cad1a70b7de4778e01100c5a8e01e77830b0bcf2308e7abc2e488ae6b0d586be

Sharing

Copy URL

Twitter E-mail

General

Target

cad1a70b7de4778e01100c5a8e01e77830b0bcf2308e7abc2e488ae6b0d586be
Size

1.5MB
MD5

2b592d408a24898e8b27924eeae2fc16
SHA1

54702219bb5d6ec92f4799a68ce74d8b0b537953
SHA256

cad1a70b7de4778e01100c5a8e01e77830b0bcf2308e7abc2e488ae6b0d586be
SHA512

001939540e24a3f183fc11bd8323c3f91b3ef83b92d2ad099e84d95c2001b0dac65e4900f8a21eae55ab16b5ca3cc94dd9364263ce84715ed0b89f2148cad3e8
SSDEEP

24576:dsZcWGQMhxQuO/gHB1zmGWvM/XhmkBXcqXQE6/QpSTIL+VaRr/IS24lFbBjuhnlF:dsZWJxQuO/gHB1zmGWvMJjQ6pSTIL+VL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cad1a70b7de4778e01100c5a8e01e77830b0bcf2308e7abc2e488ae6b0d586be

Files

cad1a70b7de4778e01100c5a8e01e77830b0bcf2308e7abc2e488ae6b0d586be
.exe windows:6 windows x86 arch:x86

d30ac4671951a08a43dda480dd3d2b02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\data\workspace\code\result_generated\Win32\Release\Ginkgo.pdb

Imports

winmm

timeSetEvent
timeKillEvent
timeGetTime

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFileExistsW
PathIsRelativeW

gdiplus

GdipMeasureString
GdipFillPath
GdipFillEllipseI
GdipDrawEllipseI
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipDrawPath
GdipDrawRectangleI
GdipDrawBezierI
GdipDrawLineI
GdipFillRectangle
GdipDeletePath
GdipTransformPath
GdipIsOutlineVisiblePathPointI
GdipIsVisiblePathPointI
GdipGetPathWorldBoundsI
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipCreateBitmapFromGdiDib
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathFillMode
GdipSetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipFree
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipDeleteMatrix
GdipCreateMatrix
GdipCloneImage
GdipScaleMatrix
GdiplusShutdown
GdiplusStartup
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAddPathLineI

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msimg32

AlphaBlend

advapi32

CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptGenRandom
CryptAcquireContextA

kernel32

GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
HeapAlloc
HeapFree
GetModuleFileNameW
ExitProcess
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
SetLastError
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
InitializeCriticalSectionEx
DecodePointer
EncodePointer
IsValidLocale
InitializeConditionVariable
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
GetDynamicTimeZoneInformation
Sleep
GetCurrentProcessId
OutputDebugStringA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
WriteFile
GetStdHandle
GetConsoleMode
AcquireSRWLockExclusive
GetModuleHandleW
CloseHandle
CreateEventW
GetLastError
WaitForSingleObject
SetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCommandLineW
WritePrivateProfileStringW
GetPrivateProfileIntW
WriteConsoleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
ResetEvent
TerminateThread
RaiseException
CreateDirectoryW
ReadFile
FindClose
CreateFileW
GetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GetFileSize
GetModuleHandleA
MulDiv
LoadLibraryW
SetFilePointer
GetEnvironmentVariableW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
GetConsoleOutputCP
GetUserDefaultLCID
EnumSystemLocalesW
ReleaseSRWLockExclusive
GetProcAddress
SetEndOfFile
SleepEx
GetSystemDirectoryA
LoadLibraryA
FormatMessageW
GetEnvironmentVariableA
MoveFileExA
FlushFileBuffers
CreateFileA
VirtualQuery
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
SwitchToThread
GetCurrentThreadId
GetFullPathNameW
WaitForSingleObjectEx

user32

EndPaint
PtInRect
UnionRect
SetCursor
CharNextW
ClientToScreen
GetSysColor
GetAsyncKeyState
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MapWindowPoints
GetParent
FindWindowW
GetDesktopWindow
GetPropW
SetPropW
CallWindowProcW
SendMessageW
GetSystemMetrics
SetFocus
EnableWindow
GetWindow
GetClassInfoExW
RegisterClassW
LoadCursorW
ReleaseDC
SetWindowPos
SetWindowTextW
SetForegroundWindow
IsWindowVisible
IntersectRect
MoveWindow
MessageBoxW
SetWindowLongW
SetWindowRgn
GetWindowRect
IsRectEmpty
BeginPaint
OffsetRect
GetClientRect
ScreenToClient
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
IsZoomed
IsIconic
GetWindowLongW
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
KillTimer
PostMessageW
FindWindowExW
AllowSetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
PostQuitMessage
GetUpdateRect
InvalidateRect
ReleaseCapture
UpdateLayeredWindow
SetCapture
GetFocus
GetCursorPos
GetKeyState
ShowWindow
GetDC

gdi32

BitBlt
GetDeviceCaps
RestoreDC
CreateDIBSection
StretchBlt
CreateCompatibleDC
DeleteDC
SaveDC
ExtSelectClipRgn
CreateRectRgnIndirect
GetObjectA
SetStretchBltMode
SetWindowOrgEx
GetWindowOrgEx
DeleteObject
SelectObject
CreateFontIndirectW
GetStockObject
GetObjectW
CreateRoundRectRgn

shell32

ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal

crypt32

CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

ws2_32

socket
WSASetLastError
WSAIoctl
inet_pton
WSAStartup
WSACleanup
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
accept
htonl
listen
ioctlsocket
setsockopt
getpeername
connect
bind
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
send
recv
getsockopt
htons
getsockname
ntohs

Sections

.text
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d30ac4671951a08a43dda480dd3d2b02

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

comctl32

shlwapi

gdiplus

imm32

msimg32

advapi32

kernel32

user32

gdi32

shell32

ole32

crypt32

ws2_32

Sections

.text Size: 1016KB - Virtual size: 1015KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 30KB - Virtual size: 35KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 115KB - Virtual size: 116KB

.text
Size: 1016KB - Virtual size: 1015KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 30KB - Virtual size: 35KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 115KB - Virtual size: 116KB