Altruistic[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Altruistic.exe
Size

14.3MB
MD5

1b389c3f4d547fbaed239841aa8ee6c7
SHA1

3b01d98f4afdf177325078d79f785cd88bb2c75e
SHA256

b4f3c47abb511857ac2e623f08d74fa67f254659471273379fad638cbe0eb210
SHA512

dfeb29838728102b15d48522fd6ce14a7d8b21567ba2f0a4051bcf6260f78af5fa5458723d51ae3650f69871a1e0f90e7bcde3eae860a287d5962d0218e82587
SSDEEP

393216:44JWqQOy9FOnJsv6tWKFdu9C2arLMuC/Jx:VKFOuarLDCj

Score

1^/10

Malware Config

Signatures

Files

Altruistic.exe
.exe windows:6 windows x64 arch:x64

7854c146fb9f92575f662ab88a18632d

Code Sign

11:4b:dd:86:cb:c1:b0:86:4d:f2:57:a0:05:42:55:ec
Certificate

Issuer

CN=ALT Dev Group,O=ALT Dev Group,ST=Ontario,C=CA

Not Before

21-06-2022 21:00

Not After

21-06-2023 21:00

Subject

CN=ALT Dev Group,O=ALT Dev Group,ST=Ontario,C=CA

29:87:38:03:85:71:44:73:0a:97:40:9b:5d:26:74:9b:73:c7:df:1d:be:01:f3:47:12:ea:03:32:4d:c7:77:8d
Signer

Actual PE Digest

29:87:38:03:85:71:44:73:0a:97:40:9b:5d:26:74:9b:73:c7:df:1d:be:01:f3:47:12:ea:03:32:4d:c7:77:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateDirectoryA
GetTempPathA
GetCommandLineW
GetModuleHandleA
LoadLibraryA
VirtualFree
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
VirtualAlloc
GetLargePageMinimum
OpenEventA
GetPhysicallyInstalledSystemMemory
GetSystemInfo
GetModuleFileNameA
CreateFileA
MultiByteToWideChar
DeleteFileW
GetSystemPowerStatus
GetSystemTimes
GetProcessHeap
InitializeCriticalSectionEx
HeapFree
FindFirstVolumeA
GetVolumeInformationW
OpenMutexW
LocalFree
ReleaseMutex
LocalAlloc
WaitForSingleObject
CreateMutexW
FreeLibrary
CreateProcessW
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetProcAddress
LoadLibraryW
GetLastError
Sleep
ProcessIdToSessionId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
CloseHandle
Process32FirstW
K32GetProcessMemoryInfo
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
GetTickCount
GetModuleFileNameW
CreateDirectoryW
WriteConsoleW
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
GetCurrentThreadId
GetModuleHandleW
FormatMessageW
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
GlobalSize
GetUserDefaultLangID
CreateFileW
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CompareStringEx
GetSystemTime
GetLocalTime
DuplicateHandle
SetEvent
CreateEventW
WaitForMultipleObjects
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WaitForSingleObjectEx
GetNativeSystemInfo
OutputDebugStringW
IsProcessorFeaturePresent
ResetEvent
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetCurrentDirectoryW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
GetStartupInfoW
FlushFileBuffers
GetDriveTypeW
GetFileType
SetEndOfFile
SetFilePointerEx
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetModuleHandleExW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
UnregisterWaitEx
RegisterWaitForSingleObject
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
SetLastError
DebugBreak
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
RtlUnwind
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread

user32

SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
ShowWindow
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
DestroyWindow
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetSysColor
GetWindowPlacement
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
RegisterClassW
EnumDisplayDevicesW
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostThreadMessageW
CharNextExA
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
PostMessageW
UnregisterClassW
SendMessageW
UpdateLayeredWindowIndirect
SystemParametersInfoW
SetWindowPos
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
LoadIconW
UpdateLayeredWindow
GetDoubleClickTime
RemoveMenu
DrawMenuBar

advapi32

ConvertStringSidToSidW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CloseServiceHandle
OpenSCManagerW
BuildExplicitAccessWithNameW
ChangeServiceConfig2W
SetServiceObjectSecurity
RegSetKeySecurity
RegOpenKeyExW
OpenServiceW
LookupAccountSidW
RegOpenKeyW
QueryServiceObjectSecurity
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserA
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
GetLengthSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
SystemFunction036
AccessCheck
CopySid
DuplicateToken
RegDeleteKeyW

shell32

SHCreateItemFromParsingName
SHCreateItemFromIDList
CommandLineToArgvW
SHGetMalloc
SHGetPathFromIDListW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW
SHBrowseForFolderW
SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW
SHGetKnownFolderIDList

ole32

RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoLockObjectExternal

oleaut32

SafeArrayCreateVector
SysFreeString
SysAllocString
VariantClear
SafeArrayPutElement

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

shlwapi

PathAppendW
PathRemoveFileSpecW
PathAppendA

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetVirtualKey

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryW
DestroyEnvironmentBlock

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect

winmm

timeKillEvent
PlaySoundW
timeSetEvent

ntdll

NtQuerySystemTime
LdrUnloadDll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
LdrLockLoaderLock
RtlImageNtHeader
LdrUnlockLoaderLock
RtlHashUnicodeString
RtlNtStatusToDosError
RtlFreeHeap
NtProtectVirtualMemory
NtQueryVirtualMemory
RtlRaiseStatus
RtlCompareMemory

gdi32

SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GdiFlush
CreateDIBSection
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
ExtTextOutW
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SwapBuffers
GetPixelFormat
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
CreateBitmap
BitBlt
SelectObject
DeleteDC
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
SelectClipRgn
OffsetRgn
GetFontData
DeleteObject
CreateRectRgn
CombineRgn
GetDIBits

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7854c146fb9f92575f662ab88a18632d

Code Sign

11:4b:dd:86:cb:c1:b0:86:4d:f2:57:a0:05:42:55:ecCertificate

29:87:38:03:85:71:44:73:0a:97:40:9b:5d:26:74:9b:73:c7:df:1d:be:01:f3:47:12:ea:03:32:4d:c7:77:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

dwmapi

shlwapi

wtsapi32

imm32

userenv

version

netapi32

ws2_32

winmm

ntdll

gdi32

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 225KB - Virtual size: 302KB

.pdata Size: 291KB - Virtual size: 290KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 2.2MB - Virtual size: 2.2MB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 24KB - Virtual size: 24KB

11:4b:dd:86:cb:c1:b0:86:4d:f2:57:a0:05:42:55:ec
Certificate

29:87:38:03:85:71:44:73:0a:97:40:9b:5d:26:74:9b:73:c7:df:1d:be:01:f3:47:12:ea:03:32:4d:c7:77:8d
Signer

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 225KB - Virtual size: 302KB

.pdata
Size: 291KB - Virtual size: 290KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 24KB - Virtual size: 24KB