ollydbg[.]exe | Triage

Resubmissions

28-03-2024 15:24

240328-stjl6sae28 3

28-03-2024 15:21

240328-srdcdahe2v 3

Sharing

Copy URL

Twitter E-mail

General

Target

ollydbg.exe
Size

1.4MB
MD5

a8d8531a3995494a1cfc62f7e7cc77ec
SHA1

867240ca5e6af8b0fc1afa5a48a1cc10e25d3169
SHA256

9d532bea2b3bc32afc3656bc2d1ae29bc5cda57cae173210255296ec87c9db4f
SHA512

24bda81c59e2eddda428d7b240eaee607fb63bcbf5ab2109d6b127300495b24486389696048413c2b9fd47363b2fde72bb37de545191a02bc22a704fd104cf48
SSDEEP

24576:w5FL8P8aqcmeE6wRPLB2o6ZavEMb3F3H5bqvL+MhSGn2oEfi1nkAE:4FQ8aqcGVPLB2o6gZb3Zwz+MhSGn2NK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ollydbg.exe

Files

ollydbg.exe
.exe windows:4 windows x86 arch:x86

62594aeb4746f8c5dd7ea470d7fd6d2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadContext
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseColorA
ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetNearestColor
GetObjectA
GetStockObject
GetTextExtentExPointA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextMetricsA
GetTextMetricsW
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetPixel
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginDeferWindowPos
BeginPaint
CallWindowProcA
CallWindowProcW
CharNextA
CheckDlgButton
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawEdge
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetFocus
GetKeyState
GetKeyboardType
GetMenu
GetMenuItemCount
GetMenuItemID
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextW
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MessageBoxA
MoveWindow
OpenClipboard
OpenIcon
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendMessageA
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenu
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowCaret
ShowScrollBar
ShowWindow
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromDC
WindowFromPoint
wsprintfA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 714KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 448KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

62594aeb4746f8c5dd7ea470d7fd6d2e

Headers

File Characteristics

Imports

advapi32

kernel32

version

comctl32

comdlg32

gdi32

shell32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 714KB - Virtual size: 716KB

.data Size: 254KB - Virtual size: 596KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 448KB - Virtual size: 452KB

.reloc Size: 51KB - Virtual size: 52KB

.text
Size: 714KB - Virtual size: 716KB

.data
Size: 254KB - Virtual size: 596KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 448KB - Virtual size: 452KB

.reloc
Size: 51KB - Virtual size: 52KB