BakkesMod[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BakkesMod.exe
Size

15.1MB
MD5

2646372a675a4cf434ddd46f37979174
SHA1

7065e305b5c6fefe4f9135b9becbd44d409c0f5c
SHA256

6428e3ac13cd8f9896c2583fe0cf813fd3ea76d4dc7a891eabf963889a677261
SHA512

c402d2e74a51c745905cd4c364b9b47dfca8cc6dcae3b7cbdb9f9d5e77aeb19aea3439a3778b7a2f8e529d3b014ddedc49345259da4cc87007c2e677049196e6
SSDEEP

393216:nySO1X/FYqtOnekoJ9dE99MOlbO9+FJsv6tWKFdu9Cg63Z:yhdddHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BakkesMod.exe

Files

BakkesMod.exe
.exe windows:6 windows x64 arch:x64

6b11a2dfe0dc0270e14d8714422c0f33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetCPInfo
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CompareStringEx
GetCommandLineW
OutputDebugStringW
GetConsoleWindow
GetSystemDirectoryW
DuplicateHandle
WaitForMultipleObjects
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
GetSystemInfo
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetSystemTime
GetLocalTime
FlushFileBuffers
GetFileType
GetLogicalDrives
ReadFile
WriteFile
SetErrorMode
UnmapViewOfFile
SetFileAttributesW
GetVolumePathNamesForVolumeNameW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
UnregisterWaitEx
RegisterWaitForSingleObject
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FreeLibrary
SetEndOfFile
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
LocalAlloc
GlobalFree
SetHandleInformation
InitializeCriticalSection
lstrcmpW
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
RtlUnwind
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitThread
ExitProcess
GetStdHandle
GetCommandLineA
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapAlloc
HeapFree
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
RemoveDirectoryW
GetModuleFileNameW
DeleteFileW
CreateDirectoryW
GetTempPathW
K32GetModuleFileNameExW
K32EnumProcessModules
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
CreateFileA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
ExpandEnvironmentStringsA
CreateMutexW
ReleaseMutex
GetModuleHandleW
IsWow64Process
VirtualFreeEx
IsProcessorFeaturePresent
GetModuleHandleExW
QueueUserWorkItem
RaiseException
RtlPcToFileHeader
SwitchToThread
Sleep
WaitForSingleObjectEx
CreateHardLinkW
MoveFileExW
CopyFileW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetCurrentDirectoryW
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryW
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
GetCurrentThreadId
CreateEventW
MapViewOfFile
DeviceIoControl
SetLastError
AreFileApisANSI
SetFileTime
InterlockedPushEntrySList
SetFilePointerEx
GetExitCodeProcess
CreateFileMappingW
WriteProcessMemory
VirtualAllocEx
GetExitCodeThread
CreateRemoteThread
MoveFileW
GetTickCount64
OpenProcess
CreateProcessW
TerminateProcess
WaitForSingleObject
GetLastError
FindFirstFileW
CloseHandle

shell32

SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ord727
SHGetStockIconInfo
SHGetFileInfoW
ShellExecuteW

ole32

RegisterDragDrop
RevokeDragDrop
OleUninitialize
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
CoLockObjectExternal
OleInitialize

advapi32

OpenProcessToken
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegNotifyChangeKeyValue
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
AccessCheck
AllocateAndInitializeSid
CopySid
MapGenericMask
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyW
RegDeleteValueW

oleaut32

SafeArrayPutElement
VariantClear
SafeArrayCreateVector
SysFreeString
SysAllocString

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

iphlpapi

ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToGuid

user32

TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
ChangeWindowMessageFilterEx
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
MessageBoxW
DrawIconEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetWindowsHookExW
EnumDisplayDevicesW
RegisterClassW
SetCursorPos
GetDoubleClickTime
TrackPopupMenuEx
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
SystemParametersInfoW
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
DefWindowProcW
CreateWindowExW
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
GetSysColor
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
IsChild
DestroyWindow
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetForegroundWindow
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsWindow
IsZoomed
SetForegroundWindow
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawMenuBar

ws2_32

WSASend
WSASendTo
WSARecv
freeaddrinfo
getaddrinfo
ntohl
WSANtohs
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
WSASocketW
WSARecvFrom
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
WSAGetLastError
setsockopt
select
listen
recv
send
socket
connect
ntohs
WSASetLastError
accept
ioctlsocket
recvfrom
sendto
htons
getsockname
getpeername
closesocket
bind
getnameinfo
getsockopt
__WSAFDIsSet
htonl

gdi32

DeleteObject
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
CreateBitmap
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
CreateRectRgn
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
CreateDIBSection
GdiFlush
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
GetRegionData
CombineRgn
BitBlt
GetBitmapBits

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmGetContext
ImmAssociateContextEx
ImmAssociateContext
ImmGetCompositionStringW

winmm

PlaySoundW
timeKillEvent
timeSetEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

uxtheme

IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
GetCurrentThemeName
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
IsAppThemed
CloseThemeData

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

wldap32

ord211
ord60
ord45
ord46
ord217
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord50

normaliz

IdnToAscii

Sections

.text
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b11a2dfe0dc0270e14d8714422c0f33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

advapi32

oleaut32

dwmapi

wtsapi32

iphlpapi

user32

ws2_32

gdi32

imm32

winmm

version

netapi32

userenv

uxtheme

crypt32

wldap32

normaliz

Sections

.text Size: 10.2MB - Virtual size: 10.2MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 146KB - Virtual size: 235KB

.pdata Size: 485KB - Virtual size: 485KB

.qtmetad Size: 512B - Virtual size: 401B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 162KB - Virtual size: 162KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 10.2MB - Virtual size: 10.2MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 146KB - Virtual size: 235KB

.pdata
Size: 485KB - Virtual size: 485KB

.qtmetad
Size: 512B - Virtual size: 401B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 56KB - Virtual size: 56KB