${PerilousPotions}[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

${PerilousPotions}.exe
Size

4.9MB
MD5

c0ac81a5c1af9d6f3c09dfcda5dec489
SHA1

e02af1707b2e18ee8425103741bf2cc953faccfe
SHA256

62e4c074913495378a9075a39e9837456fa23db0545465e2971eec907ee5ac6e
SHA512

dc98a24e04311dd9d8832508137d7428d44a9935127ad4a4382e61252d320f921d7955e43442ab32d845bb6df389fbf9cf9705331d038441600d7b77e9b88c00
SSDEEP

98304:SycTPgV0XTdiaQZLwLnS5MU8pPYpvbE3/tXVQr93Ryk6tUMW/VVjci:SBMV0XTdiaQZLwLnS5MU8pPYpTE31XyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
${PerilousPotions}.exe

Files

${PerilousPotions}.exe
.exe windows:6 windows x86 arch:x86

351092a385adff9a3d8a8b11ca01d6ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetWriteFile
HttpOpenRequestA
InternetCloseHandle
InternetCrackUrlA
HttpEndRequestW
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetCanonicalizeUrlA
HttpSendRequestA
InternetGetConnectedState

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump
SymFromAddr
SymInitialize

winmm

mciSendStringA
mciGetErrorStringA
joyGetPos
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
joyGetPosEx

ws2_32

gethostname
WSACleanup
setsockopt
sendto
send
recvfrom
recv
listen
inet_ntoa
inet_addr
getsockopt
ioctlsocket
connect
closesocket
bind
accept
getpeername
select
__WSAFDIsSet
ntohs
ntohl
htons
htonl
WSAStartup
WSAGetLastError
WSAAddressToStringA
getaddrinfo
freeaddrinfo
socket

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
UuidCreate

dxgi

CreateDXGIFactory1

kernel32

HeapReAlloc
GetTimeZoneInformation
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
WriteFile
GetStdHandle
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
MoveFileExW
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
EncodePointer
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
IsValidCodePage
GetACP
RaiseException
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CloseHandle
GetOEMCP
CreateEventExW
OutputDebugStringA
MultiByteToWideChar
GetConsoleWindow
GetLastError
GetCurrentDirectoryW
DeleteFileW
GetFullPathNameW
SetLastError
CreateThread
GetExitCodeThread
GetModuleHandleW
LocalFree
FormatMessageW
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetEnvironmentVariableW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
Sleep
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
GetTickCount
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
lstrlenA
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
GetFinalPathNameByHandleW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringW
SetCurrentDirectoryW
GetStringTypeW
SetEndOfFile
HeapSize
WaitForSingleObjectEx
WriteConsoleW
TlsFree
RtlCaptureStackBackTrace

user32

CreateDialogParamW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
GetDC
ReleaseDC
SetWindowTextW
ScreenToClient
MoveWindow
SetCursorPos
ClientToScreen
MapWindowPoints
GetActiveWindow
GetCursorPos
wsprintfW
GetAsyncKeyState
keybd_event
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
LoadImageW
AdjustWindowRectEx
TranslateMessage
DispatchMessageW
PeekMessageW
IsDialogMessageW
SetProcessDPIAware
GetForegroundWindow
UpdateWindow
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
LoadCursorW
CallNextHookEx
MessageBoxA
MessageBoxW
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetWindowRect
SetCursor
GetClientRect
SetDlgItemTextA
SetForegroundWindow

gdi32

GetStockObject
DeleteObject
SelectObject
GetDeviceCaps
CreateFontA

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitialize

dwmapi

DwmGetCompositionTimingInfo

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 535KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351092a385adff9a3d8a8b11ca01d6ab

Headers

DLL Characteristics

File Characteristics

Imports

wininet

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

rpcrt4

dxgi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1002KB - Virtual size: 1002KB

.data Size: 535KB - Virtual size: 2.9MB

minATL Size: 512B - Virtual size: 12B

.mydata Size: 512B - Virtual size: 8B

.rsrc Size: 47KB - Virtual size: 47KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1002KB - Virtual size: 1002KB

.data
Size: 535KB - Virtual size: 2.9MB

minATL
Size: 512B - Virtual size: 12B

.mydata
Size: 512B - Virtual size: 8B

.rsrc
Size: 47KB - Virtual size: 47KB