| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2067-Feb-27 21:34:07
|
| Comments |
Antidetect browser application
|
| CompanyName |
GPM Software Solutions
|
| FileDescription |
GPMLogin
|
| FileVersion |
3.0.6.0
|
| InternalName |
GPMLogin.exe
|
| LegalCopyright |
Copyright © 2021
|
| LegalTrademarks |
|
| OriginalFilename |
GPMLogin.exe
|
| ProductName |
GPMLogin
|
| ProductVersion |
3.0.6.0
|
| Assembly Version |
3.0.6.0
|
| Info |
Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
Contains another PE executable:
- This program cannot be run in DOS mode.
Miscellaneous malware strings:
Contains domain names:
- 12voip.com
- adobe.com
- apache.org
- app.gpmautomate.com
- assets.giaiphapmmo.net
- chrome.google.com
- clients2.google.com
- codeplex.com
- docs.gpmloginapp.com
- drive.google.com
- drive.usercontent.google.com
- facebook.com
- giaiphapmmo.net
- github.com
- google.com
- gpmautomate.com
- gpmloginapp.com
- gpmloginpserver.com
- http://113.160.163.255
- http://127.0.0.1
- http://ns.adobe.com
- http://ns.adobe.com/photoshop/1.0/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
- http://purl.org
- http://schemas.fontawesome.io
- http://schemas.fontawesome.io/icons/
- http://schemas.microsoft.com
- http://schemas.microsoft.com/expression/blend/2008
- http://schemas.microsoft.com/winfx/2006/xaml
- http://schemas.microsoft.com/winfx/2006/xaml/presentation
- http://schemas.openxmlformats.org
- http://schemas.openxmlformats.org/markup-compatibility/2006
- http://wpfanimatedgif.codeplex.com
- http://www.apache.org
- http://www.apache.org/licenses/
- http://www.apache.org/licenses/LICENSE-2.0
- http://www.iec.ch
- http://www.w3.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- https://api.giaiphapmmo.vn
- https://api.giaiphapmmo.vn/data/gpmlogin/browser.json
- https://app.gpmautomate.com
- https://assets.giaiphapmmo.net
- https://assets.giaiphapmmo.net/gpmlogin/changelog.json
- https://assets.giaiphapmmo.net/gpmlogin/global_msg.json
- https://assets.giaiphapmmo.net/setup/GPMAutomateEditor_setup_password_giaiphapmmo.vn.zip
- https://chrome.google.com
- https://chrome.google.com/webstore/ajax/item?hl
- https://clients2.google.com
- https://clients2.google.com/service/update2/crx?response
- https://docs.gpmloginapp.com
- https://docs.gpmloginapp.com/api-document
- https://drive.google.com
- https://drive.google.com/file/d/1acDc_WbTh8-Bq-xYcf4Tdt2J59gJyYwN/view?usp
- https://drive.google.com/file/d/1u5m_XRKqNUVQjx3csqrVTJcp8rhhvPc0/view?usp
- https://drive.google.com/uc?id
- https://drive.usercontent.google.com
- https://drive.usercontent.google.com/download?id
- https://facebook.com
- https://github.com
- https://google.com
- https://gpmloginapp.com
- https://gpmloginpserver.com
- https://whoer.net
- https://www.facebook.com
- https://www.facebook.com/giaiphapmmodotnet
- inkscape.org
- microsoft.com
- ns.adobe.com
- openxmlformats.org
- schemas.microsoft.com
- schemas.openxmlformats.org
- stun.12voip.com
- usercontent.google.com
- whoer.net
- wpfanimatedgif.codeplex.com
- www.apache.org
- www.facebook.com
- www.iec.ch
- www.inkscape.org
- www.w3.org
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .1i4
Unusual section name found: .<mP
The PE only has 0 import(s).
|
| Info |
The PE is digitally signed. |
Signer: GPM SOFTWARE SOLUTIONS COMPANY LIMITED
Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020
|
| Suspicious |
VirusTotal score: 1/70 (Scanned on 2025-02-03 06:03:28) |
APEX:
Malicious
|
| MD5 |
2f1b703a76a27185b8d8bab196ca64a4
|
| SHA1 |
145d0dd00d8b9bed2aff1e1a73c133152345f11e
|
| SHA256 |
a2f71029346400b2d22815ffd043f2356950c39d92ae492cbee2aa8c2c1dd27d
|
| SHA3 |
6a779f7705c21b0f5ebfa8f78b0bcbade73dbaf2818bc731a5ac85598aa98988
|
| SSDeep |
98304:xxhr1Iy6ekxwzTm5crXY7ALQ/ehIFpEjybrBrhmBEif:HOLMY7ALQ/edjybrBrE
|
| Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
4
|
| TimeDateStamp |
2067-Feb-27 21:34:07
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
48.0
|
| SizeOfCode |
0x1b4000
|
| SizeOfInitializedData |
0x18e00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000000000000 (Section: ?)
|
| BaseOfCode |
0x2000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x2000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x638000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x405dc2
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x400000
|
| SizeofStackCommit |
0x4000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x2000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x1b3f30
|
| VirtualAddress |
0x2000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x88c5d
|
| VirtualAddress |
0x1b6000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
530eee51328e08f72c3d47984c2c06ba
|
| SHA1 |
add74c72665c04dbb4643484cc3150933d17d818
|
| SHA256 |
16575833ef6c8b1dd4450fd187533df9634fcf59cb40849bfca785bb8b24f6a9
|
| SHA3 |
1268f3fde637fd83ea748c1b6d211417e8302dd341d9c0a6fa411c7d4fb6598e
|
| VirtualSize |
0x3dc9e4
|
| VirtualAddress |
0x240000
|
| SizeOfRawData |
0x3dca00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
7.35233
|
| MD5 |
6a42b48d6c17411793246ff690451294
|
| SHA1 |
e55f44bae7567b058dfca9b07dbf01b905771c3e
|
| SHA256 |
6aab5b8cdd460837d60c3f427eededaf383dc8180f82f558cf557e464d8f7ffd
|
| SHA3 |
5b9835499f94ba16d11b14caa90d400ee034b992689db5b485b755d071300fb7
|
| VirtualSize |
0x18cb8
|
| VirtualAddress |
0x61e000
|
| SizeOfRawData |
0x18e00
|
| PointerToRawData |
0x3dce00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.98327
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.84386
|
| MD5 |
404537776585ae4ddf73540fbf62c69a
|
| SHA1 |
e47bad1a705fa76d7b8c4ee6713a67c25a9c3700
|
| SHA256 |
7a6b06e4907e3adfd381e0d53bbc905e2f90f675bf66f952a200d41ec068422c
|
| SHA3 |
066a6a3117f3c21aa2ddbb3187f804dfe3711d320ffb55d45fe423d24398e200
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.06078
|
| MD5 |
2ccb2cc974e642b851873925a16fd6a9
|
| SHA1 |
e463f89e5eeb43061092e0fc6555ce22f02342ec
|
| SHA256 |
b6be867025dd100c68496f85fe76680d00e39b0d3eb15e8804fcb4561296bc62
|
| SHA3 |
e2b484637392da710e1fb38d761fa967bda584ee3cd10e58db2f5a0e8d6f5c04
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.23369
|
| MD5 |
da440318684f5a8139214013ec7984ea
|
| SHA1 |
7915abf8117d07b2514ca455794bbbd56861a707
|
| SHA256 |
cb45d747be1d9d619efd119e40d05046777124bfbdea32cfe643b3f3d1a39839
|
| SHA3 |
5544a3dda83fbe36a6faec9e9a82cdf4d8805d31e0085a670c4416167aac078b
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.47371
|
| MD5 |
bd953b047e26aa8031b8bc8dd366b631
|
| SHA1 |
c451cbb96ed5b5f56c3e552cac5d2ee3e819fa1d
|
| SHA256 |
e6eb52d045b74a3a25c960b8c7d157fe752bd13b384d63278d8d6ec5d2764c32
|
| SHA3 |
34b3cfdd3324ec6d2d383d21f85cdb195a11795b6818571e5bd4760c5e4dc297
|
| Type |
RT_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.90336
|
| MD5 |
ccaebf224cf7211f3eb43336ffdda68a
|
| SHA1 |
73e61ec0e95e1543202ce42adadfdd50283e21f9
|
| SHA256 |
c163278e36b17f3824c3b6c4d13fd52f8497e4d032d142e9021130dc8ee5936d
|
| SHA3 |
8b25a969541fe14a3d4d94e01dacd0f8a315c7bd4ba8463e4bfeeeebc45475de
|
| Type |
RT_GROUP_ICON
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x4c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.80283
|
| Detected Filetype |
Icon file
|
| MD5 |
bb11c33e1e7c18c93b1daebf917db10a
|
| SHA1 |
a02231aec32333fb1310fd97c4e526fef629c484
|
| SHA256 |
fa7f68bdca34eab3f91938ab3bd14c6d88eac0830b2e2436dcfc5e6b90824157
|
| SHA3 |
56991989e1c08a34e3a26292c919258176e47d071e4e7e9f51b072bf8e39aa4b
|
| Type |
RT_VERSION
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x384
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.36964
|
| MD5 |
80b898ad82ed28beaadfae561d34db4e
|
| SHA1 |
57ef56ebbcbe3ff1c6037f705110f4860b31514b
|
| SHA256 |
1f7468e3334c4c0d69fec9ace70ec68682e202c72299d386277ef7a75d2b5980
|
| SHA3 |
2aa474cb0f352bdfb4cb1f33366a96dd279fda07a8082bdf36145aa806e477b8
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x1ea
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.00112
|
| MD5 |
b7db84991f23a680df8e95af8946f9c9
|
| SHA1 |
cac699787884fb993ced8d7dc47b7c522c7bc734
|
| SHA256 |
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
|
| SHA3 |
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
3.0.6.0
|
| ProductVersion |
3.0.6.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
UNKNOWN
|
| Comments |
Antidetect browser application
|
| CompanyName |
GPM Software Solutions
|
| FileDescription |
GPMLogin
|
| FileVersion (#2) |
3.0.6.0
|
| InternalName |
GPMLogin.exe
|
| LegalCopyright |
Copyright © 2021
|
| LegalTrademarks |
|
| OriginalFilename |
GPMLogin.exe
|
| ProductName |
GPMLogin
|
| ProductVersion (#2) |
3.0.6.0
|
| Assembly Version |
3.0.6.0
|
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .1i4 has a size of 0!
a2f71029346400b2d22815ffd043f2356950c39d92ae492cbee2aa8c2c1dd27d