blue[.]gg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

blue.gg.exe
Size

6.5MB
MD5

f4d047bea7a85985222ca6ee138c0668
SHA1

6003efccc262b7b08039a7f84ca309b09d212b58
SHA256

eb8c8ebc97003310c357ac6bb23b44aa142936750d1d3ff24ff21483807cfeea
SHA512

d0db18cf756c9bda57a4a911da3b46cf22ba66ae4a4da2aaeb42c900d2b3a741ca4cc0619a31899fb9d7ae15fb816c4aef2eab261e7d9e39b9c9449446d3001b
SSDEEP

49152:BFRP73ultAQjnl+R3EwBnlOAKrqLn4xCYSOAKMwlAj2WGlt0btzGvcUH9RAP7SCW:jclmQu+HeG4tcH9WP7NuYh3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
blue.gg.exe

Files

blue.gg.exe
.exe windows:6 windows x64 arch:x64

e6339a4906bb3846dc40ac250c39c853

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\bst\Desktop\Blue.cc SRC\New imgui\examples\example_win32_directx11\Release\example_win32_directx11.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleFileNameA
CreateFileMappingW
VirtualProtect
CreateThread
GetCurrentProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapDestroy
GetLastError
CreateFileA
CreateFileW
CreateFileMappingA
UnmapViewOfFile
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
MapViewOfFile
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
CloseHandle
ReadFile
GetFileSizeEx
GetConsoleWindow
GetTickCount64
GetFileAttributesA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
WaitForMultipleObjects
GlobalLock
GlobalUnlock
GlobalAlloc

user32

OpenClipboard
CloseClipboard
LoadIconW
SetWindowLongA
GetWindowLongW
MessageBoxA
GetWindowRect
UpdateWindow
GetSystemMetrics
GetAsyncKeyState
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
EmptyClipboard
GetClipboardData
SetClipboardData
PostQuitMessage

advapi32

InitializeAcl
CryptEncrypt
RegSetValueExW
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
RegCloseKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
RegCreateKeyW
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
RegOpenKeyExW
IsValidSid
GetTokenInformation

shell32

ShellExecuteW
ShellExecuteA

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xbad_function_call@std@@YAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

normaliz

IdnToAscii

wldap32

ord32
ord33
ord27
ord26
ord22
ord35
ord79
ord30
ord200
ord41
ord301
ord50
ord45
ord143
ord60
ord217
ord46
ord211

crypt32

CryptDecodeObjectEx
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertOpenStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertCloseStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject

ws2_32

connect
getpeername
bind
getsockname
WSAGetLastError
htons
ntohs
send
setsockopt
socket
WSASetLastError
WSAIoctl
recv
WSAStartup
closesocket
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
getsockopt
gethostname
ntohl

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__std_terminate
strstr
strrchr
memchr
memcpy
memmove
longjmp
memset
memcmp
__current_exception_context
__current_exception
__std_exception_copy
__intrinsic_setjmp
__std_exception_destroy
__C_specific_handler
strchr
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

tolower
strpbrk
strncpy
strncmp
strcspn
strspn
isupper
_strdup
strcmp

api-ms-win-crt-runtime-l1-1-0

__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
system
_beginthreadex
_getpid
terminate
_wassert
_errno
exit
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_configure_narrow_argv
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
strerror

api-ms-win-crt-stdio-l1-1-0

_read
_set_fmode
_close
_open
setvbuf
_write
ungetc
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
fwrite
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
_wfopen
_lseeki64
fclose
fflush
fgets
feof
_pclose
fputs
fopen
_popen
fread
fseek
ftell
__p__commode

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
free
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

powf
ceilf
acosf
sqrtf
sinf
fmodf
cosf
__setusermatherr
_dclass

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtod
strtoul
strtol
strtoull

api-ms-win-crt-filesystem-l1-1-0

_access
_unlock_file
_unlink
_fstat64
_stat64
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.6MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6339a4906bb3846dc40ac250c39c853

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

advapi32

shell32

msvcp140

imm32

dwmapi

d3dx11_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 328KB - Virtual size: 327KB

.data Size: 4.6MB - Virtual size: 4.7MB

.pdata Size: 53KB - Virtual size: 52KB

.rsrc Size: 222KB - Virtual size: 222KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 328KB - Virtual size: 327KB

.data
Size: 4.6MB - Virtual size: 4.7MB

.pdata
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 222KB - Virtual size: 222KB

.reloc
Size: 4KB - Virtual size: 4KB