BavPro_Setup_Mini_039[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BavPro_Setup_Mini_039.exe
Size

1.9MB
MD5

cd63a3a70fa08e08ba351aa49897aa5b
SHA1

e6d9ae05bd8e4dcc9f9c00fbf05c00d8fea7973c
SHA256

338d3af4d8f2d8d1c16d753f15f2116510ed20354a391c22c3de092ee09d3a24
SHA512

210bc20386628ee46ce2fc5ed5ed6950c2f57ad5b5c0c33cd1d475b9e4da0a915fe4c6901a72380464f1a8aec8a60cef222a0a9fa33602942fa297f413d63276
SSDEEP

49152:dOQ9yHY08QsDpEJlbTfkXuro9RkTcC8zVr6:dO09QsDpEcmo9R9Vr6

Score

1^/10

Malware Config

Signatures

Files

BavPro_Setup_Mini_039.exe
.exe windows:5 windows x86 arch:x86

c92c9bdaf47e32ee02713e923b6150b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:92:7e:20:98:c9:3d:cd:24:35:83:b1:6a:17:ca:b1:20:7b:54:70
Signer

Actual PE Digest

a4:92:7e:20:98:c9:3d:cd:24:35:83:b1:6a:17:ca:b1:20:7b:54:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\Mini_Setup_workspace\bavOutput\Pdb\Release\BavMiniSetup.pdb

Imports

ws2_32

ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
htons
WSAGetLastError
connect
WSAIoctl
send
__WSAFDIsSet
select
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
getpeername

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

kernel32

FileTimeToSystemTime
GetSystemDefaultLCID
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
InterlockedExchange
GetTempFileNameW
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
WritePrivateProfileStringW
InitializeCriticalSection
CreateMutexW
lstrcmpiW
LoadLibraryExW
InterlockedIncrement
SetFilePointer
GetDriveTypeW
GetLogicalDrives
RemoveDirectoryW
lstrlenA
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
WTSGetActiveConsoleSessionId
InterlockedCompareExchange
GetFileAttributesExW
VerifyVersionInfoW
VerSetConditionMask
HeapFree
HeapAlloc
GetProcessHeap
CreateFileMappingW
ProcessIdToSessionId
CreateFileA
GlobalFree
GlobalAlloc
ExitProcess
GetACP
QueryDosDeviceW
GetSystemInfo
GetVersionExW
CreateDirectoryW
SetFilePointerEx
OpenProcess
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentDirectoryA
FileTimeToLocalFileTime
SetStdHandle
GetModuleHandleA
DeviceIoControl
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
HeapCreate
IsValidCodePage
GetOEMCP
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
ExitThread
RtlUnwind
GetFileAttributesW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
CreateTimerQueue
LocalAlloc
GetWindowsDirectoryW
LoadLibraryW
GetSystemDirectoryW
SetEndOfFile
GetPrivateProfileStringW
GetFileSize
lstrlenW
FindClose
CopyFileW
Sleep
GetTickCount
GetTempPathW
GetModuleFileNameW
SetEvent
CreateThread
MoveFileExW
WideCharToMultiByte
CreateEventW
LocalFree
Process32NextW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
GetCurrentProcessId
GetPrivateProfileIntW
ReadFile
GetFileSizeEx
GetProcAddress
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetVersion
FreeResource
CloseHandle
FlushFileBuffers
WriteFile
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteFileW
MultiByteToWideChar
InterlockedDecrement
FlushInstructionCache
VirtualAlloc
GetCurrentProcess
SetLastError
RaiseException
GetDiskFreeSpaceExW
GetModuleHandleW
OutputDebugStringW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
GetFullPathNameA
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
FindResourceExW
GetTimeZoneInformation
GetDiskFreeSpaceW
UnmapViewOfFile
MapViewOfFile
GetVolumeInformationW
OpenFileMappingW
SleepEx
GetVersionExA
IsDebuggerPresent
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx

user32

TrackMouseEvent
DefWindowProcW
ShowWindow
GetClientRect
BeginPaint
EndPaint
UnregisterClassA
DrawTextW
InvalidateRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetParent
SetWindowPos
MapWindowPoints
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
LoadIconW
GetDlgItem
SetWindowTextW
SendMessageW
DrawIcon
GetDesktopWindow
SetTimer
KillTimer
PostQuitMessage
FindWindowW
PostMessageW
SetWindowRgn
LoadImageW
IsWindowVisible
IsIconic
GetCursorPos
SetForegroundWindow
ClientToScreen
CloseWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DialogBoxParamW
EndDialog
CreatePopupMenu
DestroyMenu
TrackPopupMenu
AppendMenuW
MonitorFromPoint
wsprintfW
PtInRect
GetAsyncKeyState
SetCursor
GetMessageW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
DestroyWindow

gdi32

RoundRect
DeleteObject
CreateDIBSection
Polygon
StretchBlt
CreateBrushIndirect
GetTextExtentPointW
CreateRoundRectRgn
SetViewportOrgEx
GetObjectW
GetTextExtentPoint32W
CreateFontW
CreateSolidBrush
CreatePen
SetTextColor
SetBkMode
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

CryptCreateHash
RegEnumValueW
CryptHashData
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash

shell32

SHGetPathFromIDListW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
SHCreateDirectoryExW
SHFileOperationW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoTaskMemRealloc
CoInitialize

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
SysFreeString

shlwapi

PathRemoveBackslashW
PathIsRootW
PathStripPathW
PathIsDirectoryW
PathRemoveExtensionW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathGetDriveNumberW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

winmm

timeEndPeriod
timeKillEvent
timeBeginPeriod
timeSetEvent
timeGetDevCaps

imagehlp

ImageRemoveCertificate

wininet

InternetCreateUrlW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WinVerifyTrustEx
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

crypt32

CertGetNameStringW

wldap32

ord200
ord27
ord32
ord211
ord35
ord33
ord50
ord143
ord41
ord26
ord60
ord30
ord301
ord79
ord46
ord22

Sections

.text
Size: 893KB - Virtual size: 893KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c92c9bdaf47e32ee02713e923b6150b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a4:92:7e:20:98:c9:3d:cd:24:35:83:b1:6a:17:ca:b1:20:7b:54:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

psapi

version

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

winmm

imagehlp

wininet

winhttp

wtsapi32

rpcrt4

wintrust

crypt32

wldap32

Sections

.text Size: 893KB - Virtual size: 893KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 752KB - Virtual size: 752KB

.reloc Size: 53KB - Virtual size: 53KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a4:92:7e:20:98:c9:3d:cd:24:35:83:b1:6a:17:ca:b1:20:7b:54:70
Signer

.text
Size: 893KB - Virtual size: 893KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 752KB - Virtual size: 752KB

.reloc
Size: 53KB - Virtual size: 53KB