ChatGPT[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ChatGPT.exe
Size

10.1MB
MD5

b5cd3cbe8995dfc01f035b107322db51
SHA1

6e3c5f5597966cff1e50c43970281b70b31534e3
SHA256

9c28d8da7a38029e84dda55e3509399ca89655731a6cb275ff59b3fd13fd4649
SHA512

1e5879777fc2b9761ed4359400e4e72257a3fbf7df4f76d7e6194d08cc0715fbe7118ba7982341387ea396e432493560eba63d422af9c63710a628af21d0bf0a
SSDEEP

98304:vnvaQg84Jn0/n2vsUk4Vp3zCMt15mm1BkcDvZ6cDFV/aZNcGTuPSKt4Vpm79:vvirfdGTuqTc5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ChatGPT.exe

Files

ChatGPT.exe
.exe windows:6 windows x64 arch:x64

Password: asrwetew

624308b184b1ceba6797222aacf8b981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetFileInformationByHandle
ReleaseSRWLockExclusive
lstrlenW
Sleep
RemoveDirectoryW
GetProcessId
TerminateProcess
GetSystemInfo
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
GetModuleHandleA
MultiByteToWideChar
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FindClose
SetEnvironmentVariableW
SetHandleInformation
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
SetFileInformationByHandle
SleepConditionVariableSRW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
HeapReAlloc
GetProcessHeap
HeapAlloc
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
CreatePipe
EncodePointer
TlsAlloc
TlsGetValue
CloseHandle
LoadLibraryExW
RtlUnwind
TlsSetValue
TlsFree
GetLastError
GetModuleHandleW
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
GetCurrentThreadId
FreeLibrary
PostQueuedCompletionStatus
WakeConditionVariable
LoadLibraryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SwitchToThread
AcquireSRWLockExclusive
WaitForSingleObject
HeapFree
WakeAllConditionVariable
SetFileAttributesW
SetFileTime
CreateHardLinkW
SetFilePointerEx
CreateSymbolicLinkW

user32

GetDC
DefWindowProcW
CreatePopupMenu
CreateMenu
AdjustWindowRectEx
CreateWindowExW
GetMenu
GetMessageA
DispatchMessageA
CreateAcceleratorTableW
SetMenu
GetWindowLongW
SetWindowDisplayAffinity
IsProcessDPIAware
MapVirtualKeyExW
TrackPopupMenu
EnumChildWindows
GetKeyboardState
SetForegroundWindow
GetCursorPos
EnumDisplayMonitors
GetForegroundWindow
SetCursorPos
ReleaseCapture
MonitorFromWindow
GetWindowPlacement
ChangeDisplaySettingsExW
RegisterTouchWindow
IsWindow
SetWindowLongPtrW
RegisterWindowMessageA
IsIconic
MonitorFromPoint
GetMessageW
SendInput
RegisterClassW
LoadCursorW
AppendMenuW
IsWindowVisible
SetWindowPlacement
CreateIcon
ShowCursor
SetCursor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClipCursor
GetClipCursor
GetActiveWindow
ClientToScreen
SetWindowLongW
EnableMenuItem
GetSystemMenu
InvalidateRgn
SetWindowPos
ShowWindow
GetMonitorInfoW
RegisterRawInputDevices
SystemParametersInfoA
UnregisterHotKey
SendMessageW
CheckMenuItem
DestroyIcon
GetAncestor
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RedrawWindow
GetRawInputData
ValidateRect
PostThreadMessageW
PeekMessageW
GetUpdateRect
SetCapture
PostQuitMessage
TrackMouseEvent
FlashWindowEx
GetKeyState
MapVirtualKeyW
GetAsyncKeyState
VkKeyScanW
GetKeyboardLayout
ToUnicodeEx
SetMenuItemInfoW
DestroyAcceleratorTable
SetWindowTextW
GetWindowRect
MonitorFromRect
GetWindowLongPtrW
GetWindowTextW
RegisterHotKey
GetClientRect
GetSystemMetrics
PostMessageW
MsgWaitForMultipleObjectsEx
DestroyWindow
RegisterClassExW
GetWindowTextLengthW

comctl32

TaskDialogIndirect
RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

secur32

DecryptMessage
InitializeSecurityContextW
DeleteSecurityContext
ApplyControlToken
AcceptSecurityContext
FreeContextBuffer
FreeCredentialsHandle
QueryContextAttributesW
AcquireCredentialsHandleA
EncryptMessage

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertCloseStore
CertDuplicateCertificateContext
CertDuplicateStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain

ws2_32

ioctlsocket
WSAIoctl
getpeername
closesocket
getsockname
WSASend
bind
connect
WSASocketW
freeaddrinfo
WSAStartup
WSACleanup
select
getsockopt
send
recv
WSAGetLastError
shutdown
getaddrinfo
setsockopt

advapi32

EventUnregister
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
RegSetValueExW
RegGetValueW
RegDeleteValueW
SystemFunction036

shell32

SHAppBarMessage
SHCreateItemFromParsingName
Shell_NotifyIconW
SHGetKnownFolderPath
DragQueryFileW
DragFinish
Shell_NotifyIconGetRect
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
RegisterDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoCreateInstance
RevokeDragDrop
OleInitialize

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtDeviceIoControlFile
NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtReadFile

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SetErrorInfo
SysStringLen
SysFreeString
GetErrorInfo

api-ms-win-crt-math-l1-1-0

round
trunc
__setusermatherr
floor

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
wcslen
_wcsicmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_configure_narrow_argv
_set_app_type
abort
exit
_initialize_onexit_table
_register_onexit_function
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
terminate
__p___argc
__p___argv
_cexit
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_set_new_mode
_callnewh

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: asrwetew

624308b184b1ceba6797222aacf8b981

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

secur32

crypt32

ws2_32

advapi32

shell32

ole32

bcrypt

ntdll

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 4.9MB - Virtual size: 4.8MB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 277KB - Virtual size: 277KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 4.9MB - Virtual size: 4.8MB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 277KB - Virtual size: 277KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 36KB - Virtual size: 36KB