D:\Projects\Active\ybot2\installer\target\release\deps\installer.pdb
Static task
static1
General
-
Target
yBot Installer.exe
-
Size
11.0MB
-
MD5
9a2fd11792ef583ff394d8c97104f7b2
-
SHA1
178186087d9861fcd6e04b366fab49eaa5ab663d
-
SHA256
b7073c534228656fc46ae0d5791ccc0caeabc8735c605ca0214fdd97f5e2c2d5
-
SHA512
27585a09a82210095255a383494985de7d99c58bd1f96488becb13aafc426ba7385fc12a0af15296bacf9098787c251fd7cd40bd1f891053d6c781b5c11862b9
-
SSDEEP
98304:vMFZ32bWewbCYO0RcS98XsocuviX9aY5AbtXf:UF2iXAbp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource yBot Installer.exe
Files
-
yBot Installer.exe.exe windows:6 windows x64 arch:x64
23a1507efc8b6cc9f32453a4b609665b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
user32
SetForegroundWindow
SendInput
SetCursor
MapVirtualKeyW
SetWindowTextW
GetRawInputData
MonitorFromPoint
IsProcessDPIAware
SetCapture
MapVirtualKeyA
MsgWaitForMultipleObjectsEx
GetMessageW
RegisterWindowMessageA
RegisterRawInputDevices
RegisterClassExW
CloseClipboard
CreateWindowExW
SystemParametersInfoA
FlashWindowEx
SetWindowLongPtrW
DestroyIcon
SendMessageW
DestroyWindow
PostThreadMessageW
DefWindowProcW
GetDC
GetWindowLongPtrW
ShowWindow
SetWindowLongW
SetClipboardData
ChangeDisplaySettingsExW
DispatchMessageW
TranslateMessage
PeekMessageW
EmptyClipboard
GetClipboardData
PostMessageW
GetWindowPlacement
SetWindowPlacement
SetWindowPos
InvalidateRgn
GetClientRect
GetSystemMetrics
RegisterTouchWindow
GetSystemMenu
EnableMenuItem
SetWindowDisplayAffinity
ValidateRect
GetUpdateRect
GetWindowLongW
ScreenToClient
GetMenu
MonitorFromRect
TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
AdjustWindowRectEx
ClientToScreen
GetClipCursor
ClipCursor
ShowCursor
GetKeyState
GetKeyboardState
GetKeyboardLayout
LoadCursorW
ToUnicodeEx
GetWindowRect
GetActiveWindow
IsIconic
RedrawWindow
CreateIcon
OpenClipboard
IsWindowVisible
ReleaseCapture
GetForegroundWindow
kernel32
GetLastError
UnhandledExceptionFilter
Sleep
SetUnhandledExceptionFilter
GlobalLock
GlobalSize
FormatMessageW
TryAcquireSRWLockExclusive
HeapFree
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetSystemFirmwareTable
GetCurrentProcessId
CloseHandle
SetHandleInformation
IsDebuggerPresent
AcquireSRWLockShared
RtlVirtualUnwind
GlobalUnlock
GetSystemTimeAsFileTime
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetFileAttributesW
InitializeSListHead
ReleaseSRWLockShared
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
CreateNamedPipeW
GetFullPathNameW
GetFinalPathNameByHandleW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
CreateFileW
FindClose
FindNextFileW
HeapReAlloc
WakeConditionVariable
WakeAllConditionVariable
LoadLibraryA
GetProcAddress
GetExitCodeProcess
SleepEx
AcquireSRWLockExclusive
HeapAlloc
GetVolumeInformationA
CreateProcessW
GetProcessHeap
SleepConditionVariableSRW
WriteFileEx
GetStdHandle
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
IsProcessorFeaturePresent
SetFileInformationByHandle
SetFileCompletionNotificationModes
GetModuleHandleW
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObject
RemoveVectoredExceptionHandler
LoadLibraryExW
AddVectoredExceptionHandler
GetCurrentThreadId
ReleaseSRWLockExclusive
FreeLibrary
GetModuleFileNameW
SetThreadErrorMode
RtlLookupFunctionEntry
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
CreateEventA
GetConsoleMode
GetModuleHandleA
GetSystemInfo
GetUserPreferredUILanguages
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DuplicateHandle
VirtualProtect
GlobalAlloc
SwitchToThread
SetThreadStackGuarantee
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
ole32
RegisterDragDrop
RevokeDragDrop
OleInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
gdi32
GetDeviceCaps
StretchDIBits
CreateRectRgn
DeleteObject
dwmapi
DwmEnableBlurBehindWindow
advapi32
SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
shell32
SHCreateItemFromParsingName
DragQueryFileW
DragFinish
ws2_32
getsockopt
shutdown
recv
send
WSASend
getsockname
setsockopt
WSAIoctl
bind
getpeername
WSAStartup
WSASocketW
connect
ioctlsocket
getaddrinfo
freeaddrinfo
WSAGetLastError
closesocket
WSACleanup
secur32
EncryptMessage
DecryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
ApplyControlToken
crypt32
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertDuplicateStore
CertOpenStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
winmm
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
uxtheme
SetWindowTheme
imm32
ImmGetCompositionStringW
ImmGetContext
ImmAssociateContextEx
ImmReleaseContext
ntdll
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
NtReadFile
NtCreateFile
NtWriteFile
d3dcompiler_47
D3DCompile
oleaut32
SysStringLen
SysFreeString
GetErrorInfo
bcrypt
BCryptGenRandom
vcruntime140
_CxxThrowException
__current_exception_context
memcpy
__CxxFrameHandler3
memset
memmove
memcmp
__current_exception
__C_specific_handler
api-ms-win-crt-math-l1-1-0
sinf
ceilf
cosf
exp2
exp2f
pow
floorf
powf
tanf
roundf
round
sin
expf
acosf
__setusermatherr
fmodf
ceil
truncf
acos
fmaf
tan
cos
floor
trunc
fmod
atan2
api-ms-win-crt-string-l1-1-0
strlen
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
strerror
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_crt_atexit
_initterm
terminate
_cexit
exit
_exit
__p___argc
_initialize_onexit_table
_c_exit
__p___argv
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
Sections
.text Size: 8.0MB - Virtual size: 8.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 324KB - Virtual size: 324KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ