barnyard2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

barnyard2.exe
Size

1.4MB
MD5

10b17e8b58d8567384daefd39ee3e7bd
SHA1

c4b59e0870d7e43540723bcf1da3c58f514765be
SHA256

3263452ad470aeadf9f805111152ffabe1b0ca509e56126d42b46cdcf3efbab2
SHA512

edfafb9483a239bcb667d628cc83f3462208e6ce909fcf20e744d726b7a543f321f2df33ab64fbde4b1685c9c4abc484aaae9ac4be5afffaaf1014d61304925b
SSDEEP

24576:Dwyx7Q/6EiC/guaRzC5XF8075l5YuvddmZP9FqXaj08HZH9kzUgWx:VYJSRzC5eaYszAFqX0HWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
barnyard2.exe

Files

barnyard2.exe
.exe windows x86

423dae9c98f878229879bb62b656c9d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

cygwin1

__assert_func
__ctype_ptr__
__errno
__getreent
__main
__xpg_strerror_r
_dll_crt0@0
_exit
_fcntl64
_fopen64
_fstat64
_geteuid32
_getgid32
_getgrnam32
_getpwuid32
_getpwuid_r32
_getuid32
_impure_ptr
_initgroups32
_lseek64
_open64
_setgid32
_setuid32
_stat64
_timezone
abort
access
atoi
atol
bind
calloc
ceil
chdir
chroot
close
closedir
closelog
connect
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
dup
endgrent
endpwent
execvp
exit
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
free
freeaddrinfo
freeifaddrs
fseek
ftell
fwrite
gai_strerror
getaddrinfo
getcwd
getenv
gethostbyname
gethostname
getifaddrs
getnameinfo
getpeereid
getpid
getppid
getprotobynumber
getpwnam
getsockname
getsockopt
gettimeofday
gmtime
index
inet_addr
inet_aton
inet_ntoa
inet_pton
ioctl
kill
link
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
mkdir
nanosleep
nl_langinfo
opendir
openlog
perror
poll
posix_memalign
printf
pthread_mutex_lock
pthread_mutex_unlock
pthread_sigmask
putc
puts
rand
read
readdir
realloc
recv
rename
select
send
sendto
setlocale
setsid
setsockopt
setvbuf
sigaddset
sigemptyset
sigismember
signal
sigpending
sigwait
sleep
snprintf
socket
sprintf
srand
sscanf
stpcpy
strcasecmp
strchr
strcmp
strcpy
strdup
strerror
strlcpy
strlen
strncasecmp
strncat
strncmp
strncpy
strndup
strrchr
strspn
strstr
strtok
strtol
strtoul
syslog
system
time
tolower
toupper
umask
unlink
usleep
vfprintf
vsnprintf
waitpid
write

wpcap

pcap_close
pcap_dump
pcap_dump_close
pcap_dump_open
pcap_open_dead

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA

cygmysqlclient-18

mysql_autocommit
mysql_close
mysql_errno
mysql_error
mysql_fetch_lengths
mysql_fetch_row
mysql_free_result
mysql_init
mysql_num_fields
mysql_num_rows
mysql_options
mysql_ping
mysql_query
mysql_real_connect
mysql_ssl_set
mysql_store_result
mysql_thread_id
mysql_use_result
strlcat

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

423dae9c98f878229879bb62b656c9d2

Headers

DLL Characteristics

File Characteristics

Imports

cygwin1

wpcap

kernel32

cygmysqlclient-18

Sections

.text Size: 265KB - Virtual size: 264KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 78KB - Virtual size: 78KB

/4 Size: 49KB - Virtual size: 49KB

.bss Size: - Virtual size: 212KB

.idata Size: 5KB - Virtual size: 4KB

/14 Size: 1KB - Virtual size: 1KB

/29 Size: 718KB - Virtual size: 718KB

/41 Size: 37KB - Virtual size: 37KB

/55 Size: 59KB - Virtual size: 58KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 7KB - Virtual size: 6KB

/91 Size: 127KB - Virtual size: 127KB

/102 Size: 14KB - Virtual size: 13KB

.text
Size: 265KB - Virtual size: 264KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 78KB - Virtual size: 78KB

/4
Size: 49KB - Virtual size: 49KB

.bss
Size: - Virtual size: 212KB

.idata
Size: 5KB - Virtual size: 4KB

/14
Size: 1KB - Virtual size: 1KB

/29
Size: 718KB - Virtual size: 718KB

/41
Size: 37KB - Virtual size: 37KB

/55
Size: 59KB - Virtual size: 58KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 7KB - Virtual size: 6KB

/91
Size: 127KB - Virtual size: 127KB

/102
Size: 14KB - Virtual size: 13KB