Theophyllinex86[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Theophyllinex86.exe
Size

98KB
MD5

059b6ee45303d3a049f58eda678b99aa
SHA1

f4bd3d67dc605d00f6cd635c95ed48409efeff29
SHA256

bc43c0f13a8f3604aae26d2130e626103fddbc2906dab42c1f86448e7e79f03b
SHA512

0a627271a70fd05ab0c50b9e08de38b0b58c43c2c0c62072b7276132afeb9047cff43cf7bd8b4cc8b67c387d80be41f23cc80926cbd76d8b9718786344cbab4b
SSDEEP

3072:Kr1/ynaMzFVGUKFCcpJP0vN9qH4joRVf0Q4x:Kp/fLUUCnYbN34x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Theophyllinex86.exe

Files

Theophyllinex86.exe
.exe windows:5 windows x86 arch:x86

7419a758d4b3cfa76f7b0564278fe1c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\source\repos\Theophylline\Release\Theophylline.pdb

Imports

kernel32

GetModuleHandleW
CopyFileW
GetTickCount
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
CreateProcessW
GetStringTypeW
GetFileType
SetStdHandle
LCMapStringW
ExitProcess
LocalFree
GetProcAddress
CreateThread
CloseHandle
DeleteFileW
GetLastError
Sleep
ExitThread
SetFileAttributesW
CreateFileW
GetTempPathW
SetFilePointer
GetModuleFileNameW
WriteFile
GetCurrentProcess
GetProcessHeap
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
DecodePointer

user32

GetDesktopWindow
SetCursorPos
SendInput
SetSystemCursor
InvalidateRect
DrawIconEx
GetWindowRect
GetDC
SetWindowPos
MessageBoxW
keybd_event
EnumChildWindows
SendMessageW
GetSystemMetrics
ShowWindow
LoadIconW
LoadCursorW
mouse_event

gdi32

BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
PatBlt
StretchBlt
PlgBlt
DeleteObject
CreateSolidBrush

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
FreeSid
LookupPrivilegeValueW

msimg32

AlphaBlend
GradientFill

winmm

waveOutOpen
waveOutReset
waveOutClose
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7419a758d4b3cfa76f7b0564278fe1c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msimg32

winmm

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB