Olympus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Olympus.exe
Size

16.2MB
MD5

2bdfa4ec37fef3fa885154366fbff4d9
SHA1

7ba51683d05cda85a39154221e997fedead6bc1c
SHA256

6e3f216b9d45f58a8ac6c1a1251be12473397b6637bc72c81d0c70c37810c3ea
SHA512

43e6b0b54370d6f1562df86a5ce1d5e8c9bb62cfb1f115f2edfd73cb647087c55a6a31a705a4ae3dd7030d7a89f0ac6bdf3b842dd525bc70c4af1b9a7a941541
SSDEEP

98304:1FqM7Bk5u+b48Lia1lW+suiBzsy0AhifswPyuhUbXxlAyUaGUfr0CkXIW3EU0fQe:1BSHzYMUuYAyShFVRTr4ZCML

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Olympus.exe

Files

Olympus.exe
.exe windows:6 windows x64 arch:x64

857a677cc81625b758e7dea2fd1e4a83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\BiJETsEv\0\olympusgg\client\launcher-rs\src-tauri\target\x86_64-pc-windows-msvc\release\deps\olympus_launcher_rs.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
ReleaseSRWLockShared
GetModuleHandleW
GetCurrentThreadId
AcquireSRWLockShared
CreateFileW
GetConsoleMode
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetProcAddress
GetCurrentProcess
lstrlenW
GetSystemInfo
GetProcessHeap
HeapFree
OpenProcess
HeapAlloc
LocalFree
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetExitCodeProcess
VirtualQueryEx
ReadProcessMemory
GlobalMemoryStatusEx
K32GetPerformanceInfo
LoadLibraryExA
FreeLibrary
CreateEventW
WaitForSingleObject
FormatMessageW
TryAcquireSRWLockExclusive
SetFileTime
GetUserDefaultUILanguage
LCIDToLocaleName
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
GetEnvironmentVariableW
GetFileInformationByHandle
SetFileAttributesW
MoveFileExW
SleepConditionVariableSRW
DuplicateHandle
SetHandleInformation
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
ReadFile
GetOverlappedResult
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
FindClose
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
CreateSymbolicLinkW
CreateHardLinkW
GetFinalPathNameByHandleW
CancelIo
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
GetTempPathW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree

ntdll

RtlGetVersion
NtQueryInformationProcess
NtWriteFile
NtReadFile
NtCreateFile
NtQuerySystemInformation
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

ws2_32

getaddrinfo
freeaddrinfo
getpeername
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
send
recv
shutdown
closesocket
getsockopt
ioctlsocket
connect
bind
WSASocketW
getsockname
WSASend

ole32

CoCreateInstance
CoInitializeEx
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
RevokeDragDrop
CoUninitialize
RegisterDragDrop
CoTaskMemAlloc

user32

GetAsyncKeyState
GetKeyboardState
GetRawInputData
GetSystemMenu
SetWindowLongW
CreateIcon
DestroyWindow
RedrawWindow
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
SetCursor
MapVirtualKeyExW
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
ValidateRect
GetWindowLongW
GetClientRect
ClientToScreen
LoadCursorW
MonitorFromRect
PostThreadMessageW
PeekMessageW
GetUpdateRect
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
GetSystemMetrics
RegisterTouchWindow
InvalidateRgn
SetMenu
IsIconic
ReleaseCapture
SetCursorPos
VkKeyScanW
GetForegroundWindow
PostQuitMessage
GetKeyState
ShowWindow
CreateAcceleratorTableW
AppendMenuW
CreateMenu
CheckMenuItem
SetMenuItemInfoW
GetKeyboardLayout
EnableMenuItem
MapVirtualKeyW
DestroyAcceleratorTable
SendInput
SetForegroundWindow
SetWindowDisplayAffinity
GetMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
SendMessageW
DestroyIcon
IsProcessDPIAware
GetDC
GetAncestor
SystemParametersInfoA
GetWindowLongPtrW
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetMenu
GetWindowRect
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
ToUnicodeEx
EnumChildWindows
GetMessageA
GetActiveWindow
PostMessageW
DispatchMessageA
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
TrackMouseEvent

comctl32

RemoveWindowSubclass
SetWindowSubclass
TaskDialogIndirect
DefSubclassProc

shell32

DragFinish
DragQueryFileW
SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteW
SHAppBarMessage

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery

powrprof

CallNtPowerInformation

advapi32

IsValidSid
RegCloseKey
RegQueryValueExW
EventRegister
EventSetInformation
GetTokenInformation
OpenProcessToken
EventWriteTransfer
EventUnregister
RegGetValueW
GetLengthSid
RegOpenKeyExW
CopySid
SystemFunction036

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

secur32

EncryptMessage
FreeContextBuffer
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
FreeCredentialsHandle
ApplyControlToken
InitializeSecurityContextW
DecryptMessage

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

uxtheme

SetWindowTheme

crypt32

CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertVerifyTimeValidity
CertGetEnhancedKeyUsage
CertDuplicateStore
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
pow
__setusermatherr
round
trunc

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
calloc
free
malloc

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncmp
wcslen
strcpy_s
strlen

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
terminate
_initterm_e
_exit
_initterm
_cexit
abort
__p___argc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857a677cc81625b758e7dea2fd1e4a83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

ws2_32

ole32

user32

comctl32

shell32

gdi32

dwmapi

pdh

powrprof

advapi32

psapi

secur32

oleaut32

uxtheme

crypt32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.2MB - Virtual size: 10.2MB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.data Size: 24KB - Virtual size: 36KB

.pdata Size: 491KB - Virtual size: 491KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 81KB - Virtual size: 81KB

.text
Size: 10.2MB - Virtual size: 10.2MB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 24KB - Virtual size: 36KB

.pdata
Size: 491KB - Virtual size: 491KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 81KB - Virtual size: 81KB