Grabbot-sample[.]dat

Sharing

Copy URL Twitter E-mail

General

Target

Grabbot-sample.dat
Size

491KB
MD5

d439c468d59f117c584bda463b03aea9
SHA1

730083c27461dcf71c42a2409c4f438a77442685
SHA256

6d8ce2d1b33ff42ba04ded09fe79cff158e6dfffa82f6ceada12f4fda6d0c221
SHA512

0e21e0d3bbcd6d296c442aa90b51ad293bdaee50e6b9696996b8f55283c8f48bf33befa37830586d97d0838ed71854ae8eeec4f67a8323c8cabb0df9af003550
SSDEEP

12288:GsU8b/yS+tPQqpadRhgPXVOHZ73GtnM4DrNx6hsmrMEHC/g:GsU83w5UdR2cWt7DrNx6hPUg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Grabbot-sample.dat

Files

Grabbot-sample.dat
.exe windows:5 windows x86 arch:x86

75fb045b5a1922d840bc513532569fe2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
Sleep
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
LCMapStringW
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
GetStringTypeW
RtlUnwind
HeapSize
HeapReAlloc
ReadFile
GetConsoleCP
FlushFileBuffers
SetFilePointer
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
lstrcpyA
SuspendThread
CloseHandle
GetModuleHandleA
LockResource
CreateFileMappingA
GlobalFree
GetProcAddress
lstrcmpiA
GetLastError
EnumSystemLanguageGroupsA
SetConsoleTitleA
GetACP
HeapCreate
FindResourceA
GetConsoleWindow
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SizeofResource
LoadLibraryW
GlobalAlloc
FormatMessageA
GetProcessHeap
GetUserDefaultLCID
HeapFree
HeapAlloc
GetCurrentProcess
TerminateProcess
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
LoadResource
UnmapViewOfFile
MapViewOfFile
lstrlenA
GetConsoleMode
GetOEMCP
CreateFileW

user32

LoadCursorA
OpenClipboard
SetWindowTextA
UnregisterHotKey
SetClipboardData
AdjustWindowRect
SystemParametersInfoA
MapWindowPoints
GetCursorPos
SetWindowPos
LookupIconIdFromDirectory
CreateIconFromResource
GetSysColor
SendDlgItemMessageW
EndDialog
GetDlgItem
EmptyClipboard
EndPaint
DestroyWindow
CloseClipboard
SetTimer
GetWindowRect
SendDlgItemMessageA
FillRect
DrawTextA
LoadStringA
LoadBitmapA
GetParent
LoadIconA
CreateIconFromResourceEx
IsWindowEnabled
wsprintfA
GetClientRect
SetFocus
SendMessageA
BeginPaint
GetDC
DrawFocusRect
RegisterClassExW
OffsetRect
TrackPopupMenuEx
SetRect
SetWindowLongA
InvalidateRect
LookupIconIdFromDirectoryEx
CreateWindowExA
ReleaseDC

gdi32

TranslateCharsetInfo
SetViewportOrgEx
LPtoDP
SetWindowExtEx
SetTextColor
DeleteDC
Polygon
CreateDIBSection
CreateFontA
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
SetMapMode
Rectangle
Ellipse
RealizePalette
SelectPalette
SetPixelV
GetTextExtentPointA
CreatePatternBrush
CreatePen
SetViewportExtEx
GetTextMetricsA
SetTextAlign
GetStockObject
UpdateColors
CreateSolidBrush
BitBlt

winspool.drv

ConnectToPrinterDlg

comdlg32

PrintDlgExA

advapi32

ReadEventLogA
GetOldestEventLogRecord
QueryAllTracesA
OpenEventLogW

ole32

CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

VariantInit
GetActiveObject
VariantChangeType
SysAllocString

msi

ord276
ord274

iphlpapi

GetTcpTable

comctl32

ImageList_DragShowNolock
ImageList_Create
ImageList_AddMasked
ImageList_GetImageCount

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImage
GdiplusStartup
GdipFree
GdipCloneImage
GdipAlloc

secur32

QuerySecurityPackageInfoA

winhttp

WinHttpGetIEProxyConfigForCurrentUser

traffic

TcQueryInterface

tapi32

phoneInitialize

wldap32

ord143
ord88

Exports

Exports

Out

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75fb045b5a1922d840bc513532569fe2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

msi

iphlpapi

comctl32

gdiplus

secur32

winhttp

traffic

tapi32

wldap32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 386KB - Virtual size: 386KB

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 386KB - Virtual size: 386KB