Static task
static1
Behavioral task
behavioral1
Sample
octo-Copy.exe
Resource
win7-20220812-en
General
-
Target
octo-Copy.exe
-
Size
280KB
-
MD5
51a4b9154b05dde9c7e14831fc54c6b3
-
SHA1
8db134b83a65293dd675c52de2996e1c618b07ef
-
SHA256
55d86d705daefee9c692cd742d83ec670b976261d0c2e28ccb4933d4f6483182
-
SHA512
c1571d26e26ddbbcf0887832b1b9c6cac597add790ec9ae95720d70cbcb05ec39e0be57e7998720de8c9c088aef6e3999cfd2ec6a2fd3148b0570db25bfbe917
-
SSDEEP
6144:FPU0xXpACaQ0r69v5Pe3dknuMohLLP7rZz7:60x8QnhPboJvZ
Malware Config
Signatures
Files
-
octo-Copy.exe.exe windows x64
e2ab8de4ec97d78b733ff990339c7b8c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
DeleteFileA
CloseHandle
GetProcAddress
RemoveDirectoryA
CreateDirectoryA
DeleteFileW
LoadLibraryA
SetEndOfFile
WriteConsoleW
CreateFileW
HeapSize
FindClose
HeapReAlloc
CreateFileA
lstrcmpA
GetFileAttributesA
CopyFileA
GetTempPathA
GlobalMemoryStatus
lstrlenA
FindNextFileA
FindFirstFileA
GetFileSizeEx
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
ReadFile
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
RtlUnwind
user32
EnumDisplayDevicesA
GetDC
ReleaseDC
GetSystemMetrics
gdi32
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateCompatibleDC
advapi32
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
shell32
SHGetKnownFolderPath
ole32
CreateStreamOnHGlobal
CoTaskMemFree
bcrypt
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
crypt32
CryptUnprotectData
wininet
InternetQueryOptionA
HttpOpenRequestA
InternetCrackUrlA
InternetSetOptionA
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetReadFile
gdiplus
GdipGetImageEncodersSize
GdiplusStartup
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipFree
ws2_32
closesocket
WSACleanup
WSAStartup
getaddrinfo
recv
send
socket
connect
Sections
.text Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ