AyuGram[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AyuGram.exe
Size

164.7MB
MD5

f930bd14f5f86060c3d0c0bfe5ba87f9
SHA1

94084e37b1861280be634db944a4d5c56ce63331
SHA256

f4c4e5463f6fb91cf5853819256fdbda88966c58423b7c0ffee63e39dcda9584
SHA512

c8b19c4f8125a24efad3fe251a8d22d6ae021b47cfb3933097e0fb07a2a29bab77ee3c03fd148fe0b4c8ba748bf2514d3f8e4267991f76c290c70ddbac2c6662
SSDEEP

1572864:n+arM7hn0IdTAZ/LdwiomfDts8MtHKia:u11onPfhVQHKia

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AyuGram.exe

Files

AyuGram.exe
.exe windows:6 windows x64 arch:x64

255321b568c263e26a09e806a6d9bd88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\AyuGram\AyuGramDesktop\tdesktop\out\Release\AyuGram.pdb

Imports

kernel32

FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CopyFileW
QueryPerformanceFrequency
GetCommandLineW
EncodePointer
DecodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetEnvironmentVariableW
RemoveDirectoryW
GetCurrentProcess
GetModuleFileNameW
WinExec
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
GetModuleHandleW
GetModuleHandleExW
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
SetThreadPriority
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
ReleaseSemaphore
CreateSemaphoreW
VerSetConditionMask
VerifyVersionInfoW
GetLocaleInfoW
GetUserDefaultUILanguage
GetTickCount64
MoveFileExW
FindFirstFileW
PowerCreateRequest
PowerSetRequest
PowerClearRequest
GetSystemPowerStatus
LocalAlloc
GetVersionExA
WaitForMultipleObjectsEx
CreateEventExW
GetCurrentThread
IsDebuggerPresent
DebugBreak
CreateSemaphoreA
SetFilePointerEx
GetStdHandle
OpenThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateEventA
SetLastError
QueueUserAPC
GetThreadId
GetModuleHandleA
OpenProcess
QueryFullProcessImageNameW
ExpandEnvironmentStringsW
GetVersionExW
GetNativeSystemInfo
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
LoadLibraryExW
lstrcpyW
lstrlenW
lstrcpynW
GetCurrentDirectoryW
InitializeCriticalSectionEx
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
WakeAllConditionVariable
MoveFileExA
InitOnceBeginInitialize
InitOnceComplete
InitializeSRWLock
SleepConditionVariableSRW
GetSystemDirectoryW
LoadLibraryExA
ReleaseMutex
GetConsoleMode
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetProcessAffinityMask
CreateMutexA
RtlCaptureContext
SetUnhandledExceptionFilter
TerminateThread
ResumeThread
GetProcessId
VirtualQueryEx
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SignalObjectAndWait
GetThreadGroupAffinity
SetEnvironmentVariableW
VirtualProtect
SetCurrentDirectoryW
GetTempFileNameA
GetModuleHandleExA
TlsFree
GetOEMCP
RtlVirtualUnwind
VirtualAlloc
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
GetExitCodeThread
GetFileType
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
SetConsoleMode
ReadConsoleA
ReadConsoleW
GlobalFree
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
DisconnectNamedPipe
SetHandleInformation
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
CompareStringEx
GetLocalTime
TerminateProcess
IsProcessorFeaturePresent
SwitchToThread
GetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
CreateProcessW
UnregisterWaitEx
RegisterWaitForSingleObject
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
CreateDirectoryW
GetLogicalDrives
SetFileTime
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
CompareStringW
LCMapStringW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GetUserDefaultLangID
TryAcquireSRWLockExclusive
GetLocaleInfoEx
SetFileAttributesW
RtlPcToFileHeader
GetStringTypeW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateSemaphoreExW
FlushProcessWriteBuffers
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
LCMapStringEx
GetCPInfo
RtlLookupFunctionEntry
UnhandledExceptionFilter
InterlockedPopEntrySList
QueryDepthSList
GetCurrentProcessorNumberEx
GetLogicalProcessorInformationEx
GetNumaHighestNodeNumber
SetThreadGroupAffinity
GetThreadTimes
FreeLibraryAndExitThread
RtlUnwindEx
RtlUnwind
InitializeCriticalSectionAndSpinCount
ExitThread
SetConsoleCtrlHandler
SetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
GetConsoleOutputCP
GetCommandLineA
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
HeapQueryInformation
IsValidCodePage
VirtualQuery

Exports

Exports

??0Animation@rlottie@@AEAA@XZ
??0PlatformMethods@angle@@QEAA@XZ
??0Surface@rlottie@@QEAA@PEAI_K11@Z
??0Surface@rlottie@@QEAA@XZ
??1Animation@rlottie@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
??4Surface@rlottie@@QEAAAEAV01@$$QEAV01@@Z
??4Surface@rlottie@@QEAAAEAV01@AEBV01@@Z
?buffer@Surface@rlottie@@QEBAPEAIXZ
?bytesPerLine@Surface@rlottie@@QEBA_KXZ
?configureModelCacheSize@@YAX_K@Z
?drawRegionHeight@Surface@rlottie@@QEBA_KXZ
?drawRegionPosX@Surface@rlottie@@QEBA_KXZ
?drawRegionPosY@Surface@rlottie@@QEBA_KXZ
?drawRegionWidth@Surface@rlottie@@QEBA_KXZ
?duration@Animation@rlottie@@QEBANXZ
?frameAtPos@Animation@rlottie@@QEAA_KN@Z
?frameRate@Animation@rlottie@@QEBANXZ
?height@Surface@rlottie@@QEBA_KXZ
?layers@Animation@rlottie@@QEBAAEBV?$vector@V?$tuple@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@std@@V?$allocator@V?$tuple@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@std@@@2@@std@@XZ
?loadFromData@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@AEBV54@1_NAEBV?$vector@U?$pair@II@std@@V?$allocator@U?$pair@II@std@@@2@@4@W4FitzModifier@2@@Z
?loadFromFile@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@_N@Z
?render@Animation@rlottie@@QEAA?AV?$future@VSurface@rlottie@@@std@@_KVSurface@2@_N@Z
?renderSync@Animation@rlottie@@QEAAX_KVSurface@2@_N@Z
?renderTree@Animation@rlottie@@QEBAPEBULOTLayerNode@@_K00@Z
?setDrawRegion@Surface@rlottie@@QEAAX_K000@Z
?setValue@Animation@rlottie@@AEAAXUColor_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUColor@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUColor_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UColor@2@@Z
?setValue@Animation@rlottie@@AEAAXUFloat_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6AMAEBUFrameInfo@rlottie@@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUFloat_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@M@Z
?setValue@Animation@rlottie@@AEAAXUPoint_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUPoint@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUPoint_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UPoint@2@@Z
?setValue@Animation@rlottie@@AEAAXUSize_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$$QEAV?$function@$$A6A?AUSize@rlottie@@AEBUFrameInfo@2@@Z@6@@Z
?setValue@Animation@rlottie@@AEAAXUSize_Type@2@W4Property@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@USize@2@@Z
?size@Animation@rlottie@@QEBAXAEA_K0@Z
?totalFrame@Animation@rlottie@@QEBA_KXZ
?width@Surface@rlottie@@QEBA_KXZ
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform

Sections

.text
Size: 78.7MB - Virtual size: 78.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37.3MB - Virtual size: 37.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44.6MB - Virtual size: 63.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

255321b568c263e26a09e806a6d9bd88

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 78.7MB - Virtual size: 78.7MB

.rdata Size: 37.3MB - Virtual size: 37.3MB

.data Size: 44.6MB - Virtual size: 63.3MB

.pdata Size: 2.9MB - Virtual size: 2.9MB

.rodata Size: 2KB - Virtual size: 2KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 329KB - Virtual size: 328KB

_RDATA Size: 512B - Virtual size: 48B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 994KB - Virtual size: 994KB

.text
Size: 78.7MB - Virtual size: 78.7MB

.rdata
Size: 37.3MB - Virtual size: 37.3MB

.data
Size: 44.6MB - Virtual size: 63.3MB

.pdata
Size: 2.9MB - Virtual size: 2.9MB

.rodata
Size: 2KB - Virtual size: 2KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 329KB - Virtual size: 328KB

_RDATA
Size: 512B - Virtual size: 48B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 994KB - Virtual size: 994KB