General

  • Target

    GHWInstaller.exe

  • Size

    30.6MB

  • MD5

    9d0944f657449b771785b154a800a36d

  • SHA1

    4a35498c1646d344993df50677ad5b7a6275ffb0

  • SHA256

    f69d904156f315d68e66a36b5c2f50d7f7e3050aedd06b94fa4837b335631031

  • SHA512

    2bfeee2f9f08cb5a6fa2c0014c15537dde7301d00e260868de8e21f4433a09f7b00ca7895db2eb6df1f5cb3724cb568dd5f154be4e7399b177933bb9a1669189

  • SSDEEP

    786432:c7nj9v1NXUB85ZmFxnb0/dyi7wc+/ACo81YVggTpB7XMliXG:cf5rX4ckF1Q/dF96Td7UB7XG

Score
3/10

Malware Config

Signatures

  • Detects Pyinstaller 2 IoCs
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • GHWInstaller.exe
    .exe windows:4 windows x86 arch:x86

    f4639a0b3116c2cfc71144b88a929cfd


    Headers

    Imports

    Sections

  • GWHLauncher.bat
  • PLAYERDATA/player.json
  • assets/NOTE.png
    .png
  • assets/PAYLOAD1_COM.exe
    .exe windows:6 windows x64 arch:x64

    a06f302f71edd380da3d5bf4a6d94ebd


    Headers

    Imports

    Sections

  • PAYLOAD1_COM.pyc
  • assets/PAYLOAD2_COM.exe
    .exe windows:6 windows x64 arch:x64

    a06f302f71edd380da3d5bf4a6d94ebd


    Headers

    Imports

    Sections

  • payload.pyc
  • config/cfg.ini
  • mods/INSTALL_MODS.md