Bully[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Bully.exe
Size

7.8MB
MD5

5575cca65c214fc35a22c8f29beb1f85
SHA1

60bd04bc1ca5237d417d707cd0254c5182063d50
SHA256

bd2d93fe866adbe95c090951c0340ceface9b4cfeb48f643016daa88092f91ce
SHA512

49d46db0463ca807a69005e1be5b0854f19035d78bf5fb3e6804b299277bd7d26139a0c151c6f8682fffbfebe817c00cf66c06d54728d1ef256a7db18d02f0ee
SSDEEP

196608:qziOrxw3ltWsfR5e8W8ECOpfbY+mSUT5EV:qWtWsfR5e8W8ECOpYO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Bully.exe

Files

Bully.exe
.exe windows:4 windows x86 arch:x86

Password: yes

8ed1f4cde4daa35c8467aca0d08bbb25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

xinput1_3

ord4
ord3
ord2

kernel32

GlobalMemoryStatus
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
ReleaseMutex
CloseHandle
SuspendThread
ResumeThread
DebugBreak
GetLastError
CreateFileA
SetFilePointer
ReadFile
WriteFile
MultiByteToWideChar
GetTickCount
GetModuleFileNameA
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
GetOverlappedResult
DeleteFileA
GetFileSize
LocalFree
ReleaseSemaphore
WaitForMultipleObjects
SetLastError
SetThreadPriority
CreateThread
CreateMutexA
LocalAlloc
CreateSemaphoreA
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
GetFileAttributesA
FindFirstFileA
CreateDirectoryA
GetCommandLineA
GetSystemInfo
GetVersionExA
lstrlenA
WideCharToMultiByte
OutputDebugStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
VirtualQuery
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetModuleHandleA
Sleep
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedExchange
HeapSize
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapReAlloc
GetFullPathNameA
GetDriveTypeA
GetStartupInfoA
GetProcessHeap
HeapFree
HeapAlloc
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess

user32

ChangeDisplaySettingsA
TranslateMessage
DispatchMessageA
PeekMessageA
GetMonitorInfoA
MoveWindow
ShowWindow
SetWindowPos
GetClientRect
SystemParametersInfoA
MessageBoxW
mouse_event
LoadIconA
MessageBoxA
ShowCursor
PostQuitMessage
DefWindowProcA
PostMessageA
GetCursorPos
LoadCursorA
RegisterClassA
TranslateAcceleratorA
GetWindowRect
IsWindow
SendMessageA
SetWindowTextA
CreateWindowExA
AdjustWindowRect
wsprintfW
DestroyWindow
SendDlgItemMessageA
CheckDlgButton
ScreenToClient
GetWindowLongA
DialogBoxIndirectParamA
EndDialog
UpdateWindow

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

d3dx9_38

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXCompileShaderFromFileA
D3DXGetShaderConstantTable
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemory
D3DXCreateEffectCompiler
D3DXVec3Normalize
D3DXVec4Transform
D3DXMatrixReflect
D3DXCreateTexture
D3DXLoadSurfaceFromSurface
D3DXMatrixMultiply
D3DXCreateEffect
D3DXMatrixTranspose
D3DXCompileShader
D3DXGetShaderInputSemantics
D3DXCreateTextureFromFileExA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateCubeTextureFromFileExA
D3DXMatrixInverse
D3DXGetShaderVersion
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemory
D3DXGetVertexShaderProfile
D3DXGetPixelShaderProfile
D3DXCreateBuffer
D3DXSaveSurfaceToFileA

vcomp

_vcomp_for_static_simple_init
_vcomp_fork
_vcomp_for_static_end

comctl32

InitCommonControlsEx

dinput8

DirectInput8Create

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 23.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: yes

8ed1f4cde4daa35c8467aca0d08bbb25

Headers

File Characteristics

Imports

ddraw

xinput1_3

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

d3dx9_38

vcomp

comctl32

dinput8

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 800KB - Virtual size: 798KB

.data Size: 2.0MB - Virtual size: 23.2MB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 800KB - Virtual size: 798KB

.data
Size: 2.0MB - Virtual size: 23.2MB

.rsrc
Size: 28KB - Virtual size: 25KB