Bunny[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Bunny.exe
Size

785KB
MD5

327381fe5e189f584820471f844c398d
SHA1

fae8d7cf1f41704a872df7a328e8600e298f2628
SHA256

2ebbc0fb043ccf9e0a7a6d43ef8dc7ee6189342940446ba7b20e3860e9731d87
SHA512

97051c9da629779c8cfed7835e37e69580a604402ae379ff58a08a6762e3bf75c2955a08894200b6b916100369c069f06e03326662fa3c25ebde4bb0dbb80b81
SSDEEP

12288:C4gNtZeLfx5vYndixvKcSIa5aki+6yS+SfGBI1wKlWmdDobpxcBdhwFQ51i5w:wZezxEie55ayZjI1amq3Q51i5w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Bunny.exe

Files

Bunny.exe
.exe windows x86

4e878bd5c06b50dd2932b16b0935967b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ags4

_AgsTaskDiscipleIs@4
_MTaskAgsButtonRunHit@8
_AgsSpriteCreateTextEx@28
_MTaskAgsButtonEntryBt@8
_AgsTaskPearentMsg@4
_AgsSpriteViewOn@4
_AgsNumberSpriteSet@16
_AgsSpriteZoomSet@12
_AgsScroolBarInit@8
_AgsSpriteInfoGet@8
_AgsTaskSubgroundNoSet@4
_AgsTaskAllocDisciple@24
_AgsTaskFree@0
_AgskeyMousePointSet@8
_MTaskAgsButtonWaitOff@8
_MTaskAgsButtonInit@12
_AgsSpriteDelete@4
_AgsTaskDiscipleFree@4
_AgsKeyMouseX@0
_AgsTaskAllocChild@20
_AgsSpriteCreateFile@16
_AgsSpriteCreateCell@20
_AgsTaskCchildMsg@0
_AgsTerritoryDelete@4
_MTaskAgsButtonClickSubFileSet@16
_AgsKeyTypeRpt@0
_AgsSpriteAlphaSet@8
_AgsSpriteDeleteLump@8
_AgsKeyWheel@0
AgsDebugWindowPrintf
_AgsSpriteHitPoss@20
_AgsSpriteCreateEmpty@12
_AgsScroolBarRun@12
_MTaskAgsButtonCursorNextSet@16
_AgsTerritoryCreateBasic@0
_MTaskAgsButtonRun@8
_AgsTerritoryChangeEffect@4
_AgsSpritePosOffsetSet@12
_AgsSpritPaint@12
_AgsSpriteViewOff@4
_AgsSpriteRectSet@8
_AgsTerritoryActiveSet@4
_MTaskAgsButtonDataDefault@12
_AgsTaskChange@8
_AgsTaskGroundWorkGet@0
_AgsTaskChangeRetrace@4
_AgsDebugIs@0
_AgsSoundWavePlayFileEx@8
_AgsKeyTypeCnt@0
_CTaskTaskWait@32
_AgsTaskChangeNext@4
_AgsModelAlphaSet@8
_AgsSpriteAlphaColorSet@12
_MTaskAgsButtonWaitOn@8
_MTaskAgsButtonEntryHandlePresetRpt@8
_AgsTerritoryBlendScreenCopy@20
_AgsKeyMouseY@0
_DTaskSpriteDirectionA@20
_DTaskSpriteDirectionB@20
_MTaskAgsButtonCursorWaitOn@8
_AgsSpritePosSet@12
_AgsTaskSubgroundNoWorkGet@4
_AgsKeyTypeTrg@0
_AgsSpriteRectChange@16
_MTaskAgsButtonEntryHandle@8
_AgsTaskDiscipleMsgGet@4
_AgsSpriteCreateText@24
_AgsSoundBgmPlay@4
_AgsSpritePosMove@12
_AgsSoundBgmTrackGet@0
_AgsModelCreateFile@12
_AgsSpriteView@8
_AgsModelPosSet@16
_AgsAnimeLoad@8
_AgsTaskMaidRun@12
_AgsModelViewOff@4
_AgsModelCreateEmpty@8
_AgsSoundWavePlayFile@8
_AgsModelViewOn@4
_AgsFileSystemCreateFile@8
_AgsObjFileLoadEx@12
_AgsFileSystemFileCheck@4
_AgsCursorSetDefault@8
_AgsSoundWaveStop@4
_AgsSoundBgmStop@0
_AgsSoundBgmWaveFileSet@4
_AgsDebugWindowCreate@16
_AgsTerritoryCreate@8
_AgsSoundWaveStatus@4
_MTaskAgsButtonCursorNextSetRev@16
_AgsAppPahtGet@0
_AgsTaskBackSet@4
_CTaskWait@20
_AgsSoundWaveChGroupSet@12
_AgsFileSystemPathSet@4
_AgsTerritoryPaint@16
_AgsSpritePgsvGet@0
_AgsTaskAllocGround@20
_AgsSoundWaveModeGet@0
_AgsSystemEnd@0
_AgsSpritePosCenterSet@12
_AgsHwndGet@0
_AgsVersionSet@4
_AgsStart@4
_AgsEnd@4
_AgsRun@4
_AgsSpriteFogGet@4
_AgsTaskMaidWorkGet@4
_AgsTerritoryPaintColor@16
_AgsModelDelete@4
_AgsSpriteRollSet@8
_AgsModelRollSet@16
_AgsSpriteLightAmbientSet@12
_AgsSpriteLightDirectSet@24
_AgsKeyCnt@0
_AgsSpriteLightInfoGet@12
_AgsSpriteRepaint@4
_AgsAnimeChange@8
_AgsSpriteLightInfoSet@12
_AgsSpriteCameraClipSet@12
_MTaskAgsButtonInitData@4
_AgsAnimePlayIs@4
_AgsModelCreateLine@20
_AgsSpriteGetCell@4
_AgsSpriteCameraAngleSet@16
_AgsSpriteCameraPosSet@16
_AgsTaskAllocMaid@16
_AgsSpriteFogSet@12
_AgskeyPgsvSet@8
_MTaskAgsButtonCursorSet@8
_AgsSoundBgmVolumeSet@8
_AgsKeyTrg@0
_AgsSoundBgmSet@4
_AgsKeyVirtualTrg@4
_AgsActiveIs@0
_AgsSoundWaveVolumeSet@8
_AgskeyEntrySet@4
_AgskeyEntryGet@4
_AgsTaskFreeChildAll@4
_AgsSpriteFullScreen@4
_AgsSpriteFullScreenIs@0
_AgsSoundBgmVolumeGet@4
_MTaskAgsButtonInitDataDefault@16
_AgsSoundWavePlayPermitOff@4
_AgsSoundWavePlayPermitOn@4
_AgsSoundBgmGet@0
_AgskeyPause@8
_AgsSpriteBaseZoomSet@12
_MTaskAgsTextInputPosSet@12
_MTaskAgsTextInputStringGet@12
_AgsSpriteHandleIs@4
_AgsTaskDiscipleMsgSet@12
_AgsTaskMasterMsgGet@0
_AgsTaskMasterStatus@0
_MTaskAgsTextInputInit@28
_AgsTaskMasterMsgSet@4
_AgsSpriteViewIs@4
_AgsTerritoryActiveGet@0
_MTaskAgsTextInputRun@4
_MTaskAgsTextInputSizeGet@8
_AgsTaskMasterMsgDataGet@0
_DTaskSpriteAnimeOneX@12
_DTaskSpriteEffectNumJump@52
_DTaskSpriteEffectJump@16
_CTaskMoviePlay@24
_AgsSpritePrioritySet@8
_AgsCpuLevelGet@0
_AgsScroolBarPoss@12
_AgsTerritoryPaintBlend@20
_AgsKeyMouseMoveY@0
_AgsKeyVirtualRpt@4
_AgsScroolBarPoint@12
_MTaskAgsButtonGet@12
_AgsTerritoryAllEffect@4
_AgsSpriteFileNameGet@12
_AgsDebugWindowDelete@4
_AgsObjFileLoad@8
_AgsFrameCountGet@0
_AgsDebugWindowWorkSet@8
_AgsTerritoryChangeBasic@12
_AgsSpritePosOffsetMove@12
_MTaskAgsButtonCursorForceOn@8
_AgsSpriteParentSet@8
_AgsKeyRpt@0
_DTaskSpriteAnimeX@8
_AgsFileSystemFullPathGet@12
_AgsScroolBarView@4
_MTaskAgsButtonEntryHandlePut@24
_MTaskAgsButtonCursorForceSet@8
_AgsTaskAllocChildNoWait@20
_MTaskAgsButtonCursorForceOff@8
_AgsModelCreateBox@20
_AgsModelInfoGet@8

aoi4

_AoiCardSet@12
AoiwPrintf
_AoiCardLast@4
_AoiRandomSigned@8
_AoiCardInit@0
_AoiCardRandomGet@4
_AoiStrwlen@4
_AoiRandomPercent@8
_AoiCardMax@4
_AoiStrwcmp@8
_AoiNsort@16
_AoiTimerGetTimeCount@0
_AoiStrwstr@8
_AoiStringwCpy@8
_AoiStringwGet@4
_AoiStringwCatBack@8
_AoiStringwInit@0
__AoiStringwPrintfEx@16
_AoiStringwLast@4
_AoiStrwcmpi@8
_AoiCardShuffle@8
_AoiCardOrderGet@4
_AoiMathLimit@12
_AoiMathLoop@12
_AoiRandomExInit@4
_AoiMemoryFree@4
_AoiRandomExGet@12
_AoiRandomExLast@4
_AoiVfsFileOpen@8
_AoiMemoryAlloc@4
_AoiFilePathSearch@4
_AoiStringwComp@8
AoiStringwPrintf
__AoiwPrintfEx@16
AoiMessageBox
_AoiDriveList@8
_AoiOsVersionGet@8
_AoiDriveSerialNumberGet@4
_AoiDiskFreeSpace@4
_AoiRandomSeedSet@4
_AoiStrwcpy@12
_AoiStrwtoknGet@20
_AoiStrwtokn@8
_AoiRandom@8
_AoiStrwcat@12
_AoiLib_Start@0
_AoiStracmp@8
_AoiLib_End@0
AoiMessageBoxStyle
_AoiCardReset@4
_AoiRectSet@20
_AoiTimeNowGet32@4
_AoiTimeLocal32@12
_AoiStringwCatFront@8
_AoiStrwtoi@8
_AoiStrwTblStringAdd@8
_AoiStrwTblInit@0
_AoiStrw1to2Byte@8
_AoiBsearch@24
_AoiStrwTblStringGet@8
_AoiStrwTblLast@4
_AoiStrwTblStringTokn@12
_AoiFilePathFileNameConst@4
AoiStringwPrintfFront
_AoiStrwncmpi@12
AoiStringwPrintfBack
_AoiStringwLen@4
_AoiFilePathFileName@4
_AoiMemoryHandleAddress@4
AoiwPrintfBack
_AoiMemoryHandleAlloc@8
_AoiMemoryHandleFree@4
_AoiMemoryErrorCheck@4
_AoiStracpy@12
_AoiRectHitPoss@12
_AoiMathDecimalTblGet@8
_AoiMemoryCopy@12
_AoiMathDecimalTblSet@12
_AoiMemoryMove@12
_AoiHandleDelete@4
_AoiStrwTblStringMax@4

kernel32

DeleteFileW
FreeLibrary
LoadLibraryW
GetProcAddress
SetFilePointer
GetLocaleInfoW
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
SetFileAttributesW
HeapSize
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
CloseHandle
CreateFileW
ReadFile
Sleep
WriteFile
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetLastError
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
HeapAlloc
RaiseException
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetModuleHandleA

user32

SetWindowTextW
ShowWindow

comdlg32

CommDlgExtendedError
GetOpenFileNameW

pgsv

_PGSVL_DeleteLayer@12
_PGSVL_EXT_Function@36
_PGSV_DeleteTexture@8
_PGSV_Rotate3D@12
_PGSVL_ReadLayer@12

pgsvtd

_PGSVTDL_InfoGet@12
_PGSVTD_TCellAddress@8

aoicmp4

?AoiDatToTxt@@YGHPBUDTT_TYPE@@PBXIPADI@Z
?AoiTxtToDat@@YGHPBUDTT_TYPE@@PBDIPAXI@Z
?AoiDatToTxtSize@@YGIPBUDTT_TYPE@@I@Z
?AoiCompressPack@@YGHPAXKKPAPAXPAUtagAOI_COMPRESS_PACK_DATA@@P6AHH0@Z0@Z
?AoiCompressUnpack@@YGHPAXKPAPAXPAUtagAOI_COMPRESS_PACK_DATA@@P6AHH0@Z0@Z

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.patch
Size: 786B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata2
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e878bd5c06b50dd2932b16b0935967b

Headers

DLL Characteristics

File Characteristics

Imports

ags4

aoi4

kernel32

user32

comdlg32

pgsv

pgsvtd

aoicmp4

Sections

.text Size: 439KB - Virtual size: 439KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 29KB - Virtual size: 35KB

.rsrc Size: 201KB - Virtual size: 201KB

.patch Size: 786B - Virtual size: 4KB

.rdata2 Size: 32KB - Virtual size: 32KB

.text
Size: 439KB - Virtual size: 439KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 29KB - Virtual size: 35KB

.rsrc
Size: 201KB - Virtual size: 201KB

.patch
Size: 786B - Virtual size: 4KB

.rdata2
Size: 32KB - Virtual size: 32KB