igucc.exe

First submission 2023-09-11 16:51:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type:	application/x-dosexec
File size:	593.44 KB (607684 bytes)
Compile time:	2021-07-25 00:19:26
MD5:	35951704bf97c135fec65cca9bc2e1c1
SHA1:	f5232f30da3a3c5df4a6d15aea178059fb14cd89
SHA256:	932a29dcd8b778f2e7c509b3ef9d732632edc266596bea3ed351803dc08cd5af
Import Hash :	c05041e01f84e1ccca9c4451f3b6a383
Sections 5	.text .rdata .data .ndata .rsrc
Directories 2	import resource
Virus Total:	21/71 VT report date: 2023-09-11 14:44:30

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://192.3.172.208/250/igucc.exe	192.3.172.208	2023-09-11 16:51:04

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x6572	26112	3442c1bb49ba3c7bfc46618255cc471a7e3e3bb7	869e1d11bbf88d92521c022fa6f3d4f0
.rdata	0x8000	0x1398	5120	fe2bedee8c2ca0b3a39a9a62d201d08eee8b3f17	79e286249499b713a2ddbee33baa50da
.data	0xa000	0x20378	1536	ac77cc46ab8d1809c15541e5c084c069a6bf8107	b6d02c867f7bfbcf68de2cfeea94fd73
.ndata	0x2b000	0x29000	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x54000	0x42ae0	273408	1989ef69e9286d9313934e6f3ce770da782ffa62	4552585fa16081711de84c7a39360cc7

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x54208	270376	PE Resource: RT_ICON - Data ( (.224444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444422.(xxxT~~~jvvvrrrrtpppxoooxoooxoooxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxpppxqqqxqqqxqqqxqqqxqqqxqqqxqqqxqqqxqqqxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxrrrxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxsssxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxtttxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxuuuxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxvvvxwwwxwwwxwwwxwwwxwwwxwwwxxxxxzzzt~~~rj===: (j( .~~~r.2zzzt22xxxx24xxxx44xxxx44xxxx44xxxx44xxxx44xxxx44xxxx44yyyx44yyyx44yyyx44yyyx44]]]}}}........................yyyx44///[[[ZZZZZZZZZZZZ......ooo......yyyx44[[[///PPPqqq///[[[nnnDDD......NNNxxxcccYYYYYYddd..................ooo...YYY......yyyx44FFF//////////////////ZZZ/////////ppp///..................888CCC.........OOO...{{{OOO...{{{...............nnn......yyyx44000/////////////////////999/////////ddd///.........MMMWWWMMM...............{{{...DDD{{{...DDD...............ccc......zzzx44NNNdIIIfFFFfff999//////eee999//////yyy.........kkk.........CCC..................CCC...888......zzzx44SSS\WWWVSSSZKKKdyyy/////////XXX......MMM...............xxx888...888...............zzzx44OOO`YYYT___PZZZRNNN^OOO/////////nnn......WWW.........WWW.........ooo...dddooo...ddd............{{{x44NNN`XXXT^^^PYYYTNNN`999/////////ddd..................LLLWWW......xxx..................XXX............{{{x44HHHhPPP^TTTXQQQ\HHHhZZZ///////////////999bbb......888888......BBB......CCCzzzYYY..................XXX............{{{x44\\\rHHHhGGGj999///////////////DDDwww...........................888...888NNN...oooNNN...ooo......NNN......//////{{{x44DDD////////////ooo888...............vvv...ddd888...CCC...CCC...............//////{{{x44/////////OOOmmm.........vvv888......NNN.........888YYYYYYYYYnnnNNN...............YYYnnn.........////////////{{{x44/////////888...............nnn...ddd...CCC......ooo...YYYYYY......NNN...888CCC......CCC...CCC...............///////////////{{{x44::://////OOO{{{ZZZ.........XXX......888...yyy...888...nnn......dddYYYooo...888zzzYYYppp...OOOppp...NNNYYY...CCC......///////////////{{{x44////////////////////////NNN......888......888...yyy...ddd............YYY888oooCCCYYY................../////////////////////\|\|\|x44EEE///////////////:::.........YYYCCC......YYYooo...ddd888CCC......NNN......NNN...{{{...ppp...............///eee//////ppp///////////////\|\|\|x44//////888............NNNNNN.........888......CCCzzz......{{{DDDDDD...ZZZfff...fffeee...fff//////////////////////////////////////////\|\|\|x44//////eee{{{pppfff\|\|\|x44\|\|\|x44\|\|\|x44}}}x44}}}x44}}}x44}}}x44}}}x44}}}x44}}}x44}}}x44~~~x44~~~x44~~~x44~~~x44~~~x44~~~x44x44x44x44x44x44x44x44x44zzzyyyxxxx44\|\|\|x44uuux44yyyx44yyyx44yyywwwx44yyyrrrx44wmjQQQ;;;$$$$$$$$$CCC\|\|\|qqq~~~x44whbq]UY;0[3$b0^"k%y)e$ X%7)$iiirrrsssx44uf`nZR720$$$C{+{+{+{+{+{+{+\|-. \'\|4u0;$MMMsssx44}}}\|\|\|{{{{{{{{{dddjUMc;]5$g+a%v+}-}-v+ w, ~. ~. ~. ~. ~. ~. ~/R'5;>"~6}5>#444yyyooox44ooo~{g^qXM^6$A-$000001 1 1 1 1 ]& 2222222z1! z:E%I,=99 cccpppx44ssssssZZZ>>>Q2$a4e)l+2233\|0 u/ 3 4 4 4 4 4 4f355555555= &&&%%%K%H&O.S6D$=n7IIIyyyx44kkkqgbuaW^@0a9$j8I! # 6 6 6 6 6 6 6 7J"R%77777777x38888888i.&&&,,,+++) =Q.Y7]?KAD+?73{{{vvvx44ppp{{{[[[PPP///)))R0l1{6<<<<<<0t5=======t5==>>>>>>P)P????????$000666555v@"D[7b@fIQ1D!($""""""""""($"~B"]=,gggx44vvvwwwqqqgYQiVKhG3jD-o:q7<&@CCCCCCC[0L+DDDDDDDD6#r:EEEEEEE?0"FFFFFFFFV0:::AAAaK?QL"d@kIoRV7f<%%%%%%%%%%&&&U7&H&G%uf^x44zzzppppppB+M!KIIIIIIBo;JJJJJJJG% %!HJJKKKKKi:R2KLLLLL L L =+ yA L M!M!M!M!M!M!G!($!!!!!!!CCCOLJgHY2S)mHtRx[[=J5(((((((((((((~H)J)I(vh_x44vtM4\|d\|dddohdddddddddd)%"O(W+V)P#P"P"P"P#\|E#############@.#Q#Q#Q#Q#Q#Q$Q$Q$P5$$$$$$$$$$$$$uC$R$R$R$R$R$R$R%O%,'%%%%%%%%%%,(%O%R%R%R%R%S&S&S&vE&&&&&&&&&&&&&R7&S&S&S&T'T'T'T'T'D2''''''''''LLLdRqQ`9Z/uQ}[e]B,,,,,,,,,,,,M9-N-N-~K,viax44nX,hhh{hhhhiiiiiiiiic@)_2b6`4XW(W(W(W(7.((((((((((0+(R)X)X)X)X)X)X)X)L)))))))))))))F5)XXYYYYYYV<***+++++++++sH+Y+Y+Y+Y+Y+Y+Z+W+3.,,,,,,,,,,3/,W,Z,Z,Z,Z,Z,Z,Z-\|L-------------h\Tz[yZhAa5}YdmoWG000000000000wL0Q-P.\|M.uibx44r^5lllrommmmmmmmmmwqm_0h<k@i>_1].].].iF..../////////iF/^/^/^/^/^/^/^/^/>50000000000000Y0_0_0_0_0_1_1_1S1111111111111M=1`1`1`1`1`1`1`1`1cF1111222222222yO2`2`2`2`2`2`2a2^2A83333333333333v\dbnGh;amv\RK222222222K<3R3S,S,yN1ujcx44ue;pqqqqqqqqqqqqqqqf7qEtJrGg8d4d4^4444444444444B:4d4d4d4d4d4d4e5e5nM5555555555555nM5e5e5e5e5e5e5e6e6K?6666666666666`6f6f6f6f6f7f7f7Z7777777777777SC7g8g8g8g8g8g8g8g8jM8888888888888jM8dkjuNnAivPPP666666666mM6U6W,W,xO2tjcx44yjCttttttttttttttttm=zO}S\|Qn>j:k:VF:::::::::::::_:k:k;k;k;k;k;k;e;B>;;;;;;;;;;IA;l<l<l<l<l<l<l<l<tT<<<<<<<<<<<<<tT<l<l<l<l=l=l=m=m=RF=============d=m=m=m=m=m>m>n>e>>>>>>>>>>>>>EA>k>ksr\|UuHq~SSS999999J@9~V9X5Z/Z/\|Q1skdx44\|pIyyyyyyyyyyy~{yyytDX]ZuEq@a@@@@@@@@@@@@@jR@q@q@q@qAqAqAqAqA\MAAAAAAAAAAAAAeArArArArArArBrBlBIEBBBBBBBBBBPHBpBsBsCsCsCsCsCsC^CCCCCCCCCCCCCz[CsDsDsDsDsDsDtDtD_PDDDDDDDDDDDDDeDtDrzy[{NyVVV;;;<<<cM<\|X<\1\0\0S0slex44tO\|\|\|\|}}}}}}}}}}}}zJaec{KsELHEEEEEEEEEELIEsFwFwFwFwFwFwFwFgFFFFFFFFFFGGGiVGwGwGwGxGxGxGxGxGiVGGGGGGGGGGGGGlGxGxHxHxHxHyHyHrHOKHHHHHHHHHHVNHuHyHyIyIyIyIyIyIdIIIIIIIIIIIIIdUIzJzJxaSYYY???FB?zY?[9^2^2^2U/slfx44xUQjnkR{aKKKKKKKKKKLLLgL}L}L}L}L}L}L}LzLZRLLLLLLLLLLSOLzM~M~M~M~M~M~M~MoMMMMMMMMMMNNNo]N~N~N~N~N~NNNNo]NNNNNNNNNNNNNpNNOOOOOO\|OUROOOOOOOOOOOOOyOOP~gY[[[AAAcQA~\?`5a4a4a4V0yndx44qZWrvt~XQQQQQQQQQQQQl]QQQQQQRRRjRRRRRRRRRRRRRmRRRRRRRRR`YSSSSSSSSSSYVS}SSSSSSSTxTLLLDDDDDDDDDjVD\|HTTTTTTTucUUUUUUUUUUUUUmUUUUm_]]]GED{[@b7c6c6c6c6zR1dddx44hc_^z~\|pg_WWWWWWWWWWWWWWWWWWWXXXXXXXXXXXXXXkaXXXXXXXXXqXXXXYYYYYYYYYtYYP{Dr8l/f'^W !T\\\\d%g)p5g=JJJVVVZZZ[[[ga[[[[[seaaajR=e8f8f8f8f8f8\F3fffx44ddddeee\\\\\\\\\q\\\\\]]]]wi]]]]]]]]]]]]]]]]]]]]^^^^^^^^^^^UUU_PCl-c!]]]^^^a;a<^^^^^^^^,"###///mAS```xwpjtqnd9g9g9g:g:g:g:?94^^^x44hhhjkkkbbbbbbnhbbbbbbbbbbbbbcccccccccxccccccccc\|ocZZZBBB&&&N```````W5'aaaaabbbd>I1bbh$t7Nooorj<j<j<j<j<j<}\<666XXXx44lllpqqqhhhhhhhhhhhhhhhokhiiiiiiiiioliiiiiiiiikJ,,,Z9bccccccc?,QccccccdZ% [ddddesul>l>l>l>l>l>\M>777YYYx44ooovvvvmmmxmmmmmmmmmnnnnnnnnnnnnnnnnnnncCc##`eeeeeeexIS7efffffffA/K4wR-}X3mU?{hVqh_sssm?n?n?n@n@h@@@@999ZZZx44sss\|\|\|\|xusssssssssssssssssssttttttttWy6ff]<yJgggggghc% %!chh^UU~X3~X3s[DXXXbbb{{{}xr\|bHlAoAoAoXABBB;;;YYYx44xwuxxxxxxxxxxyyyyyyyyyyyyyygCp&hhhUB/iiiiiiii_>333333NIDr_tojkhet^GnDOIDDDD<<<ZZZx44x~~~~~~~~~~~~~~~~~~~~~kFr'jjjjjk9+SXS"Z3Z3vcPub\|wrc`^EEEEEE===ZZZx44zvvv\\\BBB6,"lmmmm^YZ(mQ3999PPPddduuuuuuTTT???[[[x44\|{mRaP>*(((ZH3}]9~kWydXXX^^^x44vtWt~\|\|\|d~Ul9nI\3z]>}jVwhjjjnnnx44wuZaaaaawapppaaaMMMiiimmmx44wphiiimmmx44{{{zzzyyysssrrrpppUUUSSSx44qqqpppooommmlllkkkiiiNNNSSSx44pppooonnnmmmkkkjjjiiiOOOSSSx44ooonnnmmmlllkkkiiihhhOOOSSSx44nnnmmmlllkkkjjjiiigggOOOSSSx44mmmmmmkkkjjjiiihhhgggPPPSSSx44mmmkkkjjjiiihhhgggfffPPPSSSx44lllkkkjjjhhhgggfffeeeQQQTTTx44kkkjjjiiihhhgggfffeeeQQQTTTx44jjjiiihhhgggfffeeedddUUUUUUx44jjjhhhggggggfffeeedddWWWPPPx44~~~iiihhhgggfffeeedddcccWWWPPPx44AAAbDDD^AAAb}}}{{{hhhgggffffffeeedddcccXXXQQQx44AAAbIIIVNNNRJJJVBBB`xxxhhhgggfffeeedddccccccXXXRRRx44DDD^NNNRTTTLOOOPEEE\uuugggfffeeeeeedddcccbbbYYYSSSx44AAAbJJJVOOOPLLLTDDD^ttthhhfffeeeddddddcccbbbYYYTTTx44UUUtBBB`EEE\DDD^>>>fzzzvvviiigggeeedddccccccbbbZZZUUUx44<<<j~~~ooohhheeedddcccbbbbbb[[[VVVx44wwwkkkeeedddcccbbbaaa[[[WWWx44ooofffdddcccbbbaaa\\\YYYx44rrrhhhdddbbbbbbaaa]]]ZZZx44qqqgggdddbbbbbbaaa^^^ZZZx44\|\|\|llleeecccbbbbbbaaa___[[[x44mmmdddcccbbbbbbaaa```\\\x44\|\|\|cccbbbbbbaaa```^^^x44~~~~~~\|\|\|}}}}}}\|\|\|wwwnnnbbb{{{uuubbbaaaaaa___x44\|\|\|www\|{{wvu~}ooorrrqqqmmmfff\\\ZZZVVV~~~fffaaa```ooox44{{{gffIGGiiiiiidddZZZWWWUUURRRUUUaaafffx44ecdcccbbbYYYVVVSSSQQQNNNLLLZZZxxxx44\|\|\|dbcPPP;;;LLLTTTRRROOOMMMJJJHHHEEEhhhqqqx44{zz[ZZ555///333FFFNNNKKKIIIKKKTTTdddx44EEECCCKKKQQQPPP\\\ffffffmmmtttx44ussmkkqoodbb`^^\|{\|x44ljkywy~}rppXVWx44c`a}^\]mmmx44hfh\ZZighlllnnnmmmlllx44YVWeeex44jhix44kijx44lijx44ljkx44nklx44qopx44ursx44xuvx44{yyx44~\|\|x44~x44x44x44x44x44x44x44x44x44x44x44x44x64z6 4~~~z6"4\|\|\|\|8"4zzz\|:$ 4hhh~<&4aaa~<&4aaa>(4bbb@4bbb@4ccc@4jjj>( 4EEEf:& 4L6$4F2 4###^>4H4$4OOOl>,4???X4$ 4;;;^HHHL4NNNnCCCRRRRD" 4\|{zooo===ZLLLH___<4zzz888^FFFNXXX>nnn4 4~~xww333f@@@TPPPDddd8yyy04~xww}\|\|///l:::ZHHHJZZZ<ttt2* 4+++p666`CCCPUUUBiii4,&4)))t222d>>>RMMMFbbb8xxx0$4&&&z...h:::VHHHH[[[:ppp2,&"4###\|,,,j777ZEEELWWW>jjj4~~~,("4"""*n444^BBBNSSS@eee6zzz.($ 4 (((r222`???PPPPBbbb8vvv0$ 4&&&t000b===RMMMD```:uuu0$ 4%%%v///d;;;TLLLD^^^:rrr2$"4%%%v---f;;;VJJJFZZZ<ppp2,&"4$$$v...d;;;TIIIFZZZ<mmm2,&"4%%%t...d999TJJJFZZZ<mmm2,&"4%%%r...b:::TJJJF]]]<mmm2,&"4%%%r///`;;;RJJJF[[[<rrr2,&"4&&&p000`;;;RJJJF]]]:rrr2,&"4'''p111`===PKKKD]]]:rrr2,&"4'''n111^>>>PLLLD]]]:rrr2&"4[[[ ~(((n222\???NMMMD___:rrr2&"4VVVtAAAbCCC^AAAbVVVt[[[!!!~)))l333\AAANPPPBbbb8uuu0$"4AAAbIIIVMMMRIIIVAAAbHHH!!!\|)))j444ZBBBLQQQBccc8vvv0$"4CCC^MMMRRRRNMMMRCCC^333"""\|+++j666ZCCCJTTT@ddd6www0($ 4AAAbIIIVMMMRIIIVAAAb333"""\|,,,h777XEEEJUUU>ggg4{{{.($ 4AAAbCCC^AAAbVVVt333"""z,,,h777XFFFHVVV>hhh4~~~,($ 4(((r`N)))>4442CCCTTT"lll4lXD4& 4lXD4& 4lXD4& 4lXD4& 4lXD4& 4jVD4& 4888jVD4& 4QQQhVD4( 4RRRhVD4( 4dTD4( 4dTD6( 4`RB4( 4\N@4( 4XL>2( 2TF:0&2bbbxNB6,$.*\F<2" (LLLfH>4,$ KKKhNF<4,& (.22444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444668:<>@BB@<82$ ""$&(,,,*&" ??????????
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x96518	96
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x96578	20
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x96590	528
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x967a0	830	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.07</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>

Meta infos 6

LegalCopyright:	saamaskinen
FileVersion:	3.0.0.0
FileDescription:	shadow unvaporous
Translation:	0x0409 0x04b0
ProductName:	armekorpss victual
ProductVersion:	3.0.0.0

Anti debug functions 2

FindWindowExW
GetLastError

Strings analysis - File found

Library
%s%s.dll
ADVAPI32.dll
SHELL32.dll
USER32.dll
ole32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

GDI32.dll 8 SHELL32.dll 6 KERNEL32.dll 65 ADVAPI32.dll 13 ole32.dll 5 USER32.dll 64 COMCTL32.dll 4

Function	Address	Souspicious	Anti Debug
SetBkMode	0x40804c
SetBkColor	0x408050
GetDeviceCaps	0x408054
CreateFontIndirectW	0x408058
CreateBrushIndirect	0x40805c
DeleteObject	0x408060
SetTextColor	0x408064
SelectObject	0x408068

Function	Address	Souspicious	Anti Debug
SHGetSpecialFolderLocation	0x408178
SHFileOperationW	0x40817c
SHBrowseForFolderW	0x408180
SHGetPathFromIDListW	0x408184
ShellExecuteExW	0x408188
SHGetFileInfoW	0x40818c

Function	Address	Souspicious	Anti Debug
GetExitCodeProcess	0x408070
WaitForSingleObject	0x408074
GetModuleHandleA	0x408078
GetProcAddress	0x40807c
GetSystemDirectoryW	0x408080
lstrcatW	0x408084
Sleep	0x408088
lstrcpyA	0x40808c
WriteFile	0x408090
GetTempFileNameW	0x408094
lstrcmpiA	0x408098
RemoveDirectoryW	0x40809c
CreateProcessW	0x4080a0
CreateDirectoryW	0x4080a4
GetLastError	0x4080a8
CreateThread	0x4080ac
GlobalLock	0x4080b0
GlobalUnlock	0x4080b4
GetDiskFreeSpaceW	0x4080b8
WideCharToMultiByte	0x4080bc
lstrcpynW	0x4080c0
lstrlenW	0x4080c4
SetErrorMode	0x4080c8
GetVersion	0x4080cc
GetCommandLineW	0x4080d0
GetTempPathW	0x4080d4
GetWindowsDirectoryW	0x4080d8
SetEnvironmentVariableW	0x4080dc
ExitProcess	0x4080e0
CopyFileW	0x4080e4
GetCurrentProcess	0x4080e8
GetModuleFileNameW	0x4080ec
GetFileSize	0x4080f0
CreateFileW	0x4080f4
GetTickCount	0x4080f8
MulDiv	0x4080fc
SetFileAttributesW	0x408100
GetFileAttributesW	0x408104
SetCurrentDirectoryW	0x408108
MoveFileW	0x40810c
GetFullPathNameW	0x408110
GetShortPathNameW	0x408114
SearchPathW	0x408118
CompareFileTime	0x40811c
SetFileTime	0x408120
CloseHandle	0x408124
lstrcmpiW	0x408128
lstrcmpW	0x40812c
ExpandEnvironmentStringsW	0x408130
GlobalFree	0x408134
GlobalAlloc	0x408138
GetModuleHandleW	0x40813c
LoadLibraryExW	0x408140
MoveFileExW	0x408144
FreeLibrary	0x408148
WritePrivateProfileStringW	0x40814c
GetPrivateProfileStringW	0x408150
lstrlenA	0x408154
MultiByteToWideChar	0x408158
ReadFile	0x40815c
SetFilePointer	0x408160
FindClose	0x408164
FindNextFileW	0x408168
FindFirstFileW	0x40816c
DeleteFileW	0x408170

Function	Address	Souspicious	Anti Debug
RegCreateKeyExW	0x408000
RegEnumKeyW	0x408004
RegQueryValueExW	0x408008
RegSetValueExW	0x40800c
RegCloseKey	0x408010
RegDeleteValueW	0x408014
RegDeleteKeyW	0x408018
AdjustTokenPrivileges	0x40801c
LookupPrivilegeValueW	0x408020
OpenProcessToken	0x408024
SetFileSecurityW	0x408028
RegOpenKeyExW	0x40802c
RegEnumValueW	0x408030

Function	Address	Souspicious	Anti Debug
OleInitialize	0x408298
OleUninitialize	0x40829c
CoCreateInstance	0x4082a0
IIDFromString	0x4082a4
CoTaskMemFree	0x4082a8

Function	Address	Souspicious	Anti Debug
GetClientRect	0x408194
EndPaint	0x408198
DrawTextW	0x40819c
IsWindowEnabled	0x4081a0
DispatchMessageW	0x4081a4
wsprintfA	0x4081a8
CharNextA	0x4081ac
CharPrevW	0x4081b0
MessageBoxIndirectW	0x4081b4
GetDlgItemTextW	0x4081b8
SetDlgItemTextW	0x4081bc
GetSystemMetrics	0x4081c0
FillRect	0x4081c4
AppendMenuW	0x4081c8
TrackPopupMenu	0x4081cc
OpenClipboard	0x4081d0
SetClipboardData	0x4081d4
CloseClipboard	0x4081d8
IsWindowVisible	0x4081dc
CallWindowProcW	0x4081e0
GetMessagePos	0x4081e4
CheckDlgButton	0x4081e8
LoadCursorW	0x4081ec
SetCursor	0x4081f0
GetWindowLongW	0x4081f4
GetSysColor	0x4081f8
SetWindowPos	0x4081fc
PeekMessageW	0x408200
SetClassLongW	0x408204
GetSystemMenu	0x408208
EnableMenuItem	0x40820c
GetWindowRect	0x408210
ScreenToClient	0x408214
EndDialog	0x408218
RegisterClassW	0x40821c
SystemParametersInfoW	0x408220
CreateWindowExW	0x408224
GetClassInfoW	0x408228
DialogBoxParamW	0x40822c
CharNextW	0x408230
ExitWindowsEx	0x408234
DestroyWindow	0x408238
CreateDialogParamW	0x40823c
SetTimer	0x408240
SetWindowTextW	0x408244
PostQuitMessage	0x408248
SetForegroundWindow	0x40824c
ShowWindow	0x408250
wsprintfW	0x408254
SendMessageTimeoutW	0x408258
FindWindowExW	0x40825c
IsWindow	0x408260
GetDlgItem	0x408264
SetWindowLongW	0x408268
LoadImageW	0x40826c
GetDC	0x408270
ReleaseDC	0x408274
EnableWindow	0x408278
InvalidateRect	0x40827c
SendMessageW	0x408280
DefWindowProcW	0x408284
BeginPaint	0x408288
EmptyClipboard	0x40828c
CreatePopupMenu	0x408290

Function	Address	Souspicious	Anti Debug
None	0x408038
ImageList_Create	0x40803c
ImageList_Destroy	0x408040
ImageList_AddMasked	0x408044

Name	Latest seen	MD5
igucc.exe	2023-09-11 11:12:04	633674661a6ccfe8a4507da0611a5496

igucc.exe

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 5

Meta infos 6

Anti debug functions 2

Strings analysis - File found

Strings analysis - Possible URLs found 1

Import functions

Related files by ImpHash 1 c05041e01f84e1ccca9c4451f3b6a383