com[.]TeamTerrible[.]BabyInYellow_installer (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

com.TeamTerrible.BabyInYellow_installer (1).exe
Size

3.6MB
MD5

2fe0dbbc1fcc627b3a62ac40c5c75137
SHA1

cff4d5e2755e0f33aeb0635f18eecef8015f93fc
SHA256

9ceca56626e6b1017f1204036f0b134da9124b4a4a0add107d29b89a55b4fbb9
SHA512

5827b76e723507a723c7fa3849cfa639d948ed96f5ad7004d65bb1b52b19b3c4a41f568872b55ab2ebf83cfcd30d2d5f90470a16e9a49aa9ac367adf9d257500
SSDEEP

49152:atRtavkT9tMpBeKWyT3fezuwkkxTqcUC4HTBgi1SN238WFPt0TI6k7vdSZWIXzk2:atRXB+SKW+vezulo23ReXkq3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
com.TeamTerrible.BabyInYellow_installer (1).exe

Files

com.TeamTerrible.BabyInYellow_installer (1).exe
.exe windows:5 windows x86 arch:x86

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

ws2_32

htons
WSAStartup
WSAGetLastError
WSACleanup
gethostbyname
closesocket
setsockopt
ioctlsocket
__WSAFDIsSet
select
shutdown
connect
recv
send
htonl
ntohl
socket

kernel32

UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
SetErrorMode
TerminateProcess
RaiseException
GetFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetFileAttributesW
GetFileSizeEx
TerminateThread
FreeResource
GetUserDefaultUILanguage
DecodePointer
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
FindFirstFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
FindClose
GetExitCodeProcess
IsDBCSLeadByte
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
CopyFileW
CreateFileA
SwitchToThread
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
LoadLibraryA
GetSystemDefaultLangID
OpenProcess
SleepEx
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
FlushFileBuffers
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
MulDiv
GetACP
lstrlenW
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
MapViewOfFile
LocalFileTimeToFileTime
GlobalAlloc
lstrcpyW
lstrcmpiW
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
QueryPerformanceFrequency
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
GetStringTypeW
EncodePointer
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GetSystemDirectoryW
CreateFileMappingW
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
GetSystemInfo
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
InterlockedExchangeAdd
GetTickCount
GetFileAttributesExW
GetLocalTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
MoveFileW
DeleteFileW
SetFilePointer
SetEvent
WaitForSingleObject
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Sleep
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentThreadId
GlobalFree
MultiByteToWideChar
GetCurrentProcess
GetFileSize
WriteFile
ReadFile
GetLastError
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GlobalLock

user32

wsprintfW
EnumDisplayDevicesW
GetDC
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
DestroyWindow
DefWindowProcW
GetSystemMetrics
MessageBoxW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
InvalidateRect
IsWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
IsRectEmpty
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
CreateAcceleratorTableW
InflateRect
UnionRect
SendMessageW
GetWindowRect
ScreenToClient
GetKeyState
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
GetMessageW
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
TranslateMessage
DispatchMessageW
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
GetGUIThreadInfo
SetForegroundWindow
MapVirtualKeyExW
GetKeyboardLayout
OffsetRect
CallWindowProcW
SetPropW
CreatePopupMenu
GetCaretBlinkTime
ClientToScreen
SetCaretPos
GetCaretPos
GetKeyNameTextW
GetPropW
HideCaret
ShowCaret
CreateCaret
GetWindowRgn
UpdateLayeredWindow
EqualRect
FillRect
DrawTextW
SetRect
CharPrevW
MoveWindow

gdi32

CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
StretchBlt
CreateCompatibleDC
DeleteDC
ExtSelectClipRgn
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetObjectA
DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
SetStretchBltMode
CreatePatternBrush
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetBitmapBits
SetBitmapBits
CombineRgn
RemoveFontMemResourceEx
CreateDIBSection
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
CreateRectRgn
SelectObject
PtInRegion

advapi32

CryptAcquireContextW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetFolderPathA
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetPathFromIDListW
SHChangeNotify

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateGuid
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipTranslateWorldTransform
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangleI
GdipSetPenMode
GdipMeasureString
GdipCreatePen1
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipDrawString
GdipDrawImageRectI
GdipRotateWorldTransform
GdipStringFormatGetGenericTypographic

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

winhttp

WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveFileSpecA
PathIsDirectoryW

d3d9

Direct3DCreate9

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

Netbios

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

imm32

winhttp

shlwapi

d3d9

version

netapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 529KB - Virtual size: 529KB

.data Size: 64KB - Virtual size: 82KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 449KB - Virtual size: 448KB

.reloc Size: 117KB - Virtual size: 117KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 529KB - Virtual size: 529KB

.data
Size: 64KB - Virtual size: 82KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 449KB - Virtual size: 448KB

.reloc
Size: 117KB - Virtual size: 117KB