caea4934eb26944adb1d904cca6fcd15410678902fed44d764f7e1feda021541

Sharing

Copy URL Twitter E-mail

General

Target

caea4934eb26944adb1d904cca6fcd15410678902fed44d764f7e1feda021541
Size

3.6MB
MD5

005edd956d0cfa8dac03716883401732
SHA1

5ea0f81e0336964c839f4dae07fd58c8e0a074c4
SHA256

caea4934eb26944adb1d904cca6fcd15410678902fed44d764f7e1feda021541
SHA512

6880b63ec792c92f691f6726cdd6c5d9976d8a71d60ea86502ccfc928f35bbc090adf40cb3e33adc3e71293a9b72e8098bcc9ccdd0708d3cc01e5859a18ed1c8
SSDEEP

98304:QZ0iO/tGDrD65MUnfhP3QMTsncAvRy/GMTDxCj:Zn/IDrjq0vRy/GMTlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
caea4934eb26944adb1d904cca6fcd15410678902fed44d764f7e1feda021541

Files

caea4934eb26944adb1d904cca6fcd15410678902fed44d764f7e1feda021541
.exe windows:6 windows x86 arch:x86

377262582e552b352410423361fef62b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\autobuild\git_hotfix\res\neutral\Gcadsetup_RE\Release\GcadMdataInstaller\GcadMdataInstaller.pdb

Imports

kernel32

LCMapStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetConsoleMode
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
IsValidLocale
EnumSystemLocalesW
GetDriveTypeW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
SetConsoleCtrlHandler
SetCurrentDirectoryW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetConsoleCP
SetFileAttributesW
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
FindResourceExW
Sleep
SearchPathW
GetProfileIntW
GetTickCount
GetUserDefaultLCID
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetDiskFreeSpaceW
GetFileAttributesW
GetStringTypeExW
MoveFileW
DuplicateHandle
WriteFile
UnlockFile
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
lstrcmpiW
LocalUnlock
LocalLock
DeleteFileW
GetCurrentDirectoryW
VirtualProtect
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
SystemTimeToFileTime
GetAtomNameW
GlobalGetAtomNameW
GetTempPathW
SetFilePointer
CreateFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
WritePrivateProfileStringW
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetModuleHandleA
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
SetLastError
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
MultiByteToWideChar
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
InitializeCriticalSectionAndSpinCount
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
GlobalFree
GetWindowsDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameW
WaitForSingleObject
CreateProcessW
WideCharToMultiByte
GetModuleHandleW
GetDiskFreeSpaceExW
GetVersion
GetCurrentProcess
CreateMutexW
CloseHandle
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
GetProcAddress
LoadLibraryW
FreeResource
SizeofResource
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSectionEx
GetLastError
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
QueryPerformanceFrequency
WriteConsoleW

user32

GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
TrackMouseEvent
IntersectRect
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
LoadMenuW
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
GetWindowThreadProcessId
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetAsyncKeyState
GetKeyboardState
MapVirtualKeyW
CloseClipboard
EnableWindow
SendMessageW
GetWindowRect
InvalidateRect
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
EnumDisplayMonitors
GetMonitorInfoW
SystemParametersInfoW
GetSysColorBrush
MapWindowPoints
SetLayeredWindowAttributes
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
IsZoomed
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetSystemMenu
DeleteMenu
MessageBeep
WindowFromPoint
NotifyWinEvent
GetClassInfoW
DefWindowProcW
OffsetRect
SetCursorPos
SetRect
SetParent
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
SetClassLongW
DestroyMenu
GetMenuItemInfoW
CopyImage
CharUpperW
GetClientRect
FillRect
DrawTextW
GetDC
ReleaseDC
GetParent
DestroyIcon
LoadImageW
CopyRect
DrawStateW
LoadIconW
GetWindowLongW
SetWindowLongW
IsIconic
GetSystemMetrics
DrawIcon
GetDesktopWindow
UpdateLayeredWindow
EnumChildWindows
IsRectEmpty
SetWindowRgn
PostMessageW
SetWindowPos
GetWindow
wsprintfW
GetSysColor
SetForegroundWindow
LoadCursorW
ShowWindow
PostThreadMessageW
InflateRect
OpenClipboard
RedrawWindow
LoadBitmapW
CopyIcon
SetCursor
LoadStringW
UpdateWindow
UnregisterClassW
SendDlgItemMessageA
SetRectEmpty
SetClipboardData
EmptyClipboard
FrameRect
MonitorFromPoint
UnionRect
GetDoubleClickTime
SetMenuDefaultItem
ModifyMenuW
IsCharLowerW
MapVirtualKeyExW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
CharUpperBuffW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SubtractRect
SendNotifyMessageW
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetComboBoxInfo
DestroyCursor
GetWindowRgn
GetDCEx
GetKeyNameTextW
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
GetNextDlgGroupItem
InvalidateRgn
CharNextW
GetTabbedTextExtentW
IsClipboardFormatAvailable
WaitMessage
GetDialogBaseUnits
RealChildWindowFromPoint

gdi32

CreateFontIndirectW
CreateDIBitmap
CreatePatternBrush
CreateRectRgnIndirect
EnumFontFamiliesW
GetDeviceCaps
GetTextCharsetInfo
CopyMetaFileW
CreateDCW
SetBkColor
CreateBitmap
CreateDIBPatternBrushPt
CreateHatchBrush
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
GetTextMetricsW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
PatBlt
SetRectRgn
DPtoLP
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polyline
GetCharWidthW
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetDIBits
SetPixel
SetDIBColorTable
LPtoDP
OffsetRgn
EnumFontFamiliesExW
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
CreateFontW
StretchDIBits
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
StretchBlt
Rectangle
GetMapMode
RoundRect
CreatePen
CreateSolidBrush
DeleteDC
CreateDIBSection
CombineRgn
CreateRoundRectRgn
CreateRectRgn
SelectObject
DeleteObject
GetStockObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
Polygon
ExtTextOutW
GetCurrentObject
GetObjectW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
GetJobW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExW
GetTokenInformation
AllocateAndInitializeSid
SetFileSecurityW
GetFileSecurityW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
EqualSid

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAddToRecentDocs
ExtractIconW
ShellExecuteExW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetFileInfoW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsFileSpecW
PathIsRootW
PathIsNetworkPathW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW
StrFormatKBSizeW

uxtheme

IsAppThemed
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
GetThemePartSize

ole32

OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
OleRun
CoFreeUnusedLibraries
OleSetMenuDescriptor
CoRegisterMessageFilter
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
CoInitializeEx
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
PropVariantCopy
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
OleCreateLinkToFile
OleCreateFromFile
CoDisconnectObject
StringFromGUID2
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
CoRegisterClassObject
CoRevokeClassObject
OleQueryCreateFromData
OleQueryLinkFromData
DoDragDrop
CLSIDFromString

oleaut32

LoadRegTypeLi
LoadTypeLi
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
OleCreateFontIndirect
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
RegisterTypeLi
SysReAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SafeArrayGetUBound
SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipDrawImageI
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageRectI
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdipBitmapUnlockBits
GdipCreateBitmapFromStreamICM
GdipGetImageWidth

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

377262582e552b352410423361fef62b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 566KB - Virtual size: 565KB

.data Size: 32KB - Virtual size: 52KB

.rsrc Size: 424KB - Virtual size: 423KB

.reloc Size: 204KB - Virtual size: 204KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 566KB - Virtual size: 565KB

.data
Size: 32KB - Virtual size: 52KB

.rsrc
Size: 424KB - Virtual size: 423KB

.reloc
Size: 204KB - Virtual size: 204KB