8c0eacf37d07b844d2537d79e0d43c13b1ff846f7276aff3e6818b725c5a9f9f

Sharing

Copy URL Twitter E-mail

General

Target

8c0eacf37d07b844d2537d79e0d43c13b1ff846f7276aff3e6818b725c5a9f9f
Size

816KB
MD5

591280eb6c6a8a04aee739ae2b3ec4fc
SHA1

97d801b6899cb3928bf7f7ff13f622a2dcda5c7d
SHA256

8c0eacf37d07b844d2537d79e0d43c13b1ff846f7276aff3e6818b725c5a9f9f
SHA512

263eee20ca77ca29e09d55f977fefac41b135d545b98a92730fd6aee475a410d69e748d4387eab990162fc9b95c74b01fa24edad37427e2184f962835228097e
SSDEEP

24576:MG1SNSBCkMHEHFzD42btCoQhSrJ5vLQPDviKjNY3seR:rgSBvMHEHFzD1bAm5vLRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c0eacf37d07b844d2537d79e0d43c13b1ff846f7276aff3e6818b725c5a9f9f

Files

8c0eacf37d07b844d2537d79e0d43c13b1ff846f7276aff3e6818b725c5a9f9f
.exe windows:5 windows x86 arch:x86

f24c357bd3105c66366e1a07e440dbef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\po\trunk\modules\gxonecli\Release\gxonecli.pdb

Imports

kernel32

LocalAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
CreateEventW
WaitForSingleObject
GetDiskFreeSpaceExW
lstrlenW
lstrcpynW
GetLogicalDrives
GetDriveTypeW
CloseHandle
lstrcmpiA
GetWindowsDirectoryW
lstrcpyA
SetFileAttributesW
Module32NextW
OpenEventW
GetFileAttributesExW
CreateToolhelp32Snapshot
FindNextFileW
lstrcatW
GetModuleHandleA
Process32NextW
Module32FirstW
DeviceIoControl
QueryDosDeviceW
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringW
Process32FirstW
FindClose
ExitProcess
lstrcpyW
DeleteFileW
GetVersionExW
LocalFree
GetCommandLineW
lstrcmpiW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
Sleep
GetProcAddress
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileSize
ReadFile
CreateFileW
LoadLibraryW
GetCurrentDirectoryW
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
MulDiv
GetLocalTime
GlobalLock
GlobalAlloc
GlobalUnlock
CreateFileA
lstrcmpA
FindFirstFileW
lstrlenA
VirtualQuery
lstrcpynA
CreateProcessW
GlobalSize
SetEvent
GetDriveTypeA
InitializeCriticalSection
OpenProcess
CopyFileW
GetFileAttributesW
lstrcmpW
GlobalFree
WriteConsoleW

user32

ReleaseDC
InvalidateRect
IntersectRect
GetDC
GetUpdateRect
PtInRect
BeginPaint
TrackMouseEvent
GetFocus
GetKeyState
KillTimer
SetCapture
EndPaint
MoveWindow
SetWindowTextW
GetCaretBlinkTime
GetCaretPos
GetWindowTextW
GetWindowTextLengthW
SetRect
CharPrevW
DrawTextW
FillRect
SetCaretPos
CreateCaret
GetSysColor
ShowCaret
HideCaret
ClientToScreen
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
SetClipboardData
OpenClipboard
GetDesktopWindow
EndDialog
EmptyClipboard
CloseClipboard
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
GetActiveWindow
ReleaseCapture
MapWindowPoints
IsRectEmpty
SetCursor
wvsprintfW
OffsetRect
UnionRect
GetWindowRect
IsIconic
LoadImageW
SetFocus
GetClassInfoExW
wsprintfW
SetPropW
MonitorFromWindow
RegisterClassW
GetMonitorInfoW
CallWindowProcW
GetWindow
CharNextW
IsWindowVisible
MessageBoxW
IsWindow
ShowWindow
GetCursorPos
EnableWindow
GetClientRect
GetParent
ScreenToClient
GetPropW
SetTimer
DestroyIcon
GetIconInfo
SetWindowPos
PostMessageW
GetForegroundWindow
FindWindowW
SetForegroundWindow
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
SetWindowLongW
SetClassLongW
GetWindowLongW
CreateDialogIndirectParamW
LoadIconW
RegisterClassExW
GetSystemMetrics
DestroyWindow
GetMessageW
PostQuitMessage
LoadCursorW
TranslateMessage
IsDialogMessageW
SendMessageW

gdi32

CreateCompatibleBitmap
Rectangle
SaveDC
CreatePen
GetStockObject
GetObjectW
DeleteObject
RestoreDC
CreateCompatibleDC
SelectObject
CreateFontIndirectW
DeleteDC
GetTextMetricsW
BitBlt
SetWindowOrgEx
CreateDIBSection
CreateSolidBrush
GetDeviceCaps
MoveToEx
GetTextExtentPoint32W
LineTo
StretchBlt
SetBkColor
GdiFlush
SelectClipRgn
CreatePenIndirect
CreateRectRgnIndirect
CombineRgn
CreatePatternBrush
SetBkMode
SetTextColor
GetObjectA
TextOutW
ExtSelectClipRgn
RoundRect
ExtTextOutW
GetCharABCWidthsW
SetStretchBltMode
CreateRoundRectRgn
GetClipBox

shell32

ShellExecuteA
ord165
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
SHAppBarMessage
SHGetDesktopFolder
CommandLineToArgvW
ord727
SHGetFileInfoW
ShellExecuteW

ole32

GetHGlobalFromStream
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleLockRunning
CoCreateInstance
CoInitialize

gdiplus

GdipSetSmoothingMode
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSetPageUnit
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdiplusShutdown
GdipDeleteBrush
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipGraphicsClear
GdipDrawImage
GdipImageGetFrameCount
GdipGetFamily
GdipDeleteFontFamily
GdipDrawString
GdipCreateFromHDC
GdipSetCompositingQuality
GdipCreateLineBrushI
GdipSetInterpolationMode
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipLoadImageFromStream
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFile

comctl32

ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

shlwapi

PathFindFileNameW
PathFileExistsW
SHDeleteValueW
PathIsDirectoryW
PathAppendW
SHCreateStreamOnFileW
PathFileExistsA
StrCatBuffW
wnsprintfW
wvnsprintfW
PathFindExtensionW
SHGetValueA
PathRemoveFileSpecW
StrStrIW
StrChrW
SHGetValueW
SHDeleteKeyW
StrCmpNIW
SHSetValueW
StrChrA
wnsprintfA
StrCmpNIA
wvnsprintfA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup

psapi

GetProcessImageFileNameW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertGetNameStringW
CryptQueryObject
CryptMsgClose

comdlg32

GetOpenFileNameW

advapi32

SetEntriesInAclW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
AllocateAndInitializeSid
RegEnumValueW
FreeSid
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f24c357bd3105c66366e1a07e440dbef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

gdiplus

comctl32

imm32

shlwapi

version

ws2_32

psapi

imagehlp

crypt32

comdlg32

advapi32

oleaut32

Sections

.text Size: 625KB - Virtual size: 625KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 16KB - Virtual size: 39KB

.rsrc Size: 85KB - Virtual size: 85KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 625KB - Virtual size: 625KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 16KB - Virtual size: 39KB

.rsrc
Size: 85KB - Virtual size: 85KB

.reloc
Size: 47KB - Virtual size: 46KB