Automated Malware Analysis Report for Mintty.Exe

ID: 82150 Sample Name: mintty.exe Cookbook: default.jbs Time: 12:06:06 Date: 04/10/2018 Version: 24.0.0 Fire Opal Table of Contents

Table of Contents 2 Analysis Report mintty.exe 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Signature Overview 6 Spreading: 6 Software Vulnerabilities: 6 Networking: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 System Summary: 6 Data Obfuscation: 6 Hooking and other Techniques for Hiding and Protection: 7 Malware Analysis System Evasion: 7 Anti Debugging: 7 Language, Device and Operating System Detection: 7 Behavior Graph 7 Simulations 7 Behavior and APIs 8 Antivirus Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 8 URLs 8 Yara Overview 8 Initial Sample 8 PCAP (Network Traffic) 8 Dropped Files 8 Memory Dumps 8 Unpacked PEs 8 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 Dropped Files 9 Screenshots 9 Thumbnails 9 Startup 10 Created / dropped Files 10 Domains and IPs 10 Contacted Domains 10 URLs from Memory and Binaries 10 Contacted IPs 11 Static File Info 11 General 11 File Icon 11 Static PE Info 11 General 11 Entrypoint Preview 12 Data Directories 12 Sections 13 Resources 14 Imports 14 Version Infos 15 Possible Origin 15

Copyright Joe Security LLC 2018 Page 2 of 16 Network Behavior 16 Code Manipulations 16 Statistics 16 System Behavior 16 Analysis Process: mintty.exe PID: 3268 Parent PID: 3056 16 General 16 Disassembly 16 Code Analysis 16

Overview

General Information

Joe Sandbox Version: 24.0.0 Fire Opal Analysis ID: 82150 Start date: 04.10.2018 Start time: 12:06:06 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 2m 37s Hypervisor based Inspection enabled: false Report type: light Sample file name: mintty.exe Cookbook file name: default.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 2 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies HCA enabled EGA enabled HDC enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean7.winEXE@1/0@0/0 EGA Information: Failed HDC Information: Successful, ratio: 16% (good quality ratio 10.4%) Quality average: 40.1% Quality standard deviation: 34.7% HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Execution Graph export aborted for target mintty.exe, PID 3268 because there are no executed function

Detection

Strategy Score Range Reporting Detection

Threshold 7 0 - 100 Report FP / FN

Confidence

Threshold 3 0 - 5 true

Classification

Ransomware

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Analysis Advice

Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior Copyright Joe Security LLC 2018 Page 5 of 16 Signature Overview

• Spreading • Software Vulnerabilities • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • System Summary • Data Obfuscation • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • Language, Device and Operating System Detection

Click to jump to signature section

Spreading:

Contains functionality to enumerate / list files inside a directory

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Networking:

Found strings which match to known social media urls

Urls found in memory or binary data

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

System Summary:

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains strange resources

Tries to load missing DLLs

Classification label

Contains functionality for error logging

Contains functionality to instantiate COM classes

PE file has an executable .text section and no other executable section

Reads software policies

PE file contains a debug data directory

Data Obfuscation:

Contains functionality to dynamically determine API calls

Hooking and other Techniques for Hiding and Protection:

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Extensive use of GetProcAddress (often used to hide API calls)

Malware Analysis System Evasion:

Program does not show much activity (idle)

Contains functionality to enumerate / list files inside a directory

Anti Debugging:

Contains functionality to dynamically determine API calls

Program does not show much activity (idle)

Language, Device and Operating System Detection:

Contains functionality locales information (e.g. system language)

Contains functionality to query windows version

Behavior Graph

Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped

Is Windows Process

Behavior Graph Number of created Registry Values Number of created Files ID: 82150 Visual Basic Sample: mintty.exe Startdate: 04/10/2018 Delphi Architecture: WINDOWS Java Score: 7 .Net C# or VB.NET

C, C++ or other language

started Is malicious

mintty.exe

Simulations Copyright Joe Security LLC 2018 Page 7 of 16 Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

Source Detection Scanner Label Link mintty.exe 1% virustotal Browse mintty.exe 0% metadefender Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link ciembor.github.io/4bit/StoreTransparencyGla&ss&High&Med.&Low&OffOpa&que 0% Avira URL Cloud safe https://raw.githubusercontent.com/mintty/mintty/master/VERSION 0% virustotal Browse https://raw.githubusercontent.com/mintty/mintty/master/VERSION 0% Avira URL Cloud safe mintty.github.io/ 0% virustotal Browse mintty.github.io/ 0% Avira URL Cloud safe mintty.github.io/minttyhttps://raw.githubusercontent.com/mintty/mintty/master/VERSIONnone/usr 0% Avira URL Cloud safe ciembor.github.io/4bit/ 0% virustotal Browse ciembor.github.io/4bit/ 0% Avira URL Cloud safe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

System is w7 mintty.exe (PID: 3268 cmdline: 'C:\Users\user\Desktop\mintty.exe' MD5: C51C1148E3671AD3DE3BB109B3F6741D) cleanup

Created / dropped Files

No created / dropped files found

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Copyright Joe Security LLC 2018 Page 10 of 16 Name Source Malicious Antivirus Detection Reputation mintty.exe false Avira URL Cloud: safe low ciembor.github.io/4bit/StoreTransparencyGla&ss&High&Med. &Low&OffOpa&que mintty.exe false 0%, virustotal, Browse unknown https://raw.githubusercontent.com/mintty/mintty/master/VERSI Avira URL Cloud: safe ON mintty.github.io/ mintty.exe false 0%, virustotal, Browse low Avira URL Cloud: safe mintty.exe false Avira URL Cloud: safe low mintty.github.io/minttyhttps://raw.githubusercontent.com/mintty /mintty/master/VERSIONnone/usr ciembor.github.io/4bit/ mintty.exe false 0%, virustotal, Browse low Avira URL Cloud: safe

Contacted IPs

No contacted IP infos

Static File Info

General File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows Entropy (8bit): 6.116338881361039 TrID: Win32 Executable (generic) a (10002005/4) 99.94% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Java Script embedded in Visual Basic Script (1500/0) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00% File name: mintty.exe File size: 514048 MD5: c51c1148e3671ad3de3bb109b3f6741d SHA1: 1f488915a6c9cd8414178ba3463c621aa2f0a5e4 SHA256: c065027144db0c357d035d0b0987e92769fc0813b8d516 ebc102bd9e8ea4965a SHA512: 3179dea67eea049186b54d3452d2d21b1a8aac63c5f2f52 ad869a6425781d9e835e17dff0ebb1ed1e4fe162f177673 7ebe239e4b3d5681338d87486118748424 File Content Preview: MZ...... @...... !..L.!Th is program cannot be run in DOS mode....$...... PE..L...... /...... p...... @...... T......

File Icon

Static PE Info

General Entrypoint: 0x401000 Entrypoint Section: .text Digitally signed: false Imagebase: 0x400000 Subsystem: windows gui Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED DLL Characteristics: TERMINAL_SERVER_AWARE Time Stamp: 0x0 [Thu Jan 1 00:00:00 1970 UTC] TLS Callbacks: CLR (.Net) Version: OS Version Major: 4

Copyright Joe Security LLC 2018 Page 11 of 16 General OS Version Minor: 0 File Version Major: 4 File Version Minor: 0 Subsystem Version Major: 4 Subsystem Version Minor: 0 Import Hash: f919e954bd1680765ffb5ec6bac80775

Entrypoint Preview

Instruction push ebp mov ebp, esp sub esp, 18h and esp, FFFFFFF0h mov dword ptr [esp], 00438230h call 00007F3AC1A95500h mov dword ptr [esp+08h], 00000000h mov dword ptr [esp+04h], 00000000h mov dword ptr [esp], 00000000h call 00007F3AC1A95504h mov dword ptr [esp+08h], 00000000h mov dword ptr [esp+04h], 00000000h mov dword ptr [esp], 00000000h call 00007F3AC1A954F8h mov dword ptr [esp+08h], 00000000h mov dword ptr [esp+04h], 00000000h mov dword ptr [esp], 00000000h call 00007F3AC1A954ECh mov dword ptr [esp+08h], 00000000h mov dword ptr [esp+04h], 00000000h mov dword ptr [esp], 00000000h call 00007F3AC1A954E0h leave ret nop nop nop nop nop nop nop nop nop push ebp mov ebp, esp push edi push esi push ebx sub esp, 2Ch mov esi, dword ptr [0047EB68h] mov dword ptr [esp], 00452000h call esi sub esp, 04h test eax, eax je 00007F3AC1A5EC33h mov ebx, eax mov dword ptr [esp], 00452000h call dword ptr [0047EBA0h]

Data Directories

Name Virtual Address Virtual Size Is in Section IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_IMPORT 0x7e000 0x2cc0 .idata IMAGE_DIRECTORY_ENTRY_RESOURCE 0x81000 0x74e0 .rsrc

Copyright Joe Security LLC 2018 Page 12 of 16 Name Virtual Address Virtual Size Is in Section IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0 IMAGE_DIRECTORY_ENTRY_SECURITY 0x0 0x0 IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0 IMAGE_DIRECTORY_ENTRY_DEBUG 0x6d000 0x1c .buildid IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0 IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_IAT 0x7e794 0x668 .idata IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0 IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0

Sections

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics .text 0x1000 0x3a1d4 0x3a200 False 0.525 data 6.1870746833 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .data 0x3c000 0x15664 0x15800 False 0.247728924419 data 3.86287714789 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .rdata 0x52000 0x1abbc 0x1ac00 False 0.523191077687 data 6.11729639052 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .buildid 0x6d000 0x35 0x200 False 0.099609375 data 0.577402851606 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

Copyright Joe Security LLC 2018 Page 13 of 16 Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics .eh_fram 0x6e000 0x8694 0x8800 False 0.350356158088 data 5.14228051915 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .bss 0x77000 0x6e28 0x0 False 0 empty 0.0 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED _DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .idata 0x7e000 0x2cc0 0x2e00 False 0.357082201087 data 5.36023711511 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .rsrc 0x81000 0x74e0 0x7600 False 0.210209216102 data 4.30322696538 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_D ATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

Resources

Name RVA Size Type Language Country RT_ICON 0x81268 0x568 GLS_BINARY_LSB_FIRST English United States RT_ICON 0x817d0 0x3228 data English United States RT_ICON 0x849f8 0x1ca8 data English United States RT_ICON 0x866a0 0xca8 data English United States RT_ICON 0x87348 0x368 GLS_BINARY_LSB_FIRST English United States RT_DIALOG 0x876b0 0x60 data English United States RT_DIALOG 0x87710 0x160 data English United States RT_GROUP_ICON 0x87870 0x4c data English United States RT_VERSION 0x878c0 0x278 data English United States RT_MANIFEST 0x87b38 0x4bb XML 1.0 document, ASCII text English United States

Imports

Copyright Joe Security LLC 2018 Page 14 of 16 DLL Import msys-2.0.dll __cxa_atexit, __errno, __getreent, __locale_ctype_ptr, __locale_mb_cur_max, __main, _dll_crt0@0, _fcntl64, _fgetpos64, _fopen64, _getpwuid32, _getuid32, _impure_ptr, _open64, _tmpfile64, abort, access, argz_create, argz_stringify, asprintf, atoi, calloc, chdir, chmod, clock_gettime, close, closedir, cygwin_conv_path, cygwin_internal, dll_dllcrt0, dup, execv, execvp, exit, fclose, fcntl, fflush, fgetpos, fgets, fileno, floorf, fopen, fork, forkpty, fprintf, fputc, fputs, fread, free, fscanf, fseek, fwrite, getcwd, getenv, gethostname, getlogin, getopt_long, getopt_long_only, getpid, getpwnam, getpwuid, gettimeofday, getuid, ioctl, isatty, iswalnum, iswalpha, iswspace, kill, localtime, login, malloc, mbrtowc, mbstowcs, memchr, memcmp, memmove, memset, mkdirat, msys_detach_dll, nl_langinfo, open, opendir, optarg, optind, optopt, pclose, popen, posix_memalign, printf, ptsname, putchar, putenv, puts, read, readdir, realloc, realpath, remove, select, setenv, setlocale, setsid, signal, snprintf, sprintf, sscanf, strcasecmp, strcat, strchr, strcmp, strcpy, strcspn, strdup, strerror, strftime, strlcpy, strlen, strncasecmp, strncmp, strncpy, strrchr, strsignal, strstr, strtol, strtoul, system, tcgetattr, tcgetpgrp, tcsetattr, time, tmpfile, toupper, unsetenv, vasprintf, waitpid, wcscat, wcschr, wcscmp, wcscpy, wcscspn, wcsdup, wcslen, wcsncasecmp, wcsncat, wcsncmp, wcsncpy, wcsrchr, wcsspn, wcsstr, wcswidth, wctomb, wcwidth, write ADVAPI32.dll RegCloseKey, RegEnumKeyA, RegEnumKeyW, RegOpenKeyA, RegOpenKeyW, RegQueryInfoKeyW, RegQueryValueExW COMCTL32.DLL InitCommonControls COMDLG32.DLL ChooseColorA, ChooseFontW GDI32.dll CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateFontIndirectA, CreateFontW, CreatePen, CreateSolidBrush, DeleteDC, DeleteObject, EnumFontFamiliesExW, EnumFontFamiliesW, ExcludeClipRect, ExtTextOutA, ExtTextOutW, GetCharWidth32W, GetCharWidthFloatW, GetCharacterPlacementW, GetDeviceCaps, GetGlyphIndicesW, GetObjectA, GetPixel, GetStockObject, GetTextExtentPoint32A, GetTextMetricsA, IntersectClipRect, LineTo, MoveToEx, Polyline, Rectangle, SelectObject, SetBkColor, SetBkMode, SetMapMode, SetPixel, SetTextAlign, SetTextColor, StretchBlt, TextOutA, TextOutW, TranslateCharsetInfo gdiplus.dll GdipCreateFromHDC, GdipCreateStreamOnFile, GdipDeleteGraphics, GdipDisposeImage, GdipDrawImageRect, GdipFlush, GdipGetImageHeight, GdipGetImageWidth, GdipLoadImageFromFile, GdipLoadImageFromStream, GdiplusStartup IMM32.DLL ImmGetCompositionStringW, ImmGetContext, ImmGetOpenStatus, ImmIsIME, ImmSetCompositionFontA, ImmSetCompositionWindow KERNEL32.dll Beep, CreateThread, FindClose, FindFirstFileW, FindNextFileW, FoldStringW, FormatMessageW, FreeLibrary, GetACP, GetCPInfo, GetCPInfoExW, GetCurrentDirectoryW, GetCurrentThreadId, GetLastError, GetLocaleInfoA, GetModuleFileNameW, GetModuleHandleA, GetOEMCP, GetProcAddress, GetStartupInfoW, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetTickCount, GetUserDefaultUILanguage, GetVersionExA, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, LoadLibraryA, MulDiv, MultiByteToWideChar, SetLastError, VirtualProtect, VirtualQuery, WideCharToMultiByte ole32.dll CoCreateInstance, CoInitializeEx, CoUninitialize, OleInitialize, RegisterDragDrop SHELL32.dll DragQueryFileW, ExtractIconExW, ShellExecuteW USER32.dll AdjustWindowRect, AppendMenuW, BeginPaint, CallWindowProcA, CheckDlgButton, CheckRadioButton, ClientToScreen, CloseClipboard, CreateCaret, CreateDialogParamA, CreatePopupMenu, CreateWindowExA, CreateWindowExW, DefDlgProcW, DefWindowProcA, DefWindowProcW, DestroyCaret, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawEdge, DrawIconEx, EmptyClipboard, EnableMenuItem, EnableWindow, EndPaint, EnumDisplayMonitors, EnumWindows, FlashWindowEx, GetCaretBlinkTime, GetCaretPos, GetClassLongA, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDlgItem, GetDoubleClickTime, GetKeyState, GetKeyboardLayout, GetKeyboardState, GetMenuItemInfoW, GetMessageTime, GetMonitorInfoA, GetParent, GetScrollInfo, GetSysColor, GetSystemMenu, GetSystemMetrics, GetWindowInfo, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, InsertMenuW, InvalidateRect, IsClipboardFormatAvailable, IsDialogMessageA, IsDlgButtonChecked, IsIconic, IsWindowVisible, IsZoomed, KillTimer, LoadCursorA, LoadIconA, LoadImageW, MapDialogRect, MapVirtualKeyA, MessageBeep, MessageBoxA, MessageBoxIndirectW, MessageBoxW, MonitorFromPoint, MonitorFromWindow, OpenClipboard, PeekMessageA, PostMessageA, RedrawWindow, RegisterClassA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, ReleaseCapture, ReleaseDC, ScreenToClient, SendDlgItemMessageA, SendDlgItemMessageW, SendMessageA, SendMessageW, SetCapture, SetCaretPos, SetClassLongA, SetClipboardData, SetCursor, SetDlgItemTextA, SetDlgItemTextW, SetFocus, SetForegroundWindow, SetLayeredWindowAttributes, SetMenuItemInfoW, SetScrollInfo, SetTimer, SetWindowLongA, SetWindowLongW, SetWindowPos, SetWindowTextA, SetWindowTextW, SetWindowsHookExW, ShowCaret, ShowCursor, ShowWindow, SystemParametersInfoA, ToUnicode, TrackPopupMenu, TranslateMessage, UnhookWindowsHookEx, WindowFromPoint USP10.dll ScriptStringAnalyse, ScriptStringFree, ScriptStringOut WINMM.DLL PlaySoundW WINSPOOL.DRV EnumPrintersW, GetDefaultPrinterW

Version Infos

Description Data LegalCopyright 2013/2018 Andy Koppe / Thomas Wolff FileVersion 2.8.4.0 CompanyName Andy Koppe / Thomas Wolff ProductName mintty ProductVersion 2.8.4 FileDescription MSYS2 terminal Translation 0x0809 0x04b0

Possible Origin

Language of compilation system Country where language is spoken Map

English United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Analysis Process: mintty.exe PID: 3268 Parent PID: 3056

General

Start time: 12:06:41 Start date: 04/10/2018 Path: C:\Users\user\Desktop\mintty.exe Wow64 process (32bit): false Commandline: 'C:\Users\user\Desktop\mintty.exe' Imagebase: 0x400000 File size: 514048 bytes MD5 hash: C51C1148E3671AD3DE3BB109B3F6741D Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

Disassembly

Code Analysis