This section lists file attributes found within family samples. These attributes are extracted
from the files’ Windows PE (Portable Executable) specification and various system flags. Portable
Executable Attributes give malware researchers insight into a file’s functionality, executable details,
platform and runtime environment.
File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
Show More
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates
icons commonly associated with legitimate software to mislead users into believing the malware is
safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version
information data structure for samples within this family. To mislead users, malware actors often add
fake version information mimicking legitimate software.
Name
Value
Comments
This installation was built with Inno Setup: http://www.innosetup.com
Company Name
GPass
File Description
GPass Setup
File Version
2.0.20.0
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When
analyzing and verifying digital signatures, it is important to confirm that the signature’s root
authority is a well-known and trustworthy entity and that the status of the signature is good. Malware
is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a
malware author with no verification). Malware may also be signed by legitimate signatures that have an
invalid status, and by signatures from questionable root authorities with fake or misleading “Signer”
names.
Signer
Root
Status
The World Gate, Inc
UTN-USERFirst-Object
Root Not Trusted
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this
family. File system activity can provide valuable insight into how malware functions on the operating
system.
This section lists Windows API calls that are used by the samples in this family. Windows API
usage analysis is a valuable tool that can help identify malicious activity, such as keylogging,
security privilege escalation, data encryption, data exfiltration, interference with antivirus software,
and network request manipulation.
Category
API
Anti Debug
IsDebuggerPresent
User Data Access
GetUserObjectInformation
Process Manipulation Evasion
NtUnmapViewOfSection
Process Shell Execute
CreateProcess
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows
Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security
privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data,
and hide malicious activity.
Please DO NOT use this comment system for support or billing questions.
For SpyHunter technical support requests, please contact our technical support team
directly by opening a customer support ticket
via your SpyHunter. For billing issues, please refer to our "Billing
Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our
"Inquiries and Feedback" page.
Enigmasoftware.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.
