateFileA
SearchPathA
lstrlen
GetDateFormatA
GetTimeFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileSize
ReadFile
UnmapViewOfFile
CloseHandle
FreeLibrary
GetModuleHandleA
GetProcAddress
CreateFileMappingA
MapViewOfFile
LoadLibraryExA
IsBadReadPtr
MultiByteToWideChar
lstrlenW
DeleteFileA
SetFilePointer
SetEndOfFile
CreateDirectoryA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
GetVersionExA
SetUnhandledExceptionFilter
GetCommandLineW
ExitProcess
CompareStringA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ