79f09f1462321e25fae67a1ceebda529cf8502a80921293527b40e48e8e8370dN

Sharing

Copy URL

Twitter E-mail

General

Target

79f09f1462321e25fae67a1ceebda529cf8502a80921293527b40e48e8e8370dN
Size

131KB
MD5

75dd2ef343bf9b6ac9682ffa9414b870
SHA1

cae5fdd8836aee5f55e0910f544c280ef73579e8
SHA256

79f09f1462321e25fae67a1ceebda529cf8502a80921293527b40e48e8e8370d
SHA512

c411e0b2e0b14c9f14be2182b858828e5f7218b720b1cb0c46e6c4925e71badf5961176b05951f8bcdbc316df6562a18626ea235415f47304f16bb4d5dd903fd
SSDEEP

3072:7x5u4akX7nbQkbCtmAyOiA/ZhGHr5Y0ModtOidqnjUE:7LuCbQvtmAybA/3Q5Y0MojOvnjF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f09f1462321e25fae67a1ceebda529cf8502a80921293527b40e48e8e8370dN

Files

79f09f1462321e25fae67a1ceebda529cf8502a80921293527b40e48e8e8370dN
.dll windows:6 windows x64 arch:x64

d2be1eedc00b4dfc90c07bc004e237e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\work-code\gstarlms-pure\tools\SafeGuardProxy(gcad)\out\x64\Release\SafeGuardProxy.pdb

Imports

glmc

glmClientCheckLicenseUsb
glmClientCheckLicense
glmClientEnumLicense
glmClientActStandaloneOrTrial
glmClientActivateTrial
glmClientCheckIn
glmClientProfileFree
glmClientProfileGet
glmClientProfileOpen
glmClientFree
glmClientSetReconnectFunPtr
glmClientInit

mfc140u

ord11813
ord6505
ord3071
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8947
ord10691
ord6729
ord11902
ord8656
ord14209
ord11625
ord3718
ord11771
ord8817
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord2698
ord7913
ord3209
ord3212
ord13401
ord6002
ord3056
ord4078
ord6320
ord3756
ord2346
ord2350
ord2270
ord6247
ord1089
ord446
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord6000
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord11085
ord6122
ord3731
ord11921
ord11929
ord7920
ord10124
ord11933
ord11901
ord12606
ord5080
ord5363
ord5552
ord9041
ord5339
ord5555
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9941
ord8900
ord6614
ord5706
ord4445
ord2269
ord7716
ord1450
ord983
ord7393
ord2921
ord5709
ord285
ord1670
ord3951
ord1039
ord323
ord4656
ord1503
ord2222
ord2260
ord1501
ord2193
ord13397
ord2697
ord8830
ord296
ord2225
ord7691
ord2909
ord280
ord1033
ord286
ord1489
ord8901
ord6285
ord12030
ord2340
ord14225
ord12087
ord14278
ord8731
ord11854
ord4722
ord4498
ord12546
ord12762
ord12771
ord12631
ord6549
ord6250
ord357
ord13679
ord12763
ord12967
ord4499
ord265
ord266
ord1491
ord3308
ord14289
ord12746
ord2473
ord3307
ord1086
ord438
ord1369
ord878
ord10704
ord13199
ord4726
ord10727
ord8468
ord8507
ord13767
ord10163
ord7233
ord3713
ord6313
ord2475
ord2344
ord1424
ord6588
ord8826
ord3164
ord4095
ord1053
ord990
ord6251
ord9946
ord5916
ord5582
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord3949
ord3728
ord1492
ord324
ord1040
ord2327
ord2212
ord2369
ord2372
ord2338
ord2371
ord473
ord2234
ord2336
ord2161
ord2266
ord2360
ord1681
ord4360

kernel32

DeleteCriticalSection
GetProcAddress
GetTickCount
GetShortPathNameW
GetPrivateProfileStringW
GetLocalTime
WritePrivateProfileStringW
GetCurrentProcessId
CloseHandle
MulDiv
FreeLibrary
LoadLibraryW
GetLastError
InitializeCriticalSectionEx
LeaveCriticalSection
OutputDebugStringW
GetModuleFileNameW
EnterCriticalSection
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead

user32

IsWindow
SendMessageW
GetFocus
DrawFocusRect
SetRect
DestroyIcon
DrawIcon
LoadIconW
GetSysColor
GetClientRect
PostMessageW
ReleaseCapture
SetCapture
RedrawWindow
PtInRect
GetWindowRect
EnableWindow
IsIconic
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
GetWindow
KillTimer
SetTimer
FindWindowW
MessageBoxW

gdi32

DeleteDC
SelectObject
SetDIBColorTable
CreateCompatibleDC
GetObjectW
CreateDIBSection
GetStockObject
CreateFontIndirectW
CreateCompatibleBitmap
CreatePen
RoundRect
BitBlt
DeleteObject

msimg32

TransparentBlt

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

shlwapi

PathCombineW
PathRemoveFileSpecW
SHCreateStreamOnFileW

ole32

CoCreateInstance
OleRun

oleaut32

GetErrorInfo
VariantCopy
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantChangeType
VariantClear
VariantInit

ws2_32

WSAStartup

gdiplus

GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusShutdown
GdipDisposeImage
GdipFree
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePixelFormat
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

glmu

?glmuAesEncrypt@@YA_NPEBE0PEAEI@Z

wininet

InternetGetConnectedState

vcruntime140

memset
__std_type_info_destroy_list
memmove
_CxxThrowException
__C_specific_handler
__std_terminate
memcpy
__CxxFrameHandler3
_purecall

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_execute_onexit_table
_crt_atexit
_resetstkoflw
_errno
_invalid_parameter_noinfo
_cexit
_beginthread
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

wcscpy_s
_wcsicmp

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2be1eedc00b4dfc90c07bc004e237e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

glmc

mfc140u

kernel32

user32

gdi32

msimg32

shell32

shlwapi

ole32

oleaut32

ws2_32

gdiplus

msvcp140

glmu

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB