General
-
Target
bat_win_spoofer_V3.exe
-
Size
5.3MB
-
MD5
8bf80467fac78293fbf49df083823aa4
-
SHA1
616825c7f4c329033f6deb0372a33bfff53b7845
-
SHA256
6c447cbb28447104e74f18bdbeba0848f98c4e2134d44e38caf0560552960fbb
-
SHA512
421a66e581cf2d79afbeada230b45280721ebd0aa98ec244b42c5666d2934da48d1a8fc0811d6ab9be72f1333ee24871cd3211362616a22ac963728800d54dfb
-
SSDEEP
98304:W0xgtojnflF7/0wCiTlTSWUB/2GOhzZR6FrUb7FiNhfhNUkd7xFZe3L:fD37/KiBTSWUxahSFroFiNhfhNpd7TZC
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bat_win_spoofer_V3.exe
Files
-
bat_win_spoofer_V3.exe.exe windows:6 windows x64 arch:x64
11d4bc3e1d4e5c04665e5254757c2683
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
Process32NextW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
advapi32
RegQueryValueExA
msvcp140
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
ntdll
NtQuerySystemInformation
urlmon
URLDownloadToFileA
iphlpapi
GetAdaptersInfo
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
api-ms-win-crt-runtime-l1-1-0
signal
api-ms-win-crt-stdio-l1-1-0
setvbuf
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
ceilf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 159KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 188B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ