ChatGPT[.]exe | Triage

Resubmissions

15/05/2023, 12:53

230515-p44tbafd78 3

15/05/2023, 12:49

230515-p2q5fafd72 3

Sharing

Copy URL Twitter E-mail

General

Target

ChatGPT.exe
Size

9.1MB
MD5

b7618931340383b66b28ed859c805a43
SHA1

5d9dec5ef5b657ef9880d93829f8ea8959ba4b67
SHA256

f7d8c1d800e64ecdf2a4aba4f9a0ac7782019f63d2b2ee81495bc4869554c2fb
SHA512

53241d24d36453cd86926c6f38fea1e90f620d50f0a51393060af5a93929a4727251fbf7c7af2f1d594732b86073271e211a81ab0fea0a6e0b3ca2e6013751b8
SSDEEP

98304:6+149xicq4RZOUnvVW5RlDYXLgnFzazFU1s3h:GxZBNW5fYcnFzaJ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ChatGPT.exe

Files

ChatGPT.exe
.exe windows x64

df4f15d58be95aaf1666545e973cfc8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
ReleaseSRWLockExclusive
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
lstrlenW
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
Sleep
SetEnvironmentVariableW
GetCommandLineW
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetHandleInformation
RemoveDirectoryW
GetSystemInfo
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetModuleHandleA
EnterCriticalSection
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
SetFileInformationByHandle
SleepConditionVariableSRW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
GetModuleHandleW
AcquireSRWLockExclusive
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
GetFileInformationByHandle
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
HeapReAlloc
LoadLibraryExW
GetProcessHeap
HeapAlloc
TlsSetValue
TlsFree
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
FindClose
FreeLibrary
PostQueuedCompletionStatus
WakeConditionVariable
WakeAllConditionVariable
CloseHandle
SwitchToThread
CreateMutexA
HeapFree
SetFileAttributesW
SetFileTime
LoadLibraryW
CreateHardLinkW
CreateSymbolicLinkW

crypt32

CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertOpenStore
CertGetCertificateChain
CertFreeCertificateContext
CertDuplicateStore
CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertFreeCertificateChain

secur32

AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
DeleteSecurityContext
DecryptMessage
EncryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
QueryContextAttributesW

ws2_32

getsockname
WSASend
bind
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSAIoctl
select
getsockopt
send
WSAGetLastError
setsockopt
recv
getpeername
ioctlsocket
shutdown
WSACleanup
closesocket
WSASocketW

advapi32

RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

user32

CreatePopupMenu
CreateMenu
IsProcessDPIAware
GetDC
TrackPopupMenu
SetWindowDisplayAffinity
GetKeyboardLayout
GetMessageA
DispatchMessageA
ToUnicodeEx
GetCursorPos
GetWindowLongW
RegisterTouchWindow
IsWindow
RegisterClassW
EnumChildWindows
LoadCursorW
SetCursor
DestroyIcon
DestroyAcceleratorTable
CloseTouchInputHandle
ScreenToClient
GetMonitorInfoW
PostQuitMessage
GetTouchInputInfo
SetMenuItemInfoW
AppendMenuW
SetCapture
MonitorFromRect
TrackMouseEvent
GetKeyState
SystemParametersInfoA
GetAsyncKeyState
ClipCursor
CreateAcceleratorTableW
EnumDisplayMonitors
FlashWindowEx
GetClipCursor
GetForegroundWindow
GetActiveWindow
ClientToScreen
SetCursorPos
SetMenu
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
InvalidateRgn
SetWindowPos
ShowWindow
GetWindowRect
IsWindowVisible
SetForegroundWindow
SendInput
DefWindowProcW
MonitorFromWindow
GetWindowLongPtrW
SetWindowTextW
MonitorFromPoint
CheckMenuItem
VkKeyScanW
GetKeyboardState
MapVirtualKeyExW
RegisterHotKey
GetMenu
AdjustWindowRectEx
PostThreadMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageW
MsgWaitForMultipleObjectsEx
PostMessageW
GetWindowPlacement
MessageBoxW
CreateWindowExW
RegisterWindowMessageA
CreateIcon
ReleaseCapture
SetWindowPlacement
SetWindowLongPtrW
RegisterRawInputDevices
RedrawWindow
GetRawInputData
ValidateRect
ChangeDisplaySettingsExW
UnregisterHotKey
GetClientRect
RegisterClassExW
GetSystemMetrics
DestroyWindow
TranslateAcceleratorW
GetAncestor
MapVirtualKeyW
GetUpdateRect
ShowCursor

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

shell32

SHGetKnownFolderPath
Shell_NotifyIconW
DragFinish
DragQueryFileW
ShellExecuteW
Shell_NotifyIconGetRect

ole32

RevokeDragDrop
CoUninitialize
CoInitializeEx
RegisterDragDrop
CoTaskMemFree
CoCreateInstance
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtCancelIoFileEx

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

uxtheme

SetWindowTheme

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
trunc
floor

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcsncmp
wcslen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_c_exit
terminate
_seh_filter_exe
_set_app_type
abort
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_cexit
_crt_atexit
__p___argc
__p___argv
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
calloc
_callnewh
malloc

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

df4f15d58be95aaf1666545e973cfc8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

secur32

ws2_32

advapi32

user32

comctl32

shell32

ole32

ntdll

bcrypt

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 4.5MB - Virtual size: 4.5MB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 245KB - Virtual size: 244KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 245KB - Virtual size: 244KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 33KB - Virtual size: 33KB