D�����葏��; {�kZ�]�6L]n�-���M��Գ@����Oõ��&T�7�qY�;�D�OS���B��RdP>OΣQ�)�}\&�����?/!��n�����۰.��K�6�gic���1��ɖ��C�$�I����&��9�C̟��������]��r��c�E&���e��d�f�i7QV�6u���/#V,>m��K�j�w빳� �2Zfˏ͉4��a>�R�x�IԷ�d�h� t[���B��P̄�9<�?����7�kQ!�1���r���(�WD�Rt���Yy����""��'*���LLR���nw����;*�����6�������ñx��q�8�!ݠ���=a��I:�ռ�i|�Y_�*�����2(��*X��ޤ���<�͐�|Y���y�����XЫ��0D���Q#� ����u���&�W��c��S��|����ZZHSFi^��Z�� ��I�H����+����X];�3d�%"��~���7M��EHn��'� P>Ar���w�ѣ��TifMDӮ�P��o�M�CZ}gg��S��b�z�ܔ�i���ZC=Y��[�A�x�����#3;��d� 苙m%;3+��p�����/m��^AX���´;����*���'W<��e���<kgBj.(��%������O.|���/���y�����w�3*�fB�-�z�.�� $z.�8+}vH�$M���"�G?�CGguī��O�9��#�E��e ���D��^:)��TV�k�_�˖��V"rǛ;z ڪ��Ux�9�+���KAz�� 1q�N1���_�&�%q���z���.x�'�DԦ��p��������Ʀ��p�ڴ~�a����M����\^t��8��x�_"�pE� �.f���0��)e�duz��>�{���픑r�`C/�}:ɼ슓�כ�TM� j�P�{�+E���BF�>��B��q���&����-8�)�kT���+e��W\�|]-�����0�����ZS��U��j(��r궅����in����J$���&p����՟D?��!iT^�"J����X�5�p1�{��B��Z�g����Q伄�8�NDvn�6],a�S�����_ʁь�Ÿ� ������!��wu���OG9��B8� ��6��C =���|e�|�K����aÉ�֘#��O��F��������B�b$7�P��R�4�?�]������0x��3�C��#���_C�E�7�����`���X����aR T�A����}}>���0v��a��u��UgYϼ۩;"�{`�q�;n�� ~S�F���աyM �ᒩ�iN�~L�B%8.��}A?|��&�"lO���I�ץ��R����l�y8h���A� B��=�8�b6��^� �,�e���m��8=p�v�1����ȝF���M!$r0a��ӹ�e}ߚ�N���N.�=}��_/}�~/���n�V����ۄ O���8��H@ ��t�5txP>��>���Vp:/ �^��¡�'C��_m'�=&A������J��bxO���cJ��a��Cm�Kcĩwi �T�m[�Ψ0%��8����=)���B=�b��.hV�mp^�Ff�>����W�F�;z���N�?:s��cF "�6a��<��Mv��N�R�iE��rkYW���zٱ����eX�e�����������%�+ff�G�+̉��B��Y�K$b1�@4l��/X� ���e��&����ӑR��_\u�]�2�:9��&�{�>� �����Yq"Q�+�}�9d�#��< t/z;�����PmFX9#?H����H �8T��Eo�-�><��5�O��2<�/M�����>�e�d�N�צ�_>C+V������-���!|/(��gn���?qx��w�(���3�g�$��9 �u�hJ��[f�����x"�Ug��I,^O����,<����$8����I�{��G{DJT��M!�쉡$�P"���%�yJ��bJ��)�u�E���~�|a� �9��8��B��K�:no8���#��0�EH�W�M"Q���HJr����{$�j�""9�::~����>�D{e��U4(�ߘ���Z�Ѥ���B[p�K5l������e�r��CZ豃��y�'���}"a�_8,~�RFn��m ;.��hXVK�H��a����d�j��͕F+�6c� ����cZy�`#s|���"��0����6����q����K'Dj��hD�7@Et�:�ͦ��@y���̿�#%�F+����Gs�u�z@�q�VnA��ʞ���p��3��4����9X$B�C,+�Z��akI�CY=���r+q���Q��*Q��vePmR�c�:�o������;��{�j�,}�Z�G��\����o~�k~�t�°L�$X\�C��ٛd]�-rfK !'� M�LN`c�r�r�:�BY�`��o=���K۞��� �-�I�n7*I�[��Ѽ�4������ӛS�}��������އ��U�p+�L��+l�6���ChxK����g��+���"}�����QzF�9ay�`f�����s�[����N��g:g� Hɡ��� ,ؑ9 ��S��56�]Ɖ~@H��v��X�{��1��uu�y���٠�Ѷ�L�\g>-�����,�-*h3p�:�U�A��ۜ��R���JW�Lz���R��߬+�����g�:ɬ������;jWE�<�����!I������סE��J�LHַ���VY�H�VcZ�ln�D�F5O���<.|+s�D/,�<�eʚ �kh.\ ���=�t�r3!�`8����7i�7�j�g�����Y1��.�*�ϗ�u���L�g�2*���������wЛ��!S �!I�¦3:���<K�����`�x9�P3*H�g�bkg/���L�I�B<�E]��������Zi�����PP"��(t}*�/�(%6�ֻҎs\��Γ�@gR.B��T1�� @m|6.zn�ʶ�`hJ��|�P&&ඟΪ����1�}�����窍.T����ד�q�Z��Ϗ<4����U{wx�g��#R�*���YWԑzFK#�K����C���f_*�=_�E��>��8y3�Ғ�� ���P��q(��Skϧ�=4B>�cer��ANdܡ�!�����Ý�r��˄��XK����U1�����4�I2�`MZ\�����5z��/��4t�c�D�u�S��Ϊw�VdEe�3��9�����R��1?F:J f�U�M7��&����w1M*d]�������P>��|8V��M]�k�QrIM�m�{�X}����v�=���,��e��rw�V���I�{� I��Ւ?k|wں����1�K-���|Ex���r4�~c�װpME��O7?+�AB"���܍���;K ���k誅��o���#Q����\��V��a��+a��fj��b���&�d��
Static task
static1
Behavioral task
behavioral1
Sample
Gopidirit.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Gopidirit.exe
Resource
win10v2004-20241007-en
General
-
Target
Gopidirit.exe
-
Size
7.5MB
-
MD5
dd749d83056ecb224b888d51a6748244
-
SHA1
be2a4958e9fd52a0ca31a9b496e2d55900a79a10
-
SHA256
553f70ff7e6aa1e1d9cc0452799b932dca7240fd3bfbd872fdeffdfd17c51704
-
SHA512
16b89c511a49047a98f1b6894a8afc22d90092c86af60eaffb535bb98bdb7989d695057f2d09994d16f98a6077a9178dd76ed4d01982e1063196c78726c6091c
-
SSDEEP
196608:0jwJiv+RneA0pkTheTFPYbhqyH40AW8WOOxSebUKGSwd:0nGOeh4wbhqyH4bWrOMXmSwd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Gopidirit.exe
Files
-
Gopidirit.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
Sections
Size: - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 3.1MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1.7MB - Virtual size: 11.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE