BACKUP[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BACKUP.exe
Size

440KB
MD5

8f4ad4dfa6b6c29245121dc110904d33
SHA1

fbe1864b5fa938740e38baa2deb1bbc809fedd78
SHA256

c48a1e5eb16dbcabeabf63beab93ee1e02d0d8c8ed9e20436d89eeb9e80042aa
SHA512

9c5e53a3be8b6431763a2c4ce1a4b1a8b56c801b20c159cde1283a64a28dea4fbb5fce14aef73c20c91c4341a85e5c5e4a559e697aaf64e4bbd1c2799bb273bc
SSDEEP

6144:hD7Jz4D1sRIKxRaBu5j54PJwQ/lKlmOEOAgAB+bjERwwTSuz+McPBjm9Fh:hDVcsaftDSu6M8BjOT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BACKUP.exe

Files

BACKUP.exe
.exe windows:4 windows x86 arch:x86

daf184fd62f312afdc4f1d6f3da0247b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
GetPrivateProfileStringA
GetProfileStringA
GlobalSize
lstrcmpiA
MulDiv
GetLastError
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
GetDriveTypeA
SearchPathA
GetWindowsDirectoryA
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
HeapCreate
WriteFile
GetStringTypeA
GetStringTypeW
HeapFree
HeapAlloc
LocalUnlock
LocalFree
lstrcatA
GetVersionExA
GetModuleFileNameA
lstrcpyA
GetProcAddress
GetEnvironmentStrings
lstrcpynA
FreeLibrary
lstrcmpA
LoadLibraryA
_lwrite
_llseek
_lread
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
_lclose
SetFileTime
CloseHandle
LocalAlloc
GetDiskFreeSpaceA
lstrlenA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LocalLock

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

ValidateRect
DefWindowProcA
PostQuitMessage
EndPaint
DrawTextA
GetClientRect
GetSysColor
BeginPaint
IsWindowVisible
SendMessageA
LoadStringA
SetCursor
GetCursor
SetWindowTextA
InvalidateRect
CharUpperA
GetParent
GetWindowLongA
PeekMessageA
GetAsyncKeyState
GetKeyState
CharPrevA
SetWindowPlacement
GetWindowPlacement
ReleaseDC
GetDC
GetSystemMetrics
FillRect
GetWindowTextA
IsIconic
GetWindowRect
GetDesktopWindow
SetFocus
SetActiveWindow
EnableWindow
GetActiveWindow
CreateWindowExA
GetFocus
ShowWindow
UpdateWindow
wsprintfA
MessageBoxA
DestroyWindow
GetSystemMenu
EnableMenuItem
AppendMenuA
PostMessageA
LoadIconA
LoadCursorA
RegisterClassA
CharNextA
TranslateMessage
IsWindow
GetMessageA
DispatchMessageA
IsDialogMessageA

gdi32

CreatePalette
RealizePalette
SetBkMode
DeleteObject
SetTextColor
SetTextJustification
GetTextMetricsA
SelectObject
CreateFontIndirectA
CreateSolidBrush
GetTextExtentPoint32A
CreatePen
LineTo
Rectangle
Ellipse
SelectPalette
MoveToEx
GetStockObject
GetDeviceCaps

ole32

OleUninitialize
OleInitialize

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 791B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daf184fd62f312afdc4f1d6f3da0247b

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

ole32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 1024B - Virtual size: 791B

.data Size: 4KB - Virtual size: 9KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 1024B - Virtual size: 791B

.data
Size: 4KB - Virtual size: 9KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 3KB