SecuriteInfo[.]com[.]Backdoor[.]Win32[.]Banito[.]30405[.]25880[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Backdoor.Win32.Banito.30405.25880.exe
Size

332KB
MD5

1dce1fa6f2c4680d24dda21bdff0ce7c
SHA1

82702c77405ecd236c00238bbad5fe397604deb5
SHA256

49d2b75a3304eb2efa7747cc8d737ec360fcc0f64380c5b8f2cdeb4b3ec27789
SHA512

f6f7ace0d427eac5726620bd715e2b2b8a37b6965de2e8e43614e091b912190576ba022db44927132e8f38493bbb57c614ecfe5143b8fb1a8cafbca3c631fc1d
SSDEEP

6144:ZHsT9cU2LIJq/74T592tD8wbis4c48p4VyIrHzPGNUn:1m+UFJqMT592VV4mqVygTOq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Backdoor.Win32.Banito.30405.25880.exe

Files

SecuriteInfo.com.Backdoor.Win32.Banito.30405.25880.exe
.exe windows x86

072ffc117cc6bc87b9cdbd1abc95d0b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess

user32

GetKeyboardType
WindowFromPoint

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

pec1
Size: 279KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ