Brotato[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Brotato.exe
Size

40.8MB
MD5

77743d2d7148f3baa7d9f110bf0f9150
SHA1

ee373af88ecaa8677fc91733dab97ae018961f5d
SHA256

47198abe876f8196fd872cab98fe942cb584b65066009e1366fc1adfa89e4171
SHA512

03e778f07def023bdb206ac00c43f6accd8190f5e0e40a0df3082b6f26b79ea796325c02a377504adb7e8bb451f14209426abeb8343937c7e2cebc0d20d8fd0a
SSDEEP

393216:+Bb7kgsjLZVMrqUk5HCF+KajqeABsalatDeklP0/Bybuhhn7rGgTUpvvYevYnsc9:8bjzbFAVSQt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Brotato.exe

Files

Brotato.exe
.exe windows x64

c33afebcb965a6a1f57363e972663ac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

midiInOpen
midiInStart
midiInClose
midiInGetErrorTextA
midiInGetNumDevs
midiInGetID
midiInStop
midiInGetDevCapsA
timeBeginPeriod
timeEndPeriod

opengl32

wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext

kernel32

GetLastError
AttachConsole
GetCurrentThread
QueryPerformanceFrequency
CloseHandle
GetNativeSystemInfo
GetSystemInfo
LoadLibraryW
GetLocalTime
GetProcAddress
GlobalLock
GetCurrentProcessId
SystemTimeToFileTime
CreateProcessW
FreeLibrary
GetSystemTime
QueryPerformanceCounter
GlobalUnlock
LoadLibraryExW
GetExitCodeProcess
LoadLibraryA
GetSystemPowerStatus
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
GetFileSizeEx
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineA
WriteFile
RemoveDirectoryW
MoveFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetModuleHandleExW
FormatMessageW
ExitThread
CreateThread
GetFileType
SetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetModuleHandleW
Sleep
MultiByteToWideChar
LCIDToLocaleName
GetModuleHandleA
WaitForSingleObject
GetEnvironmentVariableW
CreatePipe
SetThreadPriority
GetUserDefaultUILanguage
GetLocaleInfoEx
SetEnvironmentVariableW
GetModuleFileNameW
TerminateProcess
OutputDebugStringA
GetStdHandle
GetCurrentProcess
SetPriorityClass
GetSystemTimeAsFileTime
SetLastError
SetHandleInformation
SetConsoleCtrlHandler
ReadFile
WideCharToMultiByte
CreateEventA
LocalFree
GlobalAlloc
GetCommandLineW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibraryAndExitThread
WriteConsoleW
SetEndOfFile
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FindNextFileW
FindClose
CreateSemaphoreA
WaitForSingleObjectEx
VirtualFree
CreateMutexA
ReleaseMutex
HeapFree
GetTickCount64
HeapAlloc
GetProcessHeap
ReleaseSemaphore
SetEvent
TryEnterCriticalSection
ReplaceFileW
CreateDirectoryW
GetVolumeInformationW
GetLogicalDrives
FindFirstFileExW
GetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempFileNameW
GetDiskFreeSpaceExA
ExitProcess
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
HeapSize

ole32

CoInitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree

user32

GetDC
GetRawInputDeviceInfoA
GetRawInputDeviceList
DefWindowProcW
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
AllowSetForegroundWindow
CallWindowProcW
MonitorFromPoint
CloseTouchInputHandle
GetTouchInputInfo
GetWindowRect
LoadCursorA
SetWindowPos
MessageBoxW
MonitorFromWindow
SetWindowRgn
EnumDisplayMonitors
CreateWindowExW
GetKeyboardLayoutNameA
ScreenToClient
GetSystemMetrics
SetWindowTextW
RegisterClassExW
ShowWindow
OpenClipboard
DispatchMessageW
SetTimer
DestroyIcon
RegisterTouchWindow
GetMonitorInfoW
CreateIconIndirect
ClientToScreen
CloseClipboard
EmptyClipboard
PeekMessageW
GetKeyboardLayoutList
GetRawInputData
TrackMouseEvent
GetKeyboardLayout
CreateIconFromResource
MessageBoxA
MoveWindow
SetFocus
RegisterRawInputDevices
TranslateMessage
GetClipboardData
ClipCursor
SendMessageA
SetCapture
SetClipboardData
SetCursor
LoadIconA
FlashWindowEx
SystemParametersInfoA
GetClientRect
IsClipboardFormatAvailable
GetWindowLongPtrA
ActivateKeyboardLayout
KillTimer
EnumDisplaySettingsW
MapVirtualKeyExA
SetWindowLongPtrA
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos

gdi32

CreateBitmap
GetObjectA
ChoosePixelFormat
SwapBuffers
DeleteObject
SetBkColor
SetPixelFormat
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreatePolygonRgn
GetDeviceCaps
CreateRectRgn
DeleteDC
SetTextColor

shell32

DragQueryFileW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHFileOperationW
DragAcceptFiles

advapi32

RegOpenKeyExW
GetCurrentHwProfileA
RegCloseKey
RegQueryValueExW

dinput8

DirectInput8Create

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmAssociateContext

avrt

AvSetMmThreadPriority
AvSetMmThreadCharacteristicsA

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmFlush

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses

shlwapi

PathFileExistsW

wsock32

WSACleanup
__WSAFDIsSet
listen
htons
ntohs
closesocket
send
getsockname
htonl
ntohl
WSAGetLastError
setsockopt
connect
socket
sendto
ioctlsocket
bind
recv
select
inet_ntoa
recvfrom
WSAStartup
accept

ws2_32

freeaddrinfo
getnameinfo
inet_pton
WSAConnect
getaddrinfo

bcrypt

BCryptGenRandom

steam_api64

SteamAPI_UnregisterCallback
SteamGameServer_Shutdown
SteamInternal_ContextInit
SteamAPI_Shutdown
SteamInternal_FindOrCreateGameServerInterface
SteamAPI_GetHSteamUser
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_IsSteamRunning
SteamInternal_GameServer_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamGameServer_GetHSteamUser
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamAPI_UnregisterCallResult
SteamInternal_FindOrCreateUserInterface
SteamAPI_RunCallbacks

Exports

Exports

?_main@@YAHXZ
?widechar_main@@YAHHPEAPEA_W@Z
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
main

Sections

.text
Size: 31.7MB - Virtual size: 31.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 519KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 958KB - Virtual size: 958KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c33afebcb965a6a1f57363e972663ac4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

opengl32

kernel32

ole32

user32

gdi32

shell32

advapi32

dinput8

imm32

avrt

dwmapi

iphlpapi

shlwapi

wsock32

ws2_32

bcrypt

steam_api64

Exports

Exports

Sections

.text Size: 31.7MB - Virtual size: 31.7MB

.rdata Size: 7.3MB - Virtual size: 7.3MB

.data Size: 519KB - Virtual size: 591KB

.pdata Size: 958KB - Virtual size: 958KB

_RDATA Size: 512B - Virtual size: 348B

pck Size: 512B - Virtual size: 8B

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 194KB - Virtual size: 194KB

.text
Size: 31.7MB - Virtual size: 31.7MB

.rdata
Size: 7.3MB - Virtual size: 7.3MB

.data
Size: 519KB - Virtual size: 591KB

.pdata
Size: 958KB - Virtual size: 958KB

_RDATA
Size: 512B - Virtual size: 348B

pck
Size: 512B - Virtual size: 8B

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 194KB - Virtual size: 194KB