AyuGram[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AyuGram.exe
Size

147.7MB
MD5

b050c99979fb60e46bd0b3bfe441b2f5
SHA1

296f93d4f7d63301492365f813c701668b1b25cb
SHA256

f6540c2078980b805bd8692c9f0b7626826f12bcdc861ea4687287fef0b50d8f
SHA512

c9356ba649ead49226eeeb93420a0376992d0ee95bf1610d784b1800b30d2452f32f905204827e885a43c806a6590c8dce939b0bff023eb04963acd7069fec34
SSDEEP

786432:zlFYS+sQhruJPvo9ciH4z+0ZxLc5M+N61omfDtr058jG7S2V7Md4BrvDTr6BF40D:zTQNuBvoVj0ZxLdwiomfDtKeo7Tr6o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AyuGram.exe

Files

AyuGram.exe
.exe windows:6 windows x64 arch:x64

34b252b3da43033c31de9e8e6e5e9a2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\AyuGram\AyuGramDesktop\tdesktop\out\Release\AyuGram.pdb

Imports

kernel32

FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CopyFileW
QueryPerformanceFrequency
GetCommandLineW
EncodePointer
DecodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetEnvironmentVariableW
RemoveDirectoryW
GetCurrentProcess
GetModuleFileNameW
WinExec
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
GetModuleHandleW
GetModuleHandleExW
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
SetThreadPriority
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
ReleaseSemaphore
CreateSemaphoreW
VerSetConditionMask
VerifyVersionInfoW
GetLocaleInfoW
GetUserDefaultUILanguage
GetTickCount64
MoveFileExW
FindFirstFileW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
GetSystemPowerStatus
LocalAlloc
GetVersionExA
WaitForMultipleObjectsEx
CreateEventExW
GetCurrentThread
IsDebuggerPresent
DebugBreak
CreateSemaphoreA
SetFilePointerEx
GetStdHandle
OpenThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateEventA
SetLastError
QueueUserAPC
GetThreadId
GetModuleHandleA
GetNativeSystemInfo
OpenProcess
QueryFullProcessImageNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetModuleHandleExA
ExpandEnvironmentStringsW
GetVersionExW
lstrcpyW
lstrlenW
lstrcpynW
GetCurrentDirectoryW
LoadLibraryExW
InitializeCriticalSectionEx
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
WakeAllConditionVariable
MoveFileExA
InitOnceBeginInitialize
InitOnceComplete
InitializeSRWLock
SleepConditionVariableSRW
GetSystemDirectoryW
LoadLibraryExA
ReleaseMutex
GetConsoleMode
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetProcessAffinityMask
CreateMutexA
RtlCaptureContext
SetUnhandledExceptionFilter
TerminateThread
ResumeThread
GetProcessId
VirtualQueryEx
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SignalObjectAndWait
GetThreadGroupAffinity
SetEnvironmentVariableW
VirtualProtect
SetCurrentDirectoryW
GetTempFileNameA
TlsFree
VirtualQuery
InitializeCriticalSectionAndSpinCount
SwitchToFiber
DeleteFiber
CreateFiber
RtlVirtualUnwind
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
ReadConsoleW
GlobalFree
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
DisconnectNamedPipe
SetHandleInformation
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
CompareStringEx
GetLocalTime
TerminateProcess
IsProcessorFeaturePresent
SwitchToThread
GetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
CreateProcessW
UnregisterWaitEx
RegisterWaitForSingleObject
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
CreateDirectoryW
GetLogicalDrives
SetFileTime
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
CompareStringW
LCMapStringW
VirtualAlloc
VirtualFree
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GetExitCodeThread
GetLocaleInfoEx
SetFileAttributesW
TryAcquireSRWLockExclusive
RtlPcToFileHeader
GetStringTypeW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateSemaphoreExW
FlushProcessWriteBuffers
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
LCMapStringEx
GetCPInfo
RtlLookupFunctionEntry
UnhandledExceptionFilter
InterlockedPopEntrySList
QueryDepthSList
GetCurrentProcessorNumberEx
GetLogicalProcessorInformationEx
GetNumaHighestNodeNumber
SetThreadGroupAffinity
GetThreadTimes
FreeLibraryAndExitThread
RtlUnwindEx
RtlUnwind
ExitThread
SetConsoleCtrlHandler
SetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
GetConsoleOutputCP
GetCommandLineA
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
HeapQueryInformation
IsValidCodePage
GetACP
GetOEMCP
GetUserDefaultLangID

Exports

Exports

??0Animation@rlottie@@AEAA@XZ
??0PlatformMethods@angle@@QEAA@XZ
??0Surface@rlottie@@QEAA@PEAI_K11@Z
??0Surface@rlottie@@QEAA@XZ
??1Animation@rlottie@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
??4Surface@rlottie@@QEAAAEAV01@$$QEAV01@@Z
??4Surface@rlottie@@QEAAAEAV01@AEBV01@@Z
?buffer@Surface@rlottie@@QEBAPEAIXZ
?bytesPerLine@Surface@rlottie@@QEBA_KXZ
?configureModelCacheSize@@YAX_K@Z
?drawRegionHeight@Surface@rlottie@@QEBA_KXZ
?drawRegionPosX@Surface@rlottie@@QEBA_KXZ
?drawRegionPosY@Surface@rlottie@@QEBA_KXZ
?drawRegionWidth@Surface@rlottie@@QEBA_KXZ
?duration@Animation@rlottie@@QEBANXZ
?frameAtPos@Animation@rlottie@@QEAA_KN@Z
?frameRate@Animation@rlottie@@QEBANXZ
?height@Surface@rlottie@@QEBA_KXZ
?layers@Animation@rlottie@@QEBAAEBV?$vector@V?$tuple@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@std@@V?$allocator@V?$tuple@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@std@@@2@@std@@XZ
?loadFromData@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@AEBV54@1_NAEBV?$vector@U?$pair@II@std@@V?$allocator@U?$pair@II@std@@@2@@4@W4FitzModifier@2@@Z
?loadFromFile@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@_N@Z
?render@Animation@rlottie@@QEAA?AV?$future@VSurface@rlottie@@@std@@_KVSurface@2@_N@Z
?renderSync@Animation@rlottie@@QEAAX_KVSurface@2@_N@Z
?renderTree@Animation@rlottie@@QEBAPEBULOTLayerNode@@_K00@Z
?setDrawRegion@Surface@rlottie@@QEAAX_K000@Z
?setValue@Animation@rlottie@@AEAAXUColor_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUColor@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUColor_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UColor@2@@Z
?setValue@Animation@rlottie@@AEAAXUFloat_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6AMAEBUFrameInfo@rlottie@@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUFloat_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@M@Z
?setValue@Animation@rlottie@@AEAAXUPoint_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUPoint@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUPoint_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UPoint@2@@Z
?setValue@Animation@rlottie@@AEAAXUSize_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUSize@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUSize_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@USize@2@@Z
?size@Animation@rlottie@@QEBAXAEA_K0@Z
?totalFrame@Animation@rlottie@@QEBA_KXZ
?width@Surface@rlottie@@QEBA_KXZ
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform

Sections

.text
Size: 71.5MB - Virtual size: 71.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34.1MB - Virtual size: 34.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38.2MB - Virtual size: 42.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 879KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34b252b3da43033c31de9e8e6e5e9a2b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 71.5MB - Virtual size: 71.5MB

.rdata Size: 34.1MB - Virtual size: 34.1MB

.data Size: 38.2MB - Virtual size: 42.5MB

.pdata Size: 2.6MB - Virtual size: 2.6MB

.rodata Size: 4KB - Virtual size: 4KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 329KB - Virtual size: 328KB

_RDATA Size: 512B - Virtual size: 396B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 879KB - Virtual size: 878KB

.text
Size: 71.5MB - Virtual size: 71.5MB

.rdata
Size: 34.1MB - Virtual size: 34.1MB

.data
Size: 38.2MB - Virtual size: 42.5MB

.pdata
Size: 2.6MB - Virtual size: 2.6MB

.rodata
Size: 4KB - Virtual size: 4KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 329KB - Virtual size: 328KB

_RDATA
Size: 512B - Virtual size: 396B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 879KB - Virtual size: 878KB