AyuGram[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AyuGram.exe
Size

159.0MB
MD5

c3cad7e4249f5a65554f7b29a5e53b8f
SHA1

de4052f0a4aa52097c7f89f2c4f9061544131933
SHA256

cf3a85da1ebd2eaa64de4e9b49a9a3b8609cd2880f1ea329c5ca3ea4498e35fe
SHA512

fbccfbee2d06bc5700492b2215450a976e075a75976caeb6ba045d5592ab253f379a3f181a8b1818311b44f0c594d188e81cee35866e80581a52878a68459970
SSDEEP

1572864:JidKMYg1m3CLdwiomfDtjclTi6t47fVas65x3Iv:z3sPfhwPt47fVas65x3Iv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AyuGram.exe

Files

AyuGram.exe
.exe windows:6 windows x64 arch:x64

5272a14fc0185c141ef6978eab76f414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\AyuGram\AyuGramDesktop\tdesktop\out\Release\AyuGram.pdb

Imports

kernel32

FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CopyFileW
QueryPerformanceFrequency
GetCommandLineW
EncodePointer
DecodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetEnvironmentVariableW
RemoveDirectoryW
GetCurrentProcess
GetModuleFileNameW
WinExec
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
GetModuleHandleW
GetModuleHandleExW
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
SetThreadPriority
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
ReleaseSemaphore
CreateSemaphoreW
VerSetConditionMask
VerifyVersionInfoW
GetLocaleInfoW
GetUserDefaultUILanguage
GetTickCount64
MoveFileExW
FindFirstFileW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
GetSystemPowerStatus
LocalAlloc
GetVersionExA
WaitForMultipleObjectsEx
CreateEventExW
GetCurrentThread
IsDebuggerPresent
DebugBreak
CreateSemaphoreA
SetFilePointerEx
GetStdHandle
OpenThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateEventA
SetLastError
QueueUserAPC
GetThreadId
GetModuleHandleA
GetNativeSystemInfo
OpenProcess
QueryFullProcessImageNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetModuleHandleExA
ExpandEnvironmentStringsW
GetVersionExW
lstrcpyW
lstrlenW
lstrcpynW
GetCurrentDirectoryW
InitializeCriticalSectionEx
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
WakeAllConditionVariable
MoveFileExA
InitOnceBeginInitialize
InitOnceComplete
InitializeSRWLock
SleepConditionVariableSRW
GetSystemDirectoryW
LoadLibraryExA
LoadLibraryExW
ReleaseMutex
GetConsoleMode
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetProcessAffinityMask
CreateMutexA
RtlCaptureContext
SetUnhandledExceptionFilter
TerminateThread
ResumeThread
GetProcessId
VirtualQueryEx
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SignalObjectAndWait
GetThreadGroupAffinity
SetEnvironmentVariableW
VirtualProtect
SetCurrentDirectoryW
GetTempFileNameA
TlsFree
VirtualQuery
RtlVirtualUnwind
VirtualAlloc
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
GetExitCodeThread
GetFileType
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
SetConsoleMode
ReadConsoleA
ReadConsoleW
GlobalFree
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
DisconnectNamedPipe
SetHandleInformation
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
CompareStringEx
GetLocalTime
TerminateProcess
IsProcessorFeaturePresent
SwitchToThread
GetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
CreateProcessW
UnregisterWaitEx
RegisterWaitForSingleObject
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
CreateDirectoryW
GetLogicalDrives
SetFileTime
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
CompareStringW
LCMapStringW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GetLocaleInfoEx
SetFileAttributesW
TryAcquireSRWLockExclusive
RtlPcToFileHeader
GetStringTypeW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
UnhandledExceptionFilter
InterlockedPopEntrySList
QueryDepthSList
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
CreateTimerQueue
RtlUnwindEx
RtlUnwind
ExitThread
SetConsoleCtrlHandler
SetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
GetConsoleOutputCP
GetCommandLineA
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
HeapQueryInformation
IsValidCodePage
GetOEMCP
GetUserDefaultLangID

Exports

Exports

??0Animation@rlottie@@AEAA@XZ
??0PlatformMethods@angle@@QEAA@XZ
??0Surface@rlottie@@QEAA@PEAI_K11@Z
??0Surface@rlottie@@QEAA@XZ
??1Animation@rlottie@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
??4Surface@rlottie@@QEAAAEAV01@$$QEAV01@@Z
??4Surface@rlottie@@QEAAAEAV01@AEBV01@@Z
?buffer@Surface@rlottie@@QEBAPEAIXZ
?bytesPerLine@Surface@rlottie@@QEBA_KXZ
?configureModelCacheSize@@YAX_K@Z
?drawRegionHeight@Surface@rlottie@@QEBA_KXZ
?drawRegionPosX@Surface@rlottie@@QEBA_KXZ
?drawRegionPosY@Surface@rlottie@@QEBA_KXZ
?drawRegionWidth@Surface@rlottie@@QEBA_KXZ
?duration@Animation@rlottie@@QEBANXZ
?frameAtPos@Animation@rlottie@@QEAA_KN@Z
?frameRate@Animation@rlottie@@QEBANXZ
?height@Surface@rlottie@@QEBA_KXZ
?layers@Animation@rlottie@@QEBAAEBV?$vector@V?$tuple@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@std@@V?$allocator@V?$tuple@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@std@@@2@@std@@XZ
?loadFromData@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@AEBV54@1_NAEBV?$vector@U?$pair@II@std@@V?$allocator@U?$pair@II@std@@@2@@4@W4FitzModifier@2@@Z
?loadFromFile@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@_N@Z
?render@Animation@rlottie@@QEAA?AV?$future@VSurface@rlottie@@@std@@_KVSurface@2@_N@Z
?renderSync@Animation@rlottie@@QEAAX_KVSurface@2@_N@Z
?renderTree@Animation@rlottie@@QEBAPEBULOTLayerNode@@_K00@Z
?setDrawRegion@Surface@rlottie@@QEAAX_K000@Z
?setValue@Animation@rlottie@@AEAAXUColor_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUColor@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUColor_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UColor@2@@Z
?setValue@Animation@rlottie@@AEAAXUFloat_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6AMAEBUFrameInfo@rlottie@@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUFloat_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@M@Z
?setValue@Animation@rlottie@@AEAAXUPoint_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUPoint@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUPoint_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UPoint@2@@Z
?setValue@Animation@rlottie@@AEAAXUSize_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUSize@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUSize_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@USize@2@@Z
?size@Animation@rlottie@@QEBAXAEA_K0@Z
?totalFrame@Animation@rlottie@@QEBA_KXZ
?width@Surface@rlottie@@QEBA_KXZ
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform

Sections

.text
Size: 76.6MB - Virtual size: 76.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35.6MB - Virtual size: 35.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42.7MB - Virtual size: 61.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5272a14fc0185c141ef6978eab76f414

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 76.6MB - Virtual size: 76.6MB

.rdata Size: 35.6MB - Virtual size: 35.6MB

.data Size: 42.7MB - Virtual size: 61.4MB

.pdata Size: 2.8MB - Virtual size: 2.8MB

.rodata Size: 4KB - Virtual size: 4KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 329KB - Virtual size: 328KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 969KB - Virtual size: 969KB

.text
Size: 76.6MB - Virtual size: 76.6MB

.rdata
Size: 35.6MB - Virtual size: 35.6MB

.data
Size: 42.7MB - Virtual size: 61.4MB

.pdata
Size: 2.8MB - Virtual size: 2.8MB

.rodata
Size: 4KB - Virtual size: 4KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 329KB - Virtual size: 328KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 969KB - Virtual size: 969KB