Source: gmAszjZqKD.exe |
Virustotal: Detection: 72% |
Perma Link |
Source: gmAszjZqKD.exe |
ReversingLabs: Detection: 89% |
Source: Yara match |
File source: gmAszjZqKD.exe, type: SAMPLE |
Source: Yara match |
File source: gmAszjZqKD.exe, type: SAMPLE |
Source: gmAszjZqKD.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: gmAszjZqKD.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: gmAszjZqKD.exe |
String found in binary or memory: https://github.com/syohex/java-simple-mine-sweeperC: |
Source: gmAszjZqKD.exe |
Binary or memory string: GetRawInputData |
|
Source: Yara match |
File source: gmAszjZqKD.exe, type: SAMPLE |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: gmAszjZqKD.exe |
Static PE information: Resource name: WM_DSP type: PE32 executable (GUI) Intel 80386, for MS Windows |
Source: gmAszjZqKD.exe |
Static PE information: Data appended to the last section found |
Source: gmAszjZqKD.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: gmAszjZqKD.exe, type: SAMPLE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: classification engine |
Classification label: mal88.troj.expl.winEXE@0/0@0/0 |
Source: gmAszjZqKD.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: gmAszjZqKD.exe |
Virustotal: Detection: 72% |
Source: gmAszjZqKD.exe |
ReversingLabs: Detection: 89% |
Source: gmAszjZqKD.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: gmAszjZqKD.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: gmAszjZqKD.exe |
String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList |
Source: gmAszjZqKD.exe |
String found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType |
Source: Yara match |
File source: gmAszjZqKD.exe, type: SAMPLE |
Source: Yara match |
File source: gmAszjZqKD.exe, type: SAMPLE |
Source: Yara match |
File source: gmAszjZqKD.exe, type: SAMPLE |