ST_TriggerBot[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ST_TriggerBot.exe
Size

21.7MB
MD5

3eb2aa5299ae40b3fc4fc586a7a49745
SHA1

92a4b94445d78cac13c2498ffd25462dc030d73d
SHA256

6aa5024f67e12227915ee554242a63779bb1d82fb72466a0e7c82d25ccbce8ea
SHA512

78340be241da00531b3dfebdeada9707da2dafba6b7457d0db41460c44afe5f4cd5894d9b9a858806f26ca927bd3ac6944d47ed38bb51415e7596fdf56f4c3cc
SSDEEP

393216:qJh/Pon0HZZAthD3q0TZYSXhOCjkzUlMdizxccIFhH4ItmLZDM97xJi3J+D2:qfonIoWrR8kYMdoxc1b4lL6pxJ5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ST_TriggerBot.exe

Files

ST_TriggerBot.exe
.exe windows:6 windows x64 arch:x64

f59785c1a9078f70567d550138559e39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetLayeredWindowAttributes

shell32

ShellExecuteW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

d3d11

D3D11CreateDevice

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xorstr0
Size: - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xorstr1
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xorstr2
Size: 21.7MB - Virtual size: 21.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f59785c1a9078f70567d550138559e39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

d3d11

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 34KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 2KB

.pdata Size: - Virtual size: 1KB

.xorstr0 Size: - Virtual size: 12.9MB

.xorstr1 Size: 3KB - Virtual size: 2KB

.xorstr2 Size: 21.7MB - Virtual size: 21.7MB

.reloc Size: 512B - Virtual size: 280B

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: - Virtual size: 34KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 2KB

.pdata
Size: - Virtual size: 1KB

.xorstr0
Size: - Virtual size: 12.9MB

.xorstr1
Size: 3KB - Virtual size: 2KB

.xorstr2
Size: 21.7MB - Virtual size: 21.7MB

.reloc
Size: 512B - Virtual size: 280B

.rsrc
Size: 15KB - Virtual size: 15KB