breadchat[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

breadchat.exe
Size

6.7MB
MD5

8774e2a48101251b6cca11cb17fd8a4a
SHA1

003964ad81e10dbadeab01c4f74591f5f4d97efe
SHA256

3bae3507d5254376598431e93643201f3c14ed02022ba0a668a4e430585829a6
SHA512

8301097ac342740f5184bfaeba78f42c9009822738d2ba9e43efd2053707bc5924239a68fa41159c8740e3ae3cb731881e88540bb75466b645b394a0e0af42df
SSDEEP

49152:EFD8//6ylje2ksayPsMJFgZVp0F01yUTyYfhoUuONAO5Q3jsBDwyE7m54wMcAZTx:EFDRs0VDHyYfhOONaQBmvZT7h977yM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
breadchat.exe

Files

breadchat.exe
.exe windows x64

680f9bb9b9d4bc50bd956254fd603917

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile
RtlUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
NtCreateFile
RtlCaptureContext
RtlGetNtVersionNumbers

kernel32

GetSystemDirectoryW
GetFullPathNameW
ExitProcess
CreateThread
GetConsoleMode
CreateEventW
GetWindowsDirectoryW
CreateProcessW
MultiByteToWideChar
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
MoveFileExW
DeleteFileW
WriteConsoleW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
HeapReAlloc
QueryPerformanceFrequency
GlobalLock
GlobalUnlock
QueryPerformanceCounter
WakeConditionVariable
GlobalAlloc
WakeAllConditionVariable
TlsGetValue
TerminateProcess
GetExitCodeProcess
ReadFileEx
SleepEx
WriteFileEx
SetHandleInformation
GetCurrentProcessId
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
FindFirstFileW
GetTempPathW
lstrlenW
LoadLibraryExW
LoadLibraryW
LCIDToLocaleName
FreeLibrary
GetEnvironmentVariableW
GetStdHandle
GetUserDefaultUILanguage
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetProcessHeap
HeapAlloc
GetSystemInfo
HeapFree
SetEnvironmentVariableW
FormatMessageW
SetEvent
WaitForSingleObject
SleepConditionVariableSRW
GetProcAddress
GetModuleHandleA
Sleep
CreatePipe
GetCurrentProcess
DuplicateHandle
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
TlsSetValue
GetSystemTimeAsFileTime
GetProcessId
GetModuleHandleW
CloseHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsProcessorFeaturePresent
RaiseException
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
EncodePointer
TlsAlloc
CreateNamedPipeW
GetFileInformationByHandle
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FreeEnvironmentStringsW
ReleaseMutex
FindClose

user32

GetKeyboardState
DestroyIcon
SetWindowLongW
SendMessageW
GetSystemMenu
UnregisterHotKey
RegisterHotKey
GetRawInputData
GetAsyncKeyState
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
IsProcessDPIAware
RedrawWindow
GetClientRect
PostMessageW
GetDC
PostQuitMessage
SendInput
ShowWindow
AppendMenuW
CreateMenu
SetMenuItemInfoW
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetWindowRect
GetWindowLongPtrW
SetWindowDisplayAffinity
GetCursorPos
ReleaseCapture
LoadCursorW
GetKeyState
SetMenu
MapVirtualKeyExW
VkKeyScanW
GetMenu
OpenClipboard
ClientToScreen
GetClipboardData
CreateAcceleratorTableW
CloseClipboard
CheckMenuItem
EnableMenuItem
IsIconic
EmptyClipboard
DestroyAcceleratorTable
RegisterClipboardFormatW
GetForegroundWindow
CreateIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
GetKeyboardLayout
RegisterClassExW
RegisterWindowMessageA
SetClipboardData
EnumChildWindows
SystemParametersInfoA
GetActiveWindow
ToUnicodeEx
GetMonitorInfoW
GetMessageA
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
SetWindowPos
GetUpdateRect
ValidateRect
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
PostThreadMessageW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
InvalidateRgn
DispatchMessageA
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
PeekMessageW
SetCursorPos
SetCursor
DestroyWindow

ws2_32

ioctlsocket
WSASocketW
closesocket
recv
getsockopt
getaddrinfo
send
select
connect
setsockopt
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo

secur32

DeleteSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
FreeContextBuffer
FreeCredentialsHandle
QueryContextAttributesW
DecryptMessage
EncryptMessage
AcceptSecurityContext

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertOpenStore
CertFreeCertificateChain
CertDuplicateStore

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
RevokeDragDrop
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
OleInitialize

comctl32

TaskDialogIndirect
RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

shell32

ShellExecuteW
SHCreateItemFromParsingName
DragFinish
SHGetKnownFolderPath
SHAppBarMessage
DragQueryFileW

advapi32

EventSetInformation
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
EventRegister

uxtheme

SetWindowTheme

oleaut32

SysFreeString
SysStringLen
SetErrorInfo
GetErrorInfo

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
__setusermatherr
trunc
round

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
wcsncmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
abort
_set_app_type
_initterm
_seh_filter_exe
terminate
_crt_atexit
_configure_narrow_argv
exit
_exit
_register_onexit_function
__p___argc
_initialize_onexit_table
__p___argv
_cexit
_initterm_e
_initialize_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
calloc
free

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

680f9bb9b9d4bc50bd956254fd603917

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ws2_32

secur32

crypt32

gdi32

dwmapi

ole32

comctl32

shell32

advapi32

uxtheme

oleaut32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 265KB - Virtual size: 265KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 265KB - Virtual size: 265KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 19KB - Virtual size: 18KB