Baba Is You[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Baba Is You.exe
Size

5.4MB
MD5

56a1960d6dd7db806d1f559d5448199b
SHA1

0827015a8ebc79db21919ed937f8e153f5faa65a
SHA256

02e65026a62013d925d68a771c78f6ac88396db8a7dc87f9e89740db4b555ec9
SHA512

8bf01dae935abc9e457c616a18cc971442b25c2809f197ae807ccc07b6b65a7d0fc29d598a287071310d614ed8dcdd2e050a9329d3d655b467dc54a6df1bbd0e
SSDEEP

98304:DbHMa+5n9lstriiJSy7ZOMLbA4D0mQWW5w8Z69Q+R4Bu5EBrQi:DMlYriiJS2ZOMLbYxJwRVErQ

Score

1^/10

Malware Config

Signatures

Files

Baba Is You.exe
.exe windows x86

Password: submit

8abbdbd29e1944fc41d2fdf22c47f5d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutGetNumDevs
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
timeGetTime
timeEndPeriod
waveOutReset
timeBeginPeriod
waveInReset

user32

DispatchMessageW
TranslateMessage
GetDoubleClickTime
PeekMessageW
GetMessageExtraInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
KillTimer
SetTimer
PostThreadMessageW
GetMessageW
CreateWindowExA
RegisterClassExA
UnregisterClassA
MessageBoxA
RegisterDeviceNotificationW
GetDesktopWindow
RegisterRawInputDevices
CreateIconIndirect
LoadCursorW
SetCursorPos
SetWindowRgn
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetParent
PtInRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
GetFocus
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
GetClassInfoExW
IsWindowVisible
IsIconic
GetKeyState
GetAsyncKeyState
GetSystemMetrics
GetMenu
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
UnregisterDeviceNotification
DestroyWindow
CreateWindowExW
RegisterClassW
SendMessageW
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
MapVirtualKeyW
ToUnicode
GetKeyboardState
GetKeyboardLayout
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
SystemParametersInfoW
SystemParametersInfoA
SetWindowLongW
ReleaseDC
GetDC
DrawTextW
SetFocus
GetDlgItem
EndDialog
DialogBoxIndirectParamW
PostMessageW
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
IsRectEmpty
WindowFromPoint
ScreenToClient
ClientToScreen
GetClipCursor
ClipCursor
GetCursorPos
SetCursor

gdi32

GetDeviceGammaRamp
CreateFontIndirectW
DeleteDC
GetDeviceCaps
GetTextExtentPoint32A
SelectObject
GetTextMetricsW
BitBlt
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateRectRgn
CombineRgn
SetDeviceGammaRamp
CreateCompatibleDC
GetDIBits
CreateDCW
CreateCompatibleBitmap
CreateDIBSection
DeleteObject

imm32

ImmGetIMEFileNameA
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoInitializeEx

oleaut32

SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

shell32

SHGetFolderPathW
ShellExecuteA
DragQueryFileW
DragFinish
ExtractIconExW
DragAcceptFiles
CommandLineToArgvW
ShellExecuteW

kernel32

InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
DecodePointer
QueryDepthSList
GetExitCodeThread
DuplicateHandle
GetOEMCP
GetCommandLineA
GetCommandLineW
CancelIo
DeviceIoControl
GetOverlappedResult
LocalFree
GetLocaleInfoA
GetSystemPowerStatus
CreateEventW
GetModuleHandleExW
CompareStringA
GlobalUnlock
GlobalLock
GlobalAlloc
VerifyVersionInfoW
FormatMessageW
VerSetConditionMask
TlsSetValue
TlsGetValue
TlsAlloc
MulDiv
IsDebuggerPresent
SetThreadPriority
CreateThread
RaiseException
SetEnvironmentVariableA
GetEnvironmentVariableA
CreateSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
InterlockedCompareExchange
UnregisterWaitEx
RtlUnwind
GetFileType
SetFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SetConsoleCtrlHandler
HeapAlloc
ExitThread
HeapFree
HeapReAlloc
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetProcessHeap
FindFirstFileExA
FindNextFileA
EncodePointer
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalMemoryStatusEx
InterlockedExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEndOfFile
HeapSize
WaitForSingleObject
TerminateProcess
ExitProcess
SetThreadExecutionState
GetModuleHandleW
GetModuleFileNameW
GetTickCount
CreateFileW
SetFilePointerEx
SetFilePointer
ReadFile
WriteFile
GetFileSizeEx
SetErrorMode
OutputDebugStringW
LoadLibraryExA
GetProcAddress
SwitchToThread
GetLastError
SetLastError
FindClose
CloseHandle
CreateWaitableTimerA
SetWaitableTimer
LoadLibraryW
CreateDirectoryW
GetFileAttributesExW
DeleteFileW
FindFirstFileExW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
GetCurrentProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentThreadId
GetLocalTime
GetSystemInfo
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
CreateFileA
IsBadReadPtr
GetVersionExA
AllocConsole
FreeLibrary
SetEvent
ResetEvent
CreateEventA
Sleep
GetSystemTime
CopyFileW
FormatMessageA

ws2_32

connect
freeaddrinfo
getaddrinfo
socket
shutdown
send
WSAStartup
WSACleanup
WSAGetLastError
closesocket
ioctlsocket
recv

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: submit

8abbdbd29e1944fc41d2fdf22c47f5d7

Headers

DLL Characteristics

File Characteristics

Imports

winmm

user32

gdi32

imm32

ole32

oleaut32

version

advapi32

setupapi

shell32

kernel32

ws2_32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 459KB - Virtual size: 459KB

.data Size: 269KB - Virtual size: 2.0MB

.tls Size: 128KB - Virtual size: 128KB

.gfids Size: 3KB - Virtual size: 3KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 290KB - Virtual size: 290KB

.reloc Size: 311KB - Virtual size: 310KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 459KB - Virtual size: 459KB

.data
Size: 269KB - Virtual size: 2.0MB

.tls
Size: 128KB - Virtual size: 128KB

.gfids
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 290KB - Virtual size: 290KB

.reloc
Size: 311KB - Virtual size: 310KB