FROSTY PUBLIC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

FROSTY PUBLIC.exe
Size

1003KB
MD5

07d19292b3d6b539f9b5623c3dec96dd
SHA1

33075205ff46fc3987d11050ddb67ffc35dcbe7e
SHA256

f740df17f94583bdbb3facfce6b1e139666186937e8dde7a846b093ca91b701b
SHA512

3ecf8291e1c99f03086cba204395a0c7a0f55a78bb9590aba4de4659455758d13172a62856ba4ca824fb3c63fbe26aad159ea52a1fb03ed272c247310678e509
SSDEEP

24576:YfAVJbxNtBDkFc9IEvOD26LWEmqDW/MKfYnHuGKF2WSwN:YYgGRmRKnMKAnxWSw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FROSTY PUBLIC.exe

Files

FROSTY PUBLIC.exe
.exe windows x64

dfe1399fb64439deb94f2d88b912307b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GetConsoleWindow
SetConsoleTitleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
OutputDebugStringW
GetFileInformationByHandleEx
CreateToolhelp32Snapshot
GetFileAttributesExW
Process32FirstW
Process32NextW
Process32Next
AreFileApisANSI
GlobalAlloc
CreateFileW
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
GlobalUnlock
GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
CreateFileA
FlushFileBuffers
Beep
CloseHandle
Sleep
GetCurrentProcessId
CreateThread
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
WideCharToMultiByte
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
FindFirstFileW
FindClose
MultiByteToWideChar

user32

FindWindowA
SetWindowLongA
GetWindowLongA
GetWindowRect
GetForegroundWindow
UpdateWindow
GetSystemMetrics
mouse_event
GetAsyncKeyState
SetWindowDisplayAffinity
GetWindow
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
PostQuitMessage
MessageBoxA
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
SetWindowPos
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetActiveWindow
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetClientRect
LoadCursorA
ScreenToClient
SetCursorPos
SetCursor
ClientToScreen
GetCursorPos

gdi32

GetStockObject

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Random_device@std@@YAIXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?iword@ios_base@std@@QEAAAEAJH@Z
?xalloc@ios_base@std@@SAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
_Thrd_sleep
_Thrd_join
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

d3d9

Direct3DCreate9Ex

ntdll

ZwClose
ZwSetValueKey
ZwCreateKey
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwQueryValueKey
ZwOpenKey

normaliz

IdnToAscii

wldap32

ord301
ord27
ord32
ord33
ord26
ord143
ord217
ord46
ord211
ord60
ord45
ord22
ord41
ord50
ord35
ord30
ord79
ord200

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertOpenStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA

ws2_32

accept
closesocket
WSACleanup
recvfrom
WSAStartup
getsockname
WSAIoctl
WSASetLastError
socket
htonl
recv
sendto
gethostname
send
listen
ntohl
WSAGetLastError
getpeername
getsockopt
setsockopt
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
connect
htons
ntohs
bind

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

memmove
memset
strchr
__std_exception_copy
memcpy
_CxxThrowException
memcmp
__std_terminate
memchr
__std_exception_destroy
__C_specific_handler
strrchr
__current_exception_context
strstr
__current_exception

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

isprint
isupper
strcmp
strncpy
_strdup
tolower
strpbrk
wcscpy_s
strcspn
strncmp
strspn
_wcsicmp

api-ms-win-crt-stdio-l1-1-0

__p__commode
_read
_write
_lseeki64
_close
_get_stream_buffer_pointers
fgetc
feof
fputs
fopen
fgetpos
_open
__stdio_common_vsscanf
_fileno
__stdio_common_vfprintf
_wfopen
fclose
fflush
fread
fseek
fputc
ftell
fwrite
fsetpos
_fseeki64
__stdio_common_vsprintf
_set_fmode
_popen
_pclose
fgets
_isatty
setvbuf
ungetc
__acrt_iob_func
__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

_dclass
_dsign
powf
pow
floorf
tanf
ceilf
sqrtf
sinf
__setusermatherr
cosf
fmodf

api-ms-win-crt-runtime-l1-1-0

strerror
abort
__sys_nerr
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_beginthreadex
_getpid
system
_errno
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
exit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtod
strtoul
strtol
atoi
strtoll
strtoull
atof

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_fstat64
_unlink
_access
_lock_file
remove
_stat64

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
CryptReleaseContext

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfe1399fb64439deb94f2d88b912307b

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

shell32

imm32

msvcp140

d3d9

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 688KB - Virtual size: 688KB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 10KB - Virtual size: 14KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 688KB - Virtual size: 688KB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 10KB - Virtual size: 14KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB