MyBot[.]exe | Triage

Resubmissions

05/10/2023, 08:56

231005-kv7rdsbg28 3

Sharing

Copy URL Twitter E-mail

General

Target

MyBot.exe
Size

1.0MB
MD5

9fd810af5dcc22825c558fec39d466f6
SHA1

a8da1b582e24a378737ae92a741e21dffc2410fd
SHA256

b0bad8d9e720ba674e2940654c1b17bb426fa439584a3229d9d81c3327397c57
SHA512

74d8130d1cfe5672af50c0a8d1ce621c28cac5da3b0b11fb10046eca4a6a9436cfac38661380fe8eec83026670f186f8793f0de347c9bdedd45fd3bf30d8473c
SSDEEP

12288:QPbWvegD70ICN5i2HjDInzhymjVIBDivAocAQo/mdj8SIVwPQom+gzmL:Qd2vCN5i8DInzhymEWSIVwPQzzmL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MyBot.exe

Files

MyBot.exe
.exe windows:4 windows x64

c1aee9f1e56c7f6c5bb92df1b3199e5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetCurrentObject
GetObjectW
SelectObject

gdiplus

GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipLoadImageFromStream
GdipSaveImageToStream
GdiplusShutdown
GdiplusStartup

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateDirectoryW
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoW
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFileAttributesW
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthreadex
_cexit
_commode
_close
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_initterm
_localtime64
_lseeki64
_mktime64
_onexit
_read
_setjmp
_strdup
_time64
_ultoa
_wassert
_wcmdln
_wfopen
_write
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
setlocale
setvbuf
signal
strcmp
strcoll
strerror
strftime
strlen
strncmp
strncpy
strtok
strxfrm
tolower
towlower
towupper
ungetwc
ungetc
vfprintf
wcscat
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm

ole32

CreateStreamOnHGlobal

shell32

CommandLineToArgvW
SHGetFolderPathW

user32

CallNextHookEx
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMessageW
GetSystemMetrics
GetWindowTextW
GetWindowThreadProcessId
MapVirtualKeyExA
ReleaseDC
SetWindowsHookExW

libdpp

_ZN3dpp12slashcommand10add_optionERKNS_14command_optionE
_ZN3dpp12slashcommandC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_NS_9snowflakeE
_ZN3dpp14command_option13set_max_valueESt7variantIJSt9monostatexdEE
_ZN3dpp14command_option13set_min_valueESt7variantIJSt9monostatexdEE
_ZN3dpp14command_optionC1ENS_19command_option_typeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_b
_ZN3dpp5embedD1Ev
_ZN3dpp7cluster14message_createERKNS_7messageESt8functionIFvRKNS_23confirmation_callback_tEEE
_ZN3dpp7cluster21global_command_createERKNS_12slashcommandESt8functionIFvRKNS_23confirmation_callback_tEEE
_ZN3dpp7cluster5startEb
_ZN3dpp7cluster8shutdownEv
_ZN3dpp7clusterC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEjjjjbNS_14cache_policy_tEjj
_ZN3dpp7message11set_contentERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN3dpp7message12set_guild_idENS_9snowflakeE
_ZN3dpp7message14set_channel_idENS_9snowflakeE
_ZN3dpp7message8add_fileERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_S8_
_ZN3dpp7messageC1EPNS_7clusterE
_ZN3dpp7messageC1Ev
_ZN3dpp7messageD1Ev
_ZN3dpp7utility7versionB5cxx11Ev
_ZN3dpp7utility8iconhashC1ERKS1_
_ZN3dpp7utility8iconhashD1Ev
_ZN3dpp7utility9log_errorEv
_ZN3dpp9snowflakeC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNK3dpp11interaction16get_command_nameB5cxx11Ev
_ZNK3dpp11interaction16get_issuing_userEv
_ZNK3dpp11interaction23get_command_interactionEv
_ZNK3dpp20interaction_create_t5replyERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt8functionIFvRKNS_23confirmation_callback_tEEE
_ZNK3dpp23confirmation_callback_t8is_errorEv
_ZNK3dpp23confirmation_callback_t9get_errorEv
_ZNK3dpp9snowflakecvyEv
_ZTVN3dpp12slashcommandE
_ZTVN3dpp13select_optionE
_ZTVN3dpp14command_optionE
_ZTVN3dpp21command_option_choiceE
_ZTVN3dpp4userE
_ZTVN3dpp7channelE
_ZTVN3dpp7stickerE
_ZTVN3dpp9componentE
_ZTVN3dpp9forum_tagE
you_are_using_a_release_build_of_dpp_on_a_debug_project

Sections

.text
Size: 834KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c1aee9f1e56c7f6c5bb92df1b3199e5d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

gdiplus

kernel32

msvcrt

ole32

shell32

user32

libdpp

Sections

.text Size: 834KB - Virtual size: 834KB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 77KB - Virtual size: 76KB

.pdata Size: 48KB - Virtual size: 48KB

.xdata Size: 69KB - Virtual size: 69KB

.bss Size: - Virtual size: 9KB

.idata Size: 10KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 834KB - Virtual size: 834KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 77KB - Virtual size: 76KB

.pdata
Size: 48KB - Virtual size: 48KB

.xdata
Size: 69KB - Virtual size: 69KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB