Baii Baii[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Baii Baii.exe
Size

2.5MB
MD5

3f234f3596bc6ccadb2ca6eb273c90ea
SHA1

af879de7b84782deaf326c342ecf7ee382f2912c
SHA256

92b0c2bc9c37cf1e83922a5a0755734bc7433c6fae4f203d3687d9dd0cb27095
SHA512

8f30c83d44bcff086335b2deb3acebc66218eccc6fa3fabc7ed9e1a0d206bf61eadf2dd8a07bc0a100348424fdef25edc3b3c34acb84e9d172419a3c1d720b2c
SSDEEP

24576:vVrQxGEWtuG6NJBVqKxyiNPv/1GP8bw+Ec0xMkl81sU3AoNNHgRj5:vVrQxGEWoG6NJBVqKxyiNPkP8PNHgRj5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Baii Baii.exe

Files

Baii Baii.exe
.exe windows:4 windows x64 arch:x64

398042b79daa27bc56ae4cdb0d8e080f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW
OpenProcessToken

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

api-ms-win-crt-convert-l1-1-0

mbrtowc
strtoul
wcrtomb

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror
system

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_fileno
_fseeki64
_ftelli64
_lseeki64
_pclose
_popen
_read
_wfopen
_write
fclose
fflush
fgets
fopen
fputc
fputs
fread
fwrite
getc
getwc
putc
putwc
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

iswctype
memset
strcmp
strcoll
strlen
strncmp
strxfrm
towlower
towupper
wcscmp
wcscoll
wcslen
wcsxfrm

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

netapi32

NetApiBufferFree
NetLocalGroupAddMembers
NetLocalGroupDelMembers
NetLocalGroupEnum
NetUserAdd

libwinpthread-1

pthread_cond_broadcast
pthread_cond_wait
pthread_getspecific
pthread_key_create
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

shell32

SHGetFolderPathA
SHGetFolderPathW

user32

ExitWindowsEx
SystemParametersInfoW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

Sections

.text
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

398042b79daa27bc56ae4cdb0d8e080f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

netapi32

libwinpthread-1

shell32

user32

wininet

Sections

.text Size: 735KB - Virtual size: 734KB

.data Size: 12KB - Virtual size: 12KB

.rdata Size: 76KB - Virtual size: 76KB

/4 Size: 512B - Virtual size: 4B

.pdata Size: 46KB - Virtual size: 46KB

.xdata Size: 66KB - Virtual size: 66KB

.bss Size: - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

/14 Size: 512B - Virtual size: 208B

/29 Size: 18KB - Virtual size: 17KB

/41 Size: 2KB - Virtual size: 2KB

/55 Size: 2KB - Virtual size: 2KB

/67 Size: 1KB - Virtual size: 1KB

/80 Size: 512B - Virtual size: 206B

/91 Size: 1KB - Virtual size: 1KB

/107 Size: 2KB - Virtual size: 2KB

/123 Size: 512B - Virtual size: 264B

.text
Size: 735KB - Virtual size: 734KB

.data
Size: 12KB - Virtual size: 12KB

.rdata
Size: 76KB - Virtual size: 76KB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 46KB - Virtual size: 46KB

.xdata
Size: 66KB - Virtual size: 66KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB

/14
Size: 512B - Virtual size: 208B

/29
Size: 18KB - Virtual size: 17KB

/41
Size: 2KB - Virtual size: 2KB

/55
Size: 2KB - Virtual size: 2KB

/67
Size: 1KB - Virtual size: 1KB

/80
Size: 512B - Virtual size: 206B

/91
Size: 1KB - Virtual size: 1KB

/107
Size: 2KB - Virtual size: 2KB

/123
Size: 512B - Virtual size: 264B