BayROB[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

BayROB.exe
Size

503KB
MD5

8bc0446144142c51570da1920f2da8c1
SHA1

83c1b3ed58693f9ce5cbb710a709f23e65bff10a
SHA256

56b4f307126f78e16ac2ad2e4044de61cb207864bf194ba6702108cb65475369
SHA512

f7b747153611e183fafda84655fa4770dc6e86549484adabb88ff61b09dacc681e1696450134194323aee103e56a2931736a55f02db4afa51600df10722c9ade
SSDEEP

12288:TkREw6Rd3R2RtnRjjErWlQfNT3Dc8mLpp:Ikd3qnRXHlO53Dc8Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BayROB.exe

Files

BayROB.exe
.exe windows:5 windows x86 arch:x86

f9271472e44fa5716fdfebe0be7b1612

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetMetaRgn
GetMapMode
GetTextCharset
GetFontLanguageInfo
SetTextAlign
GetPolyFillMode

user32

GetKeyboardType
ShowWindow
GetMenuItemID
MoveWindow
GetMenuState
GetMenuCheckMarkDimensions
CheckDlgButton
RemovePropA
GetWindowLongA
GetPropA
GetMenuItemCount
LoadIconA
SetWindowTextA
SetFocus
SendMessageA
DrawTextA
EndDialog
PostMessageA
GetDlgItem
GetDialogBaseUnits
GetWindowContextHelpId
CallWindowProcA
WindowFromDC
SetDlgItemTextA
GetScrollPos
GetMenu
GetDlgItemInt

kernel32

GetFullPathNameA
ReadConsoleW
ReadFile
SetEndOfFile
GetTimeZoneInformation
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapSize
WriteConsoleW
SetStdHandle
SetFilePointerEx
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
GlobalFlags
IsDebuggerPresent
GetFileType
GlobalAlloc
GlobalHandle
QueryPerformanceCounter
GetDriveTypeA
GetProcAddress
CloseHandle
DeleteFileA
GetProcessHeap
GetVersion
IsProcessorFeaturePresent
GetCurrentThreadId
LocalFlags
GetCurrentProcessId
FlushFileBuffers
GetModuleHandleA
GetTickCount
SizeofResource
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
GetCommandLineA
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FindClose
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
SetEnvironmentVariableA

Sections

.text
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9271472e44fa5716fdfebe0be7b1612

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 430KB - Virtual size: 430KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 46KB - Virtual size: 162KB

.text
Size: 430KB - Virtual size: 430KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 46KB - Virtual size: 162KB