ChatGPT[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ChatGPT.exe
Size

10.1MB
MD5

9bb8852e106d39575c7998af4bb3f186
SHA1

c7fd28a77c6a8c233d5317c3a2bacd022c0529bf
SHA256

471b3b4bd2c8739330d9a6405bf0289d5dc4a98d5b13b3cd40c667e43bd341e1
SHA512

a48e7bfe08755841b930b13d83487898b508bc2504113aacddd70df03ea2f14a7b73b1c654226d28557fa96ff374bae8fe510aa36b8fbcae015550955360e231
SSDEEP

98304:o3FTfN973CNkoz4GaeyUVUTYeQcAKjzPHeAZvh:o1j26KtZSlnvh

Score

1^/10

Malware Config

Signatures

Files

ChatGPT.exe
.exe windows x64

bcb3745853d7ec059d6c2bab038a69c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
NtCancelIoFileEx
RtlLookupFunctionEntry
RtlGetNtVersionNumbers
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlCaptureContext

kernel32

CreatePipe
SetThreadStackGuarantee
AddVectoredExceptionHandler
FindClose
CompareStringOrdinal
RemoveDirectoryW
CopyFileExW
GetModuleHandleW
GlobalUnlock
GlobalLock
GetFileInformationByHandle
GlobalAlloc
TryAcquireSRWLockExclusive
LoadLibraryW
EnterCriticalSection
GetProcessId
TerminateProcess
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
DeleteCriticalSection
SetEvent
ResetEvent
InitializeSListHead
IsDebuggerPresent
SetHandleInformation
UnhandledExceptionFilter
SetFileCompletionNotificationModes
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
IsProcessorFeaturePresent
RaiseException
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
SetFileInformationByHandle
SetFileAttributesW
SleepConditionVariableSRW
HeapReAlloc
GetProcessHeap
HeapAlloc
CreateIoCompletionPort
GetSystemInfo
TlsSetValue
HeapFree
GetProcAddress
GetModuleHandleA
SwitchToThread
GetLastError
SetEnvironmentVariableW
GetCommandLineW
GetCurrentThreadId
EncodePointer
GetQueuedCompletionStatusEx
Sleep
lstrlenW
TlsAlloc
CloseHandle
TlsGetValue
SetUnhandledExceptionFilter
WakeConditionVariable
ReleaseSRWLockExclusive
LoadLibraryExW
WakeAllConditionVariable
SetFileTime
CreateHardLinkW
AcquireSRWLockExclusive
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
TlsFree
FreeLibrary
PostQueuedCompletionStatus
CreateSymbolicLinkW

user32

RegisterClipboardFormatW
CloseClipboard
RegisterHotKey
CheckMenuItem
SetClipboardData
MonitorFromPoint
IsWindowVisible
SetCursorPos
GetForegroundWindow
EnumDisplayMonitors
CreateMenu
CreatePopupMenu
IsProcessDPIAware
GetDC
ToUnicodeEx
GetWindowLongW
GetMessageA
DispatchMessageA
EmptyClipboard
GetClipboardData
OpenClipboard
TrackPopupMenu
CreateAcceleratorTableW
GetCursorPos
EnumChildWindows
SetMenu
SetWindowDisplayAffinity
GetMenu
AdjustWindowRectEx
DestroyIcon
GetMonitorInfoW
PostQuitMessage
UnregisterHotKey
SetMenuItemInfoW
AppendMenuW
DestroyWindow
SystemParametersInfoA
GetWindowPlacement
RegisterTouchWindow
GetWindowRect
GetSystemMetrics
SetForegroundWindow
GetKeyboardLayout
SendInput
LoadCursorW
DefWindowProcW
SetCursor
GetWindowLongPtrW
SetWindowTextW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ShowCursor
ClipCursor
GetClipCursor
GetActiveWindow
ClientToScreen
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
InvalidateRgn
SetWindowPos
ShowWindow
VkKeyScanW
GetKeyboardState
MapVirtualKeyExW
SetCapture
MonitorFromRect
TrackMouseEvent
FlashWindowEx
GetKeyState
GetAsyncKeyState
RedrawWindow
GetClientRect
PostThreadMessageW
TranslateMessage
RegisterWindowMessageA
MessageBoxW
IsWindow
RegisterClassW
RegisterClassExW
ChangeDisplaySettingsExW
DispatchMessageW
SetWindowPlacement
CreateIcon
PeekMessageW
GetMessageW
MsgWaitForMultipleObjectsEx
PostMessageW
CreateWindowExW
DestroyAcceleratorTable
ReleaseCapture
TranslateAcceleratorW
GetAncestor
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
RegisterRawInputDevices
SetWindowLongPtrW
MonitorFromWindow

secur32

FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
FreeCredentialsHandle
ApplyControlToken
AcquireCredentialsHandleA

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertDuplicateCertificateChain
CertDuplicateStore
CertEnumCertificatesInStore

ws2_32

getsockname
WSASend
bind
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSAIoctl
WSAGetLastError
setsockopt
select
getsockopt
send
recv
getpeername
shutdown
closesocket
ioctlsocket
WSACleanup
WSASocketW

advapi32

RegCloseKey
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
EventRegister
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

shell32

Shell_NotifyIconW
SHCreateItemFromParsingName
ShellExecuteW
DragFinish
DragQueryFileW
SHGetKnownFolderPath
Shell_NotifyIconGetRect

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

ole32

CoTaskMemAlloc
RegisterDragDrop
CoCreateInstance
OleInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
RevokeDragDrop

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

oleaut32

GetErrorInfo
SysFreeString
SetErrorInfo
SysStringLen

api-ms-win-crt-math-l1-1-0

trunc
round
__setusermatherr
floor

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcslen
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_configure_narrow_argv
_crt_atexit
_set_app_type
abort
exit
_seh_filter_exe
terminate
_exit
_register_onexit_function
_initialize_onexit_table
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_set_new_mode
_callnewh

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcb3745853d7ec059d6c2bab038a69c2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

secur32

crypt32

ws2_32

advapi32

shell32

comctl32

ole32

bcrypt

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 293KB - Virtual size: 292KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 293KB - Virtual size: 292KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 35KB - Virtual size: 35KB