Static task
static1
General
-
Target
BakkesMod.exe
-
Size
15.1MB
-
MD5
2b3c7ade4e692f02c4726a2542bb455b
-
SHA1
dc6a408ff2f2c77e35e8c7f2d567db3dcbc611d5
-
SHA256
ad463eb7fe0a77dda03c07a6b21d003795cb658af7bf9c7dc283996a23fbde7b
-
SHA512
59a3abc26161facaba3ac1da40188959fe02b7738e4dc602023fb2e99952330c13ac5dd1729a951882060b6bc3772f149a2f7480099ce3a442749239c0ec6adc
-
SSDEEP
393216:5NOqyP65ze/HQ9ZCXw8ZWDwG+VcJsv6tWKFdu9CfPAcYfZ:n+ewGTYf
Malware Config
Signatures
Files
-
BakkesMod.exe.exe windows x64
6995a2c52a341fe0368e46ac8976ad28
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
RaiseException
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCommandLineW
OutputDebugStringW
GetConsoleWindow
GetSystemDirectoryW
DuplicateHandle
WaitForMultipleObjects
CreateThread
GetCurrentThread
GetFileAttributesExW
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetFileAttributesW
GetUserPreferredUILanguages
GetSystemTime
GetLocalTime
FlushFileBuffers
GetFileType
GetLogicalDrives
ReadFile
WriteFile
SetErrorMode
UnmapViewOfFile
FindFirstFileW
RemoveDirectoryW
GetVolumePathNamesForVolumeNameW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FreeLibrary
GetExitCodeProcess
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
LocalAlloc
SetHandleInformation
InitializeCriticalSection
lstrcmpW
RtlUnwindEx
SetLastError
RtlUnwind
LoadLibraryExW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
GetCommandLineA
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapAlloc
HeapFree
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetModuleFileNameW
DeleteFileW
CreateDirectoryW
GetTempPathW
K32GetModuleFileNameExW
K32EnumProcessModules
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
CreateFileA
GetTickCount
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
ExpandEnvironmentStringsA
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
GetModuleHandleW
IsWow64Process
VirtualFreeEx
Sleep
WaitForSingleObjectEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
DeviceIoControl
AreFileApisANSI
SetFileTime
SetFilePointerEx
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetCurrentDirectoryW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryW
LoadLibraryA
GetLocaleInfoW
GlobalLock
MapViewOfFile
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
GetCurrentThreadId
RtlPcToFileHeader
SetFileInformationByHandle
SetFileAttributesW
SetEndOfFile
GetFullPathNameW
GlobalFree
GetFileInformationByHandle
GetUserDefaultLCID
CreateFileMappingW
WriteProcessMemory
VirtualAllocEx
GetExitCodeThread
CreateRemoteThread
MoveFileW
GetTickCount64
OpenProcess
CreateProcessW
TerminateProcess
WaitForSingleObject
GetLastError
SetThreadPriority
CloseHandle
shell32
SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ord727
SHGetStockIconInfo
SHGetFileInfoW
ShellExecuteW
ole32
RegisterDragDrop
RevokeDragDrop
OleUninitialize
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
CoLockObjectExternal
OleInitialize
advapi32
OpenProcessToken
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegNotifyChangeKeyValue
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
AccessCheck
AllocateAndInitializeSid
CopySid
MapGenericMask
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyW
RegDeleteValueW
oleaut32
SafeArrayCreateVector
VariantClear
SafeArrayPutElement
SysFreeString
SysAllocString
dwmapi
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
wtsapi32
WTSQuerySessionInformationW
WTSFreeMemory
iphlpapi
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToGuid
user32
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
GetQueueStatus
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
MessageBoxW
DrawIconEx
DispatchMessageW
TranslateMessage
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CallNextHookEx
LoadCursorW
GetCursor
CreateCursor
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
SystemParametersInfoW
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
DefWindowProcW
CreateWindowExW
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
SetCursorPos
LoadIconW
GetSysColor
EnumDisplayMonitors
GetMonitorInfoW
IsChild
DestroyWindow
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
IsHungAppWindow
ToAscii
GetCursorPos
ws2_32
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
ntohl
WSASend
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
WSASocketW
WSASendTo
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
WSAGetLastError
recv
send
socket
connect
ntohs
WSASetLastError
accept
ioctlsocket
recvfrom
sendto
setsockopt
select
listen
htons
getsockname
bind
closesocket
getpeername
htonl
gdi32
DeleteObject
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
CreateBitmap
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
CreateRectRgn
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
CreateDIBSection
GdiFlush
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
GetRegionData
CombineRgn
BitBlt
GetBitmapBits
imm32
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmGetContext
ImmAssociateContextEx
ImmAssociateContext
ImmGetCompositionStringW
winmm
PlaySoundW
timeSetEvent
timeKillEvent
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
netapi32
NetApiBufferFree
NetShareEnum
userenv
GetUserProfileDirectoryW
uxtheme
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
GetCurrentThemeName
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
IsAppThemed
CloseThemeData
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
wldap32
ord211
ord46
ord60
ord45
ord217
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord50
normaliz
IdnToAscii
Sections
.text Size: 10.2MB - Virtual size: 10.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 148KB - Virtual size: 237KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 481KB - Virtual size: 481KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.qtmetad Size: 512B - Virtual size: 401B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ