Gunz[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gunz.exe
Size

14.7MB
MD5

8f90a4483677d2613a4a377bbd2329a1
SHA1

9e28c76e745f10a1153f3490788ff2e21a74425b
SHA256

cfa51b29c2c7fcdd50460ed18f273e81dbe23da913b8a32f568752be07e03f6b
SHA512

be8f9aa98d3b5b9df1363dadf020c3f6c35faa716186f2e938266d27970c9f7ff93d579248f4aa28984c2dc9626bc5e3300017cfd203453c50bffa52b918c88c
SSDEEP

393216:RD6pRYa79EfrXpqlx6b5QD22xCRkxWtekd0yf7uZzP:RD6n779sQDeuhkLS1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Gunz.exe

Files

Gunz.exe
.exe windows:6 windows x86 arch:x86

2217b0572a572ba4ec7deca2ce0d071a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

fmod

_FSOUND_Sample_SetMinMaxDistance@12

discord_game_sdk

DiscordCreate

kernel32

GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetFocus

gdi32

ScaleViewportExtEx

advapi32

CryptAcquireContextA

shell32

SHGetSpecialFolderPathA

ole32

CoSetProxyBlanket

oleaut32

VariantClear

shlwapi

PathStripPathA

iphlpapi

GetAdaptersInfo

imm32

ImmAssociateContext

d3dx9_43

D3DXMatrixTranslation

winmm

timeBeginPeriod

ws2_32

connect

sensapi

IsNetworkAlive

psapi

EnumProcessModules

dbghelp

MiniDumpWriteDump

wininet

InternetCrackUrlA

d3d9

Direct3DCreate9

gdiplus

GdipDeleteFont

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

Sections

.text
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fgz30
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fgz31
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fgz32
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2217b0572a572ba4ec7deca2ce0d071a

Headers

DLL Characteristics

File Characteristics

Imports

fmod

discord_game_sdk

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

imm32

d3dx9_43

winmm

ws2_32

sensapi

psapi

dbghelp

wininet

d3d9

gdiplus

oleacc

winspool.drv

Sections

.text Size: - Virtual size: 3.4MB

.rdata Size: - Virtual size: 558KB

.data Size: - Virtual size: 26.0MB

.fgz30 Size: - Virtual size: 8.2MB

.fgz31 Size: 3KB - Virtual size: 3KB

.fgz32 Size: 14.7MB - Virtual size: 14.7MB

.rsrc Size: 66KB - Virtual size: 66KB

.text
Size: - Virtual size: 3.4MB

.rdata
Size: - Virtual size: 558KB

.data
Size: - Virtual size: 26.0MB

.fgz30
Size: - Virtual size: 8.2MB

.fgz31
Size: 3KB - Virtual size: 3KB

.fgz32
Size: 14.7MB - Virtual size: 14.7MB

.rsrc
Size: 66KB - Virtual size: 66KB