Blinky[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Blinky.exe
Size

720KB
MD5

2a0fd6f9c3301049f0f4f15f2dcff1d5
SHA1

af059f931c294864fe37dbb7b609ef034cfa7cd2
SHA256

25907c7014e0c6f2e304a5f3c2cca35e7ee49ceaa711cb9ccad68bb60c3595ed
SHA512

40890d9e013b46ece81432df414a721e3d4a03b18e1e588f0a8b6eb9d3c392ae2dd271293d8a443ff60f6a952085144b78ae300399dd3fbb11fd892f9cc31da4
SSDEEP

12288:fU6ouvF+xv3+IbsltZXkCniaYyy9sxAyBGl9+VNa114PSPq0pEqHjG01qwIoB:fU6ouvCvOIbutZXkCniaYyyOxJPR0gdO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Blinky.exe

Files

Blinky.exe
.exe windows:6 windows x64 arch:x64

bc6a82c2f7ea2b30c0fe86065a971704

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Cleanest\Nouveau dossier (2)\Nouveau dossier\ImGui-desktop-design-base-main\release\Blink.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

FreeLibrary
QueryPerformanceCounter
ReadFile
GetModuleFileNameA
Process32First
WriteProcessMemory
SetConsoleTitleA
TerminateProcess
GetModuleFileNameW
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetLastError
CreateFileA
Process32Next
CloseHandle
CreateThread
VirtualAllocEx
GetFileSize
GetConsoleWindow
CreateRemoteThread
CreateProcessA
VirtualFreeEx
GlobalFree
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GlobalAlloc
QueryPerformanceFrequency
GetModuleHandleW
AreFileApisANSI
SetFileInformationByHandle
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
Sleep
GetModuleHandleA
GetStdHandle
GlobalLock
SetConsoleTextAttribute
SleepConditionVariableSRW
UnhandledExceptionFilter

user32

GetWindowRect
DestroyWindow
GetSystemMetrics
GetWindowThreadProcessId
KillTimer
RegisterClassExA
UpdateWindow
GetKeyState
ShowWindow
SetTimer
SetWindowLongA
GetWindowLongA
MessageBoxA
MoveWindow
DefWindowProcA
FindWindowA
TranslateMessage
GetForegroundWindow
SetWindowsHookExA
GetCursorInfo
GetAsyncKeyState
CallNextHookEx
LoadCursorA
ScreenToClient
CreateWindowExA
SetLayeredWindowAttributes
UnregisterClassA
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
PeekMessageA
PostQuitMessage
PostMessageA
GetCursorPos
LoadIconA
DispatchMessageA
GetMessageA
SetClipboardData
GetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW

shell32

ShellExecuteA

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

winmm

timeEndPeriod
timeBeginPeriod

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

windivert

WinDivertClose
WinDivertOpen

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetVersion

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memcmp
strstr
__std_terminate
memchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ftell
_get_stream_buffer_pointers
__stdio_common_vfprintf
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
_set_fmode
fwrite
_wfopen
fgetc
__stdio_common_vsprintf
fclose
fflush
fputc
__stdio_common_vsscanf
__p__commode
fseek

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
system
_crt_atexit
exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_wassert
_beginthreadex
terminate
_errno
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

tolower
strcmp
strcpy_s

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

ceilf
acosf
sinf
cosf
__setusermatherr
sqrtf

Sections

.text
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc6a82c2f7ea2b30c0fe86065a971704

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

winmm

imm32

d3dcompiler_43

dwmapi

windivert

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 305KB - Virtual size: 304KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 300KB - Virtual size: 308KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 305KB - Virtual size: 304KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 300KB - Virtual size: 308KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB