octo[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

octo.exe
Size

66.4MB
MD5

8cf82871d417ce493184ec81e944222b
SHA1

2b4d1d9374dae178f2d32ca8087b1f96c34b4981
SHA256

4e9bfe15c544b0b48e4bb8fd6e49c772f0f1c810313d5f8fa313c3177f8cda21
SHA512

5cafa2d71f2d09b8d62d1a48622865c6f8bbbd2bffd48b4d31ddb7863a20398fcbf92ff23b823842d98540f592e64a01fec32bd686dd273f1145095fd004ffb0
SSDEEP

1572864:MlbKPGezb9LIYmK+weI8393smNaQkl9AdBnHNl/9tpsksst:obKhzyVK+RI0tsSaQ8oH3FtpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
octo.exe

Files

octo.exe
.exe windows:6 windows x64 arch:x64

5c782a83d4fca4fd3e2736da0fcc2a24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

GetFullPathNameW
FindFirstFileW
FindClose
GetModuleHandleA
GetFileInformationByHandleEx
GetFileType
GetConsoleMode
GetProcAddress
LoadLibraryExW
SetThreadErrorMode
WaitForSingleObject
SetHandleInformation
ReadFileEx
SleepEx
CompareStringOrdinal
GetFileAttributesW
GetSystemDirectoryW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
WriteFileEx
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
SetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetWindowsDirectoryW
CreateProcessW
GetFileInformationByHandle
FreeLibrary
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateWaitableTimerExW
HeapAlloc
Sleep
LoadLibraryExA
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
GetProcessHeap
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetFileInformationByHandle
CloseHandle
GetSystemInfo
GetStdHandle
CreateFileW
GetEnvironmentVariableW
lstrlenW
GetCurrentDirectoryW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
FormatMessageW
GetEnvironmentVariableA
WriteFile
FlsAlloc
FlsSetValue
FlsFree
GetProcessTimes
GetModuleHandleW
GetCurrentProcessorNumber
VirtualAlloc
VirtualFree
VirtualQuery
GetLargePageMinimum
WriteConsoleW
GetNumaHighestNodeNumber
GetSystemTimeAsFileTime
GetNumaNodeProcessorMask
WriteConsoleA
InitializeSListHead
IsDebuggerPresent
SwitchToThread
MultiByteToWideChar
LocalFree
SetWaitableTimer
GetLastError
QueryPerformanceCounter
SetLastError
GetCurrentThread

user32

ToUnicodeEx
ShowWindow
GetWindowLongPtrW
SystemParametersInfoA
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterWindowMessageA
DefWindowProcW
PeekMessageW
MapVirtualKeyExW
SetWindowDisplayAffinity
PostMessageW
SetWindowLongW
RegisterTouchWindow
GetDC
GetClipCursor
ClipCursor
ShowCursor
GetKeyState
GetWindowLongW
DestroyIcon
SendMessageW
GetKeyboardLayout
SetWindowPos
InvalidateRgn
GetClientRect
GetAsyncKeyState
SetWindowLongPtrW
GetKeyboardState
MonitorFromWindow
ValidateRect
GetRawInputData
SetWindowTextW
SetCursorPos
ClientToScreen
AdjustWindowRectEx
GetSystemMetrics
SetForegroundWindow
SendInput
MapVirtualKeyW
KillTimer
SetTimer
GetMessageW
DispatchMessageW
TranslateMessage
RegisterRawInputDevices
CreateWindowExW
RegisterClassExW
SetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
RedrawWindow
TrackMouseEvent
ReleaseCapture
SetCapture
MonitorFromRect
GetWindowPlacement
SetCursor
LoadCursorW
DestroyWindow
ScreenToClient
GetMenu
GetActiveWindow
IsProcessDPIAware

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContextEx

ole32

RevokeDragDrop
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoIncrementMTAUsage
RegisterDragDrop
OleInitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

ws2_32

setsockopt
ioctlsocket
send
recv
bind
listen
closesocket
WSAStartup
WSACleanup
freeaddrinfo
connect
select
getsockopt
WSASocketW
WSAGetLastError
getaddrinfo
accept

bcrypt

BCryptGenRandom

advapi32

AdjustTokenPrivileges
OpenProcessToken
SystemFunction036
LookupPrivilegeValueA

shell32

SHCreateItemFromParsingName
DragQueryFileW
DragFinish

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError

shlwapi

AssocQueryStringW

uxtheme

SetWindowTheme

msvcp140

_Query_perf_counter
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency

vcruntime140

__current_exception
__C_specific_handler
strstr
__std_exception_copy
__std_exception_destroy
memset
memcpy
memmove
__current_exception_context
_CxxThrowException
memchr
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

cos
powf
sin
ceilf
sinf
cosf
exp2
fmodf
_hypotf
__setusermatherr
fmod
asinf
log10
exp2f
atan2f
cbrtf
acosf
fmaf
expf
pow

api-ms-win-crt-string-l1-1-0

strlen
strcmp

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

strtol
atoi
atof

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
fputs
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59.3MB - Virtual size: 59.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c782a83d4fca4fd3e2736da0fcc2a24

Headers

DLL Characteristics

File Characteristics

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

gdi32

dwmapi

imm32

ole32

oleaut32

api-ms-win-core-winrt-l1-1-0

ws2_32

bcrypt

advapi32

shell32

ntdll

shlwapi

uxtheme

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 59.3MB - Virtual size: 59.3MB

.data Size: 8KB - Virtual size: 212KB

.pdata Size: 75KB - Virtual size: 75KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 59.3MB - Virtual size: 59.3MB

.data
Size: 8KB - Virtual size: 212KB

.pdata
Size: 75KB - Virtual size: 75KB

.reloc
Size: 35KB - Virtual size: 35KB