Brotato[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Brotato.exe
Size

38.7MB
MD5

89626ead64936e17befc377a2b34c894
SHA1

1a4cd325a5cad293f003b6988c890474d1abf3b8
SHA256

8be7aa284b728971b8dfbd723c132f996597215693508b7fad8dabbb2a691a4f
SHA512

5fb9016c75e9786e276aadeef9371e348ce752661c6397a1f35d68dbb39b56962f9a8c002c1cae7d772a236c9cf948f81c63172f6da2050d8e3fed41a0f680c5
SSDEEP

393216:2YZWCjr5pqvA5LpHUqAc+c2rpY9xSV45cuD2nbEpUC0N1qscyG2089pvO7o5bgcG:wIZ4A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Brotato.exe

Files

Brotato.exe
.exe windows:6 windows x64 arch:x64

7637911b917daee1eadc659752e295f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

midiInOpen
midiInStart
midiInClose
midiInGetErrorTextA
midiInGetNumDevs
midiInGetID
midiInStop
midiInGetDevCapsA
timeBeginPeriod
timeEndPeriod

opengl32

wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext

kernel32

GetTimeZoneInformation
GetLastError
AttachConsole
GetCurrentThread
QueryPerformanceFrequency
CloseHandle
GetNativeSystemInfo
GetSystemInfo
LoadLibraryW
GetLocalTime
GetProcAddress
GlobalLock
GetCurrentProcessId
SystemTimeToFileTime
CreateProcessW
FreeLibrary
GetSystemTime
QueryPerformanceCounter
GlobalUnlock
LoadLibraryExW
GetExitCodeProcess
LoadLibraryA
GetSystemPowerStatus
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleOutputCP
FlushFileBuffers
FormatMessageW
GetFileSizeEx
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineA
WriteFile
RemoveDirectoryW
MoveFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ExitProcess
GetModuleHandleExW
Sleep
ExitThread
CreateThread
GetFileType
SetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
GetModuleHandleW
GetSystemTimeAsFileTime
MultiByteToWideChar
LCIDToLocaleName
GetModuleHandleA
WaitForSingleObject
GetEnvironmentVariableW
CreatePipe
SetThreadPriority
GetUserDefaultUILanguage
GetLocaleInfoEx
SetEnvironmentVariableW
GetModuleFileNameW
TerminateProcess
OutputDebugStringA
SetConsoleMode
GetStdHandle
GetCurrentProcess
SetPriorityClass
FlsFree
FlsSetValue
SetLastError
SetHandleInformation
SetConsoleCtrlHandler
ReadFile
WideCharToMultiByte
FindClose
LocalFree
GlobalAlloc
GetCommandLineW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibraryAndExitThread
WriteConsoleW
SetEndOfFile
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FindNextFileW
GetExitCodeThread
CreateSemaphoreA
CreateEventA
VirtualFree
CreateMutexA
ReleaseMutex
HeapFree
GetTickCount64
HeapAlloc
GetProcessHeap
ReleaseSemaphore
SetEvent
TryEnterCriticalSection
ReplaceFileW
CreateDirectoryW
GetVolumeInformationW
GetLogicalDrives
FindFirstFileExW
GetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempFileNameW
GetDiskFreeSpaceExA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
WaitForSingleObjectEx
HeapSize

ole32

CoInitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree

user32

GetDC
GetRawInputDeviceInfoA
GetRawInputDeviceList
DefWindowProcW
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
AllowSetForegroundWindow
CallWindowProcW
MonitorFromPoint
CloseTouchInputHandle
GetTouchInputInfo
GetWindowRect
LoadCursorA
SetWindowPos
MessageBoxW
MonitorFromWindow
SetWindowRgn
EnumDisplayMonitors
CreateWindowExW
GetKeyboardLayoutNameA
ScreenToClient
GetSystemMetrics
SetWindowTextW
RegisterClassExW
ShowWindow
OpenClipboard
DispatchMessageW
SetTimer
DestroyIcon
RegisterTouchWindow
GetMonitorInfoW
CreateIconIndirect
ClientToScreen
CloseClipboard
EmptyClipboard
PeekMessageW
GetKeyboardLayoutList
GetRawInputData
TrackMouseEvent
GetKeyboardLayout
CreateIconFromResource
MapVirtualKeyA
MessageBoxA
MoveWindow
SetFocus
RegisterRawInputDevices
TranslateMessage
GetClipboardData
ClipCursor
SendMessageA
SetCapture
SetClipboardData
SetCursor
LoadIconA
FlashWindowEx
SystemParametersInfoA
GetClientRect
IsClipboardFormatAvailable
GetWindowLongPtrA
ActivateKeyboardLayout
KillTimer
EnumDisplaySettingsW
MapVirtualKeyExA
SetWindowLongPtrA
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos

gdi32

CreateBitmap
GetObjectA
ChoosePixelFormat
SwapBuffers
DeleteObject
SetBkColor
SetPixelFormat
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreatePolygonRgn
GetDeviceCaps
CreateRectRgn
DeleteDC
SetTextColor

shell32

DragQueryFileW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHFileOperationW
DragAcceptFiles

advapi32

RegOpenKeyExW
GetCurrentHwProfileA
RegCloseKey
RegQueryValueExW

dinput8

DirectInput8Create

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmAssociateContext

avrt

AvSetMmThreadPriority
AvSetMmThreadCharacteristicsA

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmFlush

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses

shlwapi

PathFileExistsW

wsock32

WSACleanup
__WSAFDIsSet
accept
htons
ntohs
closesocket
send
getsockname
htonl
ntohl
WSAGetLastError
setsockopt
connect
socket
sendto
ioctlsocket
bind
recv
select
inet_ntoa
recvfrom
listen
WSAStartup

ws2_32

freeaddrinfo
getnameinfo
inet_pton
WSAConnect
getaddrinfo

bcrypt

BCryptGenRandom

steam_api64

SteamAPI_UnregisterCallback
SteamInternal_ContextInit
SteamAPI_Shutdown
SteamInternal_FindOrCreateGameServerInterface
SteamAPI_GetHSteamUser
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamInternal_SteamAPI_Init
SteamAPI_RegisterCallback
SteamGameServer_GetHSteamUser
SteamAPI_RestartAppIfNecessary
SteamAPI_UnregisterCallResult
SteamInternal_FindOrCreateUserInterface
SteamAPI_RunCallbacks

Exports

Exports

?_main@@YAHXZ
?widechar_main@@YAHHPEAPEA_W@Z
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
main

Sections

.text
Size: 29.4MB - Virtual size: 29.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 521KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 955KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7637911b917daee1eadc659752e295f9

Headers

DLL Characteristics

File Characteristics

Imports

winmm

opengl32

kernel32

ole32

user32

gdi32

shell32

advapi32

dinput8

imm32

avrt

dwmapi

iphlpapi

shlwapi

wsock32

ws2_32

bcrypt

steam_api64

Exports

Exports

Sections

.text Size: 29.4MB - Virtual size: 29.4MB

.rdata Size: 7.3MB - Virtual size: 7.3MB

.data Size: 521KB - Virtual size: 595KB

.pdata Size: 955KB - Virtual size: 954KB

_RDATA Size: 512B - Virtual size: 348B

pck Size: 512B - Virtual size: 8B

.rsrc Size: 352KB - Virtual size: 352KB

.reloc Size: 195KB - Virtual size: 194KB

.text
Size: 29.4MB - Virtual size: 29.4MB

.rdata
Size: 7.3MB - Virtual size: 7.3MB

.data
Size: 521KB - Virtual size: 595KB

.pdata
Size: 955KB - Virtual size: 954KB

_RDATA
Size: 512B - Virtual size: 348B

pck
Size: 512B - Virtual size: 8B

.rsrc
Size: 352KB - Virtual size: 352KB

.reloc
Size: 195KB - Virtual size: 194KB