92613aae50787366ad331f95467707bdf0fad0a495c99e8f9204c8051b96098b

Sharing

Copy URL Twitter E-mail

General

Target

92613aae50787366ad331f95467707bdf0fad0a495c99e8f9204c8051b96098b
Size

356KB
MD5

bba6bd87bc11ce74c1b1b3985bb8b284
SHA1

9e8467e1f176ba07e5ab2fb0ac8148d33df596da
SHA256

92613aae50787366ad331f95467707bdf0fad0a495c99e8f9204c8051b96098b
SHA512

fb8b40b222248d859589a41f97e6a62ca733ee1a8cb31b3b35d8012275a66fc802e7d0433703fca6b4fd399a8777a9392afda2b070cc17679acbfa4912fed1c5
SSDEEP

6144:liySBfFd7Jtc+G4owlhgDNEpfC67loFdML/pkRWtB9dUFpZ82B7ozEYUkzrI0CQU:liRR/Fe4d6NYf77ubML/pk4QPB7SEY/u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92613aae50787366ad331f95467707bdf0fad0a495c99e8f9204c8051b96098b

Files

92613aae50787366ad331f95467707bdf0fad0a495c99e8f9204c8051b96098b
.exe windows:5 windows x86 arch:x86

0f75a43091c2fedace08fe729ff2f824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\GFServer\Release\GuoBbigClient.pdb

Imports

wininet

InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetOpenW

shell32

ShellExecuteA

user32

EnumWindows
SendMessageW
GetWindowRect
GetWindowThreadProcessId
CreateDesktopW
wsprintfW
PostMessageW

advapi32

RegDeleteValueW
RegSetValueExA
RegEnumValueA
RegQueryValueExA
GetTokenInformation
RegSetValueExW
RegOpenKeyExW
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
LookupPrivilegeValueW

ws2_32

htons
shutdown
sendto
recv
socket
closesocket
inet_pton
send
select
connect
ioctlsocket
gethostbyname
__WSAFDIsSet
WSAGetLastError
inet_addr
recvfrom
WSAStartup

winhttp

WinHttpCrackUrl
WinHttpReadData
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpCheckPlatform
WinHttpOpenRequest

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoGetObject
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

iphlpapi

GetExtendedTcpTable

kernel32

SetStdHandle
WriteConsoleW
FlushFileBuffers
GetStringTypeW
LoadLibraryW
CreateFileW
SetEndOfFile
lstrlenA
LocalFree
LCMapStringW
SetFilePointerEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteFile
GetFileType
GetStdHandle
GetProcessHeap
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
InterlockedPopEntrySList
ReadProcessMemory
Sleep
MultiByteToWideChar
GetModuleFileNameA
DeleteFileA
MoveFileExA
GetCurrentProcess
WaitForSingleObject
SetEvent
GetModuleHandleW
OpenProcess
TerminateProcess
GetLastError
GetProcAddress
GetTempFileNameA
ResetEvent
Process32FirstW
CreateEventW
WaitForMultipleObjects
Process32NextW
CreateToolhelp32Snapshot
OpenEventW
CloseHandle
GetTempPathA
CreateThread
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
CreateProcessA
EnterCriticalSection
LoadLibraryA
OpenThread
GetModuleHandleA
DeleteCriticalSection
GetCurrentProcessId
SuspendThread
ResumeThread
GetModuleFileNameW
GetWindowsDirectoryW
InterlockedDecrement
GetSystemInfo
WideCharToMultiByte
VirtualProtectEx
WriteProcessMemory
GetNativeSystemInfo
GetSystemTimes
Thread32First
GetFileAttributesA
Thread32Next
GlobalMemoryStatusEx
GetProcessId
Module32FirstW
Module32NextW
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCommandLineW
HeapFree
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapAlloc
ExitThread
LoadLibraryExW
HeapReAlloc
RaiseException
RtlUnwind
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f75a43091c2fedace08fe729ff2f824

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shell32

user32

advapi32

ws2_32

winhttp

ole32

oleaut32

iphlpapi

kernel32

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 10KB - Virtual size: 27KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 27KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 15KB - Virtual size: 14KB