BAK[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BAK.zip
Size

419KB
MD5

36f506271468e8766f92f3cd3e9a7164
SHA1

bc861bb84b792cd706e4d15d6da78f86b089824d
SHA256

077cf88e1e0b51d1dfdf3ca68760e63d6b223e446b869902906d1577424433d2
SHA512

afad84076c9a7f94acd34dc809861366fe5b62fa79640120681eab9a617e2df8bb044bb56bbb4484d8a323740a9f2d49367f35d291162e3f052777d204abc4c6
SSDEEP

12288:4jhIpuQxbJKQHXyxa0uplG7Tk345ztENlutV:mhIJjKSXYlaG743kziutV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BMT_x64.exe
unpack001/DXGI.dll

Files

BAK.zip
.zip
BMT_x64.exe
.exe windows:6 windows x64 arch:x64

6d3b0d2ac7d064e56ae801534fb87f72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Andon M. Coleman\Source\Repos\BMT\BMT\x64\Release\BMT.pdb

Imports

kernel32

GetLastError
FileTimeToSystemTime
DeleteFileW
CloseHandle
FileTimeToLocalFileTime
LocalFree
GetTimeFormatW
CopyFileW
WideCharToMultiByte
GetDateFormatW
OpenFile
SetEndOfFile
HeapReAlloc
HeapSize
SetFileTime
SetFileAttributesW
FindNextFileW
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
SetStdHandle
FindClose
GetCurrentProcess
FindFirstFileW
lstrcpyW
lstrlenW
GetProcAddress
MultiByteToWideChar
FreeLibrary
WriteConsoleW
LoadLibraryW
IsValidCodePage
LCMapStringW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStringTypeW
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSection
GetModuleHandleA
Sleep
SetLastError
LoadLibraryExW
CreateProcessW
LocalAlloc
CreateProcessA
GetSystemDirectoryW
GetFullPathNameW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
CreateFileW
lstrcmpA
OutputDebugStringW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapFree

user32

EnumDisplaySettingsW
PostQuitMessage
DialogBoxParamW
EnableWindow
GetWindowTextW
wsprintfW
ChangeDisplaySettingsW
IsWindow
GetWindowLongW
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
SendMessageW
EndDialog
SetWindowTextW
GetWindowLongPtrW
ShowWindow
LoadIconW
SetWindowLongW
GetDlgItem

gdi32

CreateFontW

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
FreeSid
LookupPrivilegeValueW
SystemFunction036

shell32

SHGetKnownFolderPath

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantClear

dxgi

CreateDXGIFactory

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DXGI.dll
.dll windows:6 windows x64 arch:x64

387408054fe5875dcceef43c9031aa9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\MyProject\dxgi\x64\Release\DXGI.pdb

Imports

kernel32

HeapFree
InitializeCriticalSectionEx
GetSystemDirectoryW
HeapSize
GetLastError
lstrcatW
HeapReAlloc
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
OutputDebugStringA
VirtualProtect
FreeLibrary
VirtualFree
VirtualAlloc
GetCurrentProcess
GetCurrentThreadId
Sleep
CloseHandle
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
WideCharToMultiByte
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue

dxgi

DXGIDeclareAdapterRemovalSupport
DXGIGetDebugInterface1
CreateDXGIFactory2

Exports

Exports

CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
D3D10CreateBlob
D3D10CreateDevice
D3D10CreateDevice1
D3D10CreateDeviceAndSwapChain
D3D10CreateDeviceAndSwapChain1
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain
D3D12CreateDevice
D3D12CreateRootSignatureDeserializer
D3D12CreateVersionedRootSignatureDeserializer
D3D12EnableExperimentalFeatures
D3D12GetDebugInterface
D3D12SerializeRootSignature
D3D12SerializeVersionedRootSignature
DXGIDeclareAdapterRemovalSupport
DXGIGetDebugInterface
DXGIGetDebugInterface1
Direct3DCreate9
Direct3DCreate9Ex

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d3b0d2ac7d064e56ae801534fb87f72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dxgi

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 69KB - Virtual size: 107KB

.pdata Size: 13KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 566KB - Virtual size: 566KB

.reloc Size: 2KB - Virtual size: 1KB

387408054fe5875dcceef43c9031aa9e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

dxgi

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 69KB - Virtual size: 107KB

.pdata
Size: 13KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 566KB - Virtual size: 566KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 3KB - Virtual size: 3KB