GettingOverIt[.]exe

Resubmissions

13/04/2023, 16:17

230413-trwpdsdh5s 6

13/04/2023, 15:58

230413-teng9adg61 6

Sharing

Copy URL Twitter E-mail

General

Target

GettingOverIt.exe
Size

17.8MB
MD5

a213a93e9c5832b57a816b034e16d4d9
SHA1

2135e0eec2092c259b861ef2c7a476d361881a16
SHA256

68ad62bc3211486499ef91c5cc9b92a6506e0725ccbbe4313aba77ae20c89957
SHA512

eec5a2cf56013230c46d30c2975c587b09d131ca3b43f73c8a3b9ac4b97dc414d68eeb48e2989304e152208306de0d470ab291eb630d9dbbde7efa4b2e7435f9
SSDEEP

393216:1zgxHkqlYwiW+pKZ3h1T1gf/j3+bMA81XGswgy12WWVeGXF0IL2D/XkGK94m2w:dZiALqK9n2

Score

1^/10

Malware Config

Signatures

Files

GettingOverIt.exe
.exe windows x86

a45f5125a6622b41299b81739d1805ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetValueCaps
HidP_GetCaps
HidP_MaxDataListLength
HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetData

kernel32

SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
GetVersionExW
GetSystemPowerStatus
GetSystemInfo
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetModuleHandleA
GetTickCount
LoadLibraryW
LocalAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
InterlockedDecrement
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetTempPathW
CreateSemaphoreA
ResetEvent
GetOverlappedResult
SetEvent
CreateEventA
CreateEventW
CancelIo
WaitForMultipleObjects
GetStartupInfoA
IsDebuggerPresent
InterlockedCompareExchange
SetDllDirectoryW
GetFullPathNameW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
SleepEx
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
InterlockedIncrement
SetHandleInformation
GetLocalTime
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryExW
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
lstrcpynW
GlobalMemoryStatus
SetErrorMode
GetProcessAffinityMask
InterlockedExchangeAdd
InterlockedExchange
VirtualProtect
GetFileAttributesExW
RemoveDirectoryW
FlushConsoleInputBuffer
GetStdHandle
SwitchToThread
SetThreadAffinityMask
ExitThread
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
CreateFileA
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetProcessHeap
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
GetConsoleCP
SetHandleCount
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
CompareStringW
GetCPInfo
LCMapStringW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetFullPathNameA
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetConsoleCtrlHandler
DuplicateHandle
HeapSize
HeapQueryInformation
ExitProcess
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetStringTypeW
GetLocaleInfoW
DecodePointer
EncodePointer
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
GetModuleFileNameA
MoveFileExW
VirtualAlloc
DeleteFileW
GetFileAttributesA
GetEnvironmentVariableA
LoadLibraryA
CreateDirectoryW
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
ExpandEnvironmentStringsW
GetDiskFreeSpaceExA
FormatMessageW
VirtualFree
GetCurrentDirectoryA
GetProcAddress
SetEndOfFile
WriteFile
CloseHandle
SetFilePointerEx
SetEnvironmentVariableA
ReadFile
OutputDebugStringA
GetCurrentThread
SuspendThread
GetThreadContext
ResumeThread
SetLastError
FreeLibrary
lstrcpyA
lstrcpynA
GetFileAttributesW
SetFileAttributesW
LocalFree
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
Sleep
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery

user32

UpdateWindow
LoadImageW
DialogBoxParamA
CheckDlgButton
WindowFromPoint
PeekMessageW
GetCaretBlinkTime
DispatchMessageW
MsgWaitForMultipleObjects
ValidateRect
SetTimer
EnableWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
CreateWindowExW
RegisterClassW
GetMessageA
KillTimer
MonitorFromPoint
ClipCursor
SetCursorPos
wvsprintfA
MessageBoxW
CopyImage
IsDlgButtonChecked
SetWindowTextW
ShowCursor
SetFocus
IsDialogMessageW
EmptyClipboard
CloseClipboard
CreateDialogParamW
SetClipboardData
OpenClipboard
GetSystemMetrics
GetClipboardData
IsClipboardFormatAvailable
SendMessageA
EnumWindows
GetUserObjectInformationA
GetThreadDesktop
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
ScreenToClient
GetParent
GetWindowRect
GetWindowLongA
SetWindowPos
GetClientRect
DefWindowProcW
DestroyWindow
CreateDialogParamA
SetWindowLongA
GetDlgItem
ChangeDisplaySettingsW
MonitorFromWindow
EnumDisplaySettingsW
GetMonitorInfoW
UnregisterClassW
GetAncestor
OffsetRect
CopyRect
GetDesktopWindow
MessageBoxA
GetWindowPlacement
AdjustWindowRectEx
SetDlgItemTextW
SetDlgItemTextA
SendDlgItemMessageW
LoadIconA
EndDialog
DialogBoxParamW
RegisterClassExW
EnumDisplayMonitors
SetCapture
ReleaseCapture
UnregisterDeviceNotification
DispatchMessageA
TranslateMessage
PtInRect
GetMessageExtraInfo
MonitorFromRect
GetAsyncKeyState
GetKeyState
RegisterRawInputDevices
GetMessageTime
GetMessagePos
RegisterDeviceNotificationW
SystemParametersInfoW
GetRawInputData
GetFocus
IsWindowVisible
GetProcessWindowStation
GetUserObjectInformationW
GetCursorPos
ClientToScreen
GetKeyNameTextW
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetWindowLongW
SetWindowLongW
PostQuitMessage
SendMessageTimeoutA
IsIconic
ShowWindow
SetForegroundWindow
wsprintfA
GetDC
ReleaseDC
CreateIconIndirect
RegisterWindowMessageA
PeekMessageA
GetMonitorInfoA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

shlwapi

SHDeleteKeyW
PathCanonicalizeW
PathFileExistsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

advapi32

CryptReleaseContext
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

GetDeviceCaps
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetObjectA
DeleteObject
CreateBitmap
CreateDIBSection

shell32

ShellExecuteW
ShellExecuteExA
CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW

opengl32

wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress
wglGetCurrentDC

winmm

waveOutGetNumDevs
timeBeginPeriod
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutGetDevCapsA
waveInGetNumDevs
timeGetTime
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeEndPeriod

ws2_32

getpeername
WSAStartup
WSAGetLastError
accept
getprotobyname
setsockopt
listen
connect
closesocket
socket
recvfrom
inet_addr
__WSAFDIsSet
recv
send
select
getsockname
gethostname
gethostbyname
ntohl
htonl
ntohs
htons
WSACleanup
shutdown
inet_ntoa
WSARecvFrom
ioctlsocket
WSASetLastError
WSASocketA
freeaddrinfo
sendto
getaddrinfo
getnameinfo
WSASetEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
WSACreateEvent
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
bind
WSAIoctl

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a45f5125a6622b41299b81739d1805ee

Headers

DLL Characteristics

File Characteristics

Imports

hid

kernel32

user32

version

ole32

shlwapi

setupapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 14.5MB - Virtual size: 14.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 319KB - Virtual size: 877KB

.rodata Size: 3KB - Virtual size: 2KB

.trace Size: 27KB - Virtual size: 26KB

_RDATA Size: 1KB - Virtual size: 1KB

.data1 Size: 512B - Virtual size: 64B

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 601KB - Virtual size: 600KB

.text
Size: 14.5MB - Virtual size: 14.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 319KB - Virtual size: 877KB

.rodata
Size: 3KB - Virtual size: 2KB

.trace
Size: 27KB - Virtual size: 26KB

_RDATA
Size: 1KB - Virtual size: 1KB

.data1
Size: 512B - Virtual size: 64B

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 601KB - Virtual size: 600KB