grandoreiro | Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0

Sharing

Copy URL

Twitter E-mail

General

Target

Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0
Size

30.5MB
MD5

458c377c22340ea17a942ab200c063ae
SHA1

5c69e074616448b725250b7181102318f986239b
SHA256

bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0
SHA512

82105cc7477b4cf208067324358ff6fb5c4a80da881eb7dfcd74551fc5d5cb757f02b1a6ed5da0c3b79770d7c1a195cb65473df04272b405e6dc4a32ae32a7f0
SSDEEP

393216:NpjeWRbosw2LgMubfSEh8XASixsd2mz5KP6AGP5U7dKgw:NteilDE3bKwSIsd2m+5vdKR

Score

10^/10

grandoreiro

Malware Config

Signatures

Detects Grandoreiro payload 1 IoCs

resource	yara_rule
sample	family_grandoreiro_v1

Grandoreiro family
grandoreiro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0

Files

Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0
.dll windows:5 windows x86 arch:x86

a10cfa6f9d4276fa17a5fa661d4f6b82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
TlsSetValue
GetVersionExA
GetVersion
Sleep
MulDiv
OpenThread
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetKeyboardType
CreateWindowExA
CharUpperBuffW

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID
CreateBindCtx

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA
DeviceCapabilitiesA

shell32

ShellExecuteW

urlmon

URLDownloadToFileA

comdlg32

PrintDlgA

winmm

timeGetTime

wsock32

__WSAFDIsSet

ntdll

RtlNtStatusToDosError

magnification

MagSetImageScalingCallback

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
fill_fopen_filefunc
get_crc_table
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpenCurrentFile
unzOpenW
unzReadCurrentFile
zError
zipClose
zipCloseFileInZip
zipOpen
zipOpen2
zipOpenNewFileInZip
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

CODE
Size: 16.3MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 80KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Op}
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Ff#
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7fI
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a10cfa6f9d4276fa17a5fa661d4f6b82

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

ole32

comctl32

winspool.drv

shell32

urlmon

comdlg32

winmm

wsock32

ntdll

magnification

Exports

Exports

Sections

CODE Size: 16.3MB - Virtual size: 16.3MB

DATA Size: 70KB - Virtual size: 70KB

BSS Size: - Virtual size: 80KB

.idata Size: 14KB - Virtual size: 14KB

.edata Size: 2KB - Virtual size: 1KB

.Op} Size: 11.7MB - Virtual size: 11.7MB

.Ff# Size: 3KB - Virtual size: 3KB

.7fI Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 201KB - Virtual size: 200KB

.rsrc Size: 1024B - Virtual size: 944B

CODE
Size: 16.3MB - Virtual size: 16.3MB

DATA
Size: 70KB - Virtual size: 70KB

BSS
Size: - Virtual size: 80KB

.idata
Size: 14KB - Virtual size: 14KB

.edata
Size: 2KB - Virtual size: 1KB

.Op}
Size: 11.7MB - Virtual size: 11.7MB

.Ff#
Size: 3KB - Virtual size: 3KB

.7fI
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 201KB - Virtual size: 200KB

.rsrc
Size: 1024B - Virtual size: 944B