inkball[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

inkball.exe
Size

1.1MB
MD5

c4dd1f6b33a0cb6dca717ce8180bf3a3
SHA1

d1bbf268a6dfb78fee357f02a61e4276dd781b8a
SHA256

fbf64aa87e6780b6e76e256a1d7282d7627542f9bcd4ede6d2d6e73c536f8ef8
SHA512

db980a8ee16c5d9eff9257eb93ececa88eba96916b2bfe0eaefe756a019b3468168f588fc5d26a2e30f0ee8652caae1342ba5095944e459b3bf79f36c5293310
SSDEEP

12288:VnFDr5I1ibiWcgQPZ/h1Fojymhph8wJ9LrksfkhC+bXD0k78rvOZ7n1rZPe5Y:VF34i7cgQPZZPodtZaKc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
inkball.exe

Files

inkball.exe
.exe windows:5 windows x86 arch:x86

a319e728442b45db52a981a2c75f1a5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA

kernel32

SetWaitableTimer
CreateWaitableTimerW
GetModuleHandleA
GetStartupInfoW
GetVersionExA
RtlUnwind
RaiseException
ExitProcess
GetProcAddress
GetSystemTimeAsFileTime
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
LoadLibraryA
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetFilePointer
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCPInfo
SetStdHandle
FlushFileBuffers
lstrlenW
FindClose
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
Sleep
CreateFileW
ReadFile
CloseHandle
FindFirstFileW
FindNextFileW
FindResourceW
LoadResource
lstrcpynW
LockResource
SizeofResource
GetUserDefaultUILanguage

gdi32

GetObjectW
DeleteObject
CreateCompatibleDC
SelectObject
GetPixel
StretchBlt
DeleteDC
SetPixel

user32

OffsetRect
CopyRect
SetRect
GetSystemMetrics
ClientToScreen
LoadImageW
GetWindowRect
SystemParametersInfoW
SetWindowPos
AdjustWindowRectEx
GetMenu
GetWindowLongW
SetDlgItemTextW
GetDlgItemTextW
EndDialog
PostMessageW
DialogBoxParamW
CheckMenuItem
IntersectRect
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
TrackMouseEvent
ShowCursor
CreateWindowExW
LoadAcceleratorsW
RegisterClassExW
LoadCursorW
LoadIconW
AppendMenuW
GetSubMenu
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
MsgWaitForMultipleObjects
UpdateWindow
ShowWindow
EnumDisplaySettingsExW
InvalidateRect
SetWindowTextW
LoadStringW
MessageBoxW
GetClientRect

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

winmm

timeGetTime

version

VerQueryValueW

ddraw

DirectDrawCreateEx

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 803KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a319e728442b45db52a981a2c75f1a5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

winmm

version

ddraw

Sections

.text Size: 83KB - Virtual size: 83KB

.data Size: 281KB - Virtual size: 759KB

.rsrc Size: 803KB - Virtual size: 802KB

.text
Size: 83KB - Virtual size: 83KB

.data
Size: 281KB - Virtual size: 759KB

.rsrc
Size: 803KB - Virtual size: 802KB