GElkFW[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GElkFW.exe
Size

11.0MB
MD5

43b30c9feeaba4b2699412cb46f1ea69
SHA1

acb37a36c8d46fb1d2a8ae68f432880d8308b6a4
SHA256

5df5fa24ab01bab24b1be2d337f485695d109e0c99d867ee4a42e99479b9f80f
SHA512

7132e15e0f6bbe85df9b9d1a6444e413546a43d3babc39207e5020ba80819a78a89bbdf44b7c695402a54d104763bea318e03019bed96f3c597d1c6fc4b521c7
SSDEEP

196608:ZdXIKxhh6SNVawBgTa9eZl9Q+JDX0UmFB3AYJjc1BG3xXd1JCcEb3fE:ZZIKxH6YsH4GQ+VkUKBQYJ6IdlW

Score

1^/10

Malware Config

Signatures

Files

GElkFW.exe
.exe windows:6 windows x64 arch:x64

70f08dc92a05c09c8e87b29d825fff83

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:50:7d:0f:ff:e6:a1:73:5d:30:4c:22:7d:50:80:07:bb:7a:83:45:b6:ac:ed:35:67:16:8b:01:fd:52:e3:78
Signer

Actual PE Digest

29:50:7d:0f:ff:e6:a1:73:5d:30:4c:22:7d:50:80:07:bb:7a:83:45:b6:ac:ed:35:67:16:8b:01:fd:52:e3:78

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitOnceComplete
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

ScreenToClient

advapi32

OpenThreadToken

shell32

ShellExecuteA

shlwapi

SHDeleteKeyW

ws2_32

freeaddrinfo

crypt32

CertCloseStore

ole32

CoUninitialize

d3dcompiler_47

D3DCompile

d3dx11_43

D3DX11CreateTextureFromMemory

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDeviceAndSwapChain

bcrypt

BCryptGenRandom

gdiplus

GdipCloneImage

iphlpapi

GetAdaptersInfo

ntdll

RtlLookupFunctionEntry

dbghelp

ImageDirectoryEntryToData

oleaut32

SysFreeString

Sections

.text
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70f08dc92a05c09c8e87b29d825fff83

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

29:50:7d:0f:ff:e6:a1:73:5d:30:4c:22:7d:50:80:07:bb:7a:83:45:b6:ac:ed:35:67:16:8b:01:fd:52:e3:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

crypt32

ole32

d3dcompiler_47

d3dx11_43

dxgi

d3d11

bcrypt

gdiplus

iphlpapi

ntdll

dbghelp

oleaut32

Sections

.text Size: - Virtual size: 4.8MB

.rdata Size: - Virtual size: 507KB

.data Size: - Virtual size: 364KB

.pdata Size: - Virtual size: 130KB

Size: - Virtual size: 6.9MB

Size: 5KB - Virtual size: 4KB

Size: 11.0MB - Virtual size: 11.0MB

.rsrc Size: 512B - Virtual size: 480B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

29:50:7d:0f:ff:e6:a1:73:5d:30:4c:22:7d:50:80:07:bb:7a:83:45:b6:ac:ed:35:67:16:8b:01:fd:52:e3:78
Signer

.text
Size: - Virtual size: 4.8MB

.rdata
Size: - Virtual size: 507KB

.data
Size: - Virtual size: 364KB

.pdata
Size: - Virtual size: 130KB

.rsrc
Size: 512B - Virtual size: 480B