BALDI[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

BALDI.exe
Size

624KB
MD5

0aa4e4508c26a390bff269c3a8a6216e
SHA1

d45cf74b0aa82ee403ae653c935ab961198649b2
SHA256

0f4ca2b85f6fd1e23e231848729c3d24c933017cf41ce1a9f5857fe728527eec
SHA512

551e9fe2d60cf8f766cb37019e5e305f2364997849d739493c5aed511cec9afd78e5c9db5ab92137bfcc589ffa69a83a3b3ff9caee5a7815f72cc8c2a1d46d5a
SSDEEP

6144:ijY/UrCYn3mY3kp1SP/d8ooKUM4I0/Pi2e:7/Ur73hUpQP/uQ0S2e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BALDI.exe

Files

BALDI.exe
.exe windows:5 windows x86 arch:x86

01e20355b5974d2d8443a426ccb6aad1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildslave\unity\build\build\WindowsStandaloneSupport\Variations\win32_nondevelopment_mono\WindowsPlayer_x86_Master.pdb

Imports

unityplayer

UnityMain

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

advapi32

SystemFunction036

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01e20355b5974d2d8443a426ccb6aad1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unityplayer

kernel32

advapi32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 552KB - Virtual size: 552KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 3KB - Virtual size: 3KB