Altruistic[.]exe

Resubmissions

02/02/2023, 03:15

230202-drx98agd7y 1

02/02/2023, 03:11

230202-dpmeyagd5x 1

Sharing

Copy URL Twitter E-mail

General

Target

Altruistic.exe
Size

17.5MB
MD5

68460e22cf3ce1be43fe7692729ed6f0
SHA1

c9519450a60c45744574e177219b41b5c9041263
SHA256

1ba6aaf480f092dc756bba8ec5a486a967b7ab89dcb2a3366df0b683b5ff3057
SHA512

0210d86c82e80e9ad6ee57a4c02a4ef07f47994a34f4fe062b10cc903851f084610342330f4d19800807945876ba355f92de4b2fb29a99a2a94baf8e9b387fee
SSDEEP

393216:/mZoFJ3eTGocmQ7Oh+LoJsv6tWKFdu9CgiMcvHCURJA:/FYGhihfG

Score

N/A

Malware Config

Signatures

Files

Altruistic.exe
.exe windows x64

2b4272c45d67b8b6e0fc349b63523b63

Code Sign

41:5d:42:06:0f:7b:47:42:b4:8d:9c:80:17:5a:7d:54
Certificate

Issuer

CN=ALT Dev Group,O=ALT Dev Group,ST=Ontario,C=CA

Not Before

21/06/2022, 21:00

Not After

21/06/2023, 21:00

Subject

CN=ALT Dev Group,O=ALT Dev Group,ST=Ontario,C=CA

a1:62:88:2e:fc:35:23:cf:db:b6:18:94:75:23:61:1d:5d:d6:ff:e8:5d:5a:73:91:12:91:d7:ed:13:4b:be:d9
Signer

Actual PE Digest

a1:62:88:2e:fc:35:23:cf:db:b6:18:94:75:23:61:1d:5d:d6:ff:e8:5d:5a:73:91:12:91:d7:ed:13:4b:be:d9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ALT Dev Group,O=ALT Dev Group,ST=Ontario,C=CA

20/01/2023, 15:43
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemPowerStatus
GetSystemTimes
MultiByteToWideChar
CreateFileA
GetModuleFileNameA
GetSystemInfo
GetPhysicallyInstalledSystemMemory
GetLargePageMinimum
VirtualAlloc
VirtualFree
CreateDirectoryA
DeleteFileW
GetTempPathA
GetCommandLineW
GetModuleHandleA
OpenEventA
LoadLibraryA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
FindFirstVolumeA
GetVolumeInformationW
OpenMutexW
LocalFree
ReleaseMutex
LocalAlloc
WaitForSingleObject
CreateMutexW
FreeLibrary
CreateProcessW
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetProcAddress
LoadLibraryW
GetLastError
Sleep
ProcessIdToSessionId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
CloseHandle
Process32FirstW
K32GetProcessMemoryInfo
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
GetTickCount
GetModuleFileNameW
CreateDirectoryW
WriteConsoleW
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
GetCommandLineA
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
RtlUnwind
RtlUnwindEx
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetCurrentThreadId
GetModuleHandleW
FormatMessageW
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
GlobalSize
GetUserDefaultLangID
CreateFileW
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
WaitForMultipleObjects
GlobalFree
SetHandleInformation
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetStdHandle
GetEnvironmentVariableW
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CompareStringEx
QueryPerformanceFrequency
GetTickCount64
GetLocalTime
DuplicateHandle
SetEvent
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
WaitForSingleObjectEx
GetNativeSystemInfo
OutputDebugStringW
IsProcessorFeaturePresent
ResetEvent
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
GetCurrentDirectoryW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetStartupInfoW
FlushFileBuffers
GetDriveTypeW
SetEndOfFile
SetFilePointerEx
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
UnregisterWaitEx
RegisterWaitForSingleObject
FindFirstFileExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
DebugBreak
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
LCMapStringEx

user32

SendMessageW
PostMessageW
AttachThreadInput
DefWindowProcW
CreateWindowExW
IsChild
DestroyWindow
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
SystemParametersInfoW
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetSysColor
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
RegisterClassW
EnumDisplayDevicesW
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
GetClipboardFormatNameW
GetDesktopWindow
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
GetProcessWindowStation
GetUserObjectInformationW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostThreadMessageW
CharNextExA
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
UnregisterClassW
UpdateLayeredWindowIndirect
GetAncestor
TrackMouseEvent

advapi32

BuildTrusteeWithSidW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
SystemFunction036
AccessCheck
CopySid
DuplicateToken
GetLengthSid
MapGenericMask
GetEffectiveRightsFromAclW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CloseServiceHandle
OpenSCManagerW
BuildExplicitAccessWithNameW
ChangeServiceConfig2W
ConvertStringSidToSidW
SetServiceObjectSecurity
RegSetKeySecurity
RegOpenKeyExW
OpenServiceW
LookupAccountSidW
RegOpenKeyW
QueryServiceObjectSecurity
RegNotifyChangeKeyValue
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeSecurityDescriptor
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

Shell_NotifyIconGetRect
Shell_NotifyIconW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFolderPathA
CommandLineToArgvW
SHBrowseForFolderW

ole32

OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
VariantClear

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmSetWindowAttribute

shlwapi

PathRemoveFileSpecW
PathAppendW
PathAppendA

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

imm32

ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToGuid
ConvertInterfaceIndexToLuid
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToIndex

crypt32

CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore
CertOpenSystemStoreW
CertOpenStore
CertCreateCertificateContext
CertCloseStore
CertEnumCertificatesInStore

ws2_32

WSASetLastError
send
recv
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAHtonl
WSAConnect
WSAStartup
WSAGetLastError
setsockopt
select
listen
htons
getsockname
getpeername
closesocket
bind
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
ntohl
htonl
WSACleanup
WSAAccept
WSAAsyncSelect
gethostname
WSAIoctl

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetShareEnum

winmm

timeKillEvent
timeSetEvent
PlaySoundW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlNtStatusToDosError
NtQuerySystemTime
LdrUnloadDll
LdrLockLoaderLock
RtlImageNtHeader
LdrUnlockLoaderLock
RtlHashUnicodeString
RtlFreeHeap
NtProtectVirtualMemory
NtQueryVirtualMemory
RtlRaiseStatus
RtlCompareMemory

gdi32

SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GdiFlush
CreateDIBSection
GetTextFaceW
GetTextMetricsW
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
SetTextAlign
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
BitBlt
GetObjectW
GetBitmapBits
SwapBuffers
GetPixelFormat
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
CreateBitmap
SelectObject
DeleteDC
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
SelectClipRgn
OffsetRgn
DeleteObject
CreateRectRgn
CombineRgn
SetWorldTransform
ExtTextOutW
GetDIBits
SetGraphicsMode
GetStockObject

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2b4272c45d67b8b6e0fc349b63523b63

Code Sign

41:5d:42:06:0f:7b:47:42:b4:8d:9c:80:17:5a:7d:54Certificate

a1:62:88:2e:fc:35:23:cf:db:b6:18:94:75:23:61:1d:5d:d6:ff:e8:5d:5a:73:91:12:91:d7:ed:13:4b:be:d9Signer

Signature Validations

Verification

20/01/2023, 15:43 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

dwmapi

shlwapi

wtsapi32

imm32

iphlpapi

crypt32

ws2_32

userenv

version

netapi32

winmm

ntdll

gdi32

Sections

.text Size: 8.4MB - Virtual size: 8.4MB

.rdata Size: 6.1MB - Virtual size: 6.1MB

.data Size: 285KB - Virtual size: 378KB

.pdata Size: 397KB - Virtual size: 396KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 2.2MB - Virtual size: 2.2MB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 51KB - Virtual size: 51KB

41:5d:42:06:0f:7b:47:42:b4:8d:9c:80:17:5a:7d:54
Certificate

a1:62:88:2e:fc:35:23:cf:db:b6:18:94:75:23:61:1d:5d:d6:ff:e8:5d:5a:73:91:12:91:d7:ed:13:4b:be:d9
Signer

20/01/2023, 15:43
Valid: false

.text
Size: 8.4MB - Virtual size: 8.4MB

.rdata
Size: 6.1MB - Virtual size: 6.1MB

.data
Size: 285KB - Virtual size: 378KB

.pdata
Size: 397KB - Virtual size: 396KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 51KB - Virtual size: 51KB