Static task
static1
General
-
Target
Balls.exe
-
Size
5.0MB
-
MD5
b513d0a93dd1f7c0d9a0388908e80d49
-
SHA1
6a7f55feb58dbc1aa97ac94da7a5fd5822810c70
-
SHA256
be817d9b981709f2277e87cd0d07f6908f8653fc6427b9a65d43b2fea0f49e24
-
SHA512
3b86208f3290cc9eea474b2f71b54c46ae2a788c8d896df5b0264cbcfa50eb11396f5512968df5669bd41b8caee775709ae3fb0ad9f321a54c59f460e1e10978
-
SSDEEP
98304:Fo1nQovglCXAxIFZJeKL9v6g5nuIsTAaKyjwFMyJpOGwkxBJ:Fo1nQgglCXAxIFZJeKL9v6g5nvK8F5pJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Balls.exe
Files
-
Balls.exe.exe windows:5 windows x86 arch:x86
20c65f15f510867a52cc96f744bf0a2b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
InternetConnectA
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
InternetGetConnectedState
HttpQueryInfoA
InternetOpenA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpSendRequestA
d3d11
D3D11CreateDevice
winmm
joyGetPosEx
mciSendStringA
mciGetErrorStringA
joyGetDevCapsA
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset
timeGetTime
joyGetPos
ws2_32
inet_addr
htons
getsockopt
inet_ntoa
connect
closesocket
bind
accept
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
WSAStartup
WSAGetLastError
ioctlsocket
getaddrinfo
__WSAFDIsSet
getpeername
htonl
listen
gdiplus
GdiplusStartup
GdiplusShutdown
comctl32
InitCommonControlsEx
kernel32
DecodePointer
GetStringTypeW
SetStdHandle
GetProcessHeap
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapAlloc
HeapFree
GetTempPathW
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
ReadFile
SetFileAttributesW
GetFileAttributesExW
HeapWalk
HeapValidate
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
RaiseException
LoadLibraryExW
SetLastError
RtlUnwind
EncodePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
MoveFileExW
GetTimeZoneInformation
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
GetFullPathNameW
CloseHandle
GetLastError
SetErrorMode
Sleep
GetModuleFileNameW
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetTickCount
CreateWaitableTimerW
GetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesA
GetFileAttributesW
RemoveDirectoryW
GetExitCodeProcess
CreateProcessW
GetCurrentDirectoryW
CreateThread
GetExitCodeThread
LocalFree
FormatMessageW
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalAlloc
GlobalLock
GlobalUnlock
ExitProcess
lstrlenA
IsBadWritePtr
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
SetPriorityClass
LoadLibraryA
SetEvent
WaitForSingleObjectEx
CreateEventW
ExitThread
HeapSize
WriteConsoleW
SetEndOfFile
GetCurrentThreadId
user32
UpdateWindow
GetWindowRect
AdjustWindowRectEx
SetCursorPos
GetCursorPos
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
GetDC
ReleaseDC
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
BringWindowToTop
GetKeyState
SetCapture
ReleaseCapture
SetForegroundWindow
GetClientRect
SetCursor
LoadCursorW
LoadImageW
MoveWindow
SetWindowTextW
ClientToScreen
MapWindowPoints
GetSystemMetrics
EndDialog
GetDlgItem
SetDlgItemTextA
SetDlgItemTextW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetAsyncKeyState
keybd_event
GetClipboardData
IsClipboardFormatAvailable
GetFocus
SetWindowTextA
CreateDialogParamW
GetDlgItemTextW
DrawTextW
ScreenToClient
GetForegroundWindow
GetMessageW
PostThreadMessageW
IsDialogMessageW
SetFocus
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
MessageBoxA
SetWindowPos
ShowWindow
SendMessageW
wsprintfW
MessageBoxW
DialogBoxParamW
GetActiveWindow
gdi32
GetDeviceCaps
SelectObject
comdlg32
GetSaveFileNameW
GetOpenFileNameW
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
shell32
ShellExecuteW
SHGetSpecialFolderPathA
SHGetFolderPathW
ole32
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 899KB - Virtual size: 899KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.4MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.mydata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ