f4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4.exe
Size

172KB
MD5

4ce94bdaa8b396d5d3a7204b55c10987
SHA1

4bf599529acfaae6faa9190b6fcb0bd06af19984
SHA256

5865e801e6324166d6d05b39a14f2a8a798c6eb652831f78c2634f2b7a400eaf
SHA512

5ac55de55732e2bfbf0bfadc457a082794760be64aa54d772f5ac7f19bc1694e0df4f5de3fd83cab3683d42972c276ffd0223a32b198d589c2092f4639e93f23
SSDEEP

3072:Eos9z6LYMGen3s8S/3/JHaDuk68YpXBGDTF4OzWtsTQ86CSvag:Eos9z6LzG4ch/3xHaDFnLD54OzWGTlS

Score

N/A

Malware Config

Signatures

Files

f4.exe
.exe windows x86

6a53673c04ce9a3b3eb9a2458cef5817

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUserSetGroups

shlwapi

UrlCombineA
StrSpnA
UrlEscapeW
UrlIsOpaqueW
StrRChrA

shell32

SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems

gdi32

OffsetClipRgn
CreatePenIndirect
PlayMetaFileRecord
SetPixelV
GetKerningPairsA
SetDCBrushColor
GetBrushOrgEx
SetPixel

msvfw32

ICGetInfo

crypt32

CryptUnregisterOIDFunction
CertRegisterPhysicalStore

ole32

OleFlushClipboard
OleSaveToStream
OleSetContainedObject
BindMoniker

opengl32

glTranslated

winspool.drv

AddFormW
EnumPrintProcessorsW
ReadPrinter
GetPrinterDriverW

wininet

InternetCombineUrlA
FindFirstUrlCacheEntryExA

cfgmgr32

CM_Get_Class_Name_ExW
CM_Free_Resource_Conflict_Handle

rpcrt4

NdrConformantArrayBufferSize
I_RpcServerUseProtseqEp2W
RpcServerUseProtseqExW

iphlpapi

GetIfTable

kernel32

GetStdHandle
GetVersion
BindIoCompletionCallback
GetProcessHeap
GetLocalTime
IsProcessorFeaturePresent
IsProcessInJob
LocalFlags
GetDiskFreeSpaceExW
VirtualLock
GetPrivateProfileSectionNamesW
GetConsoleSelectionInfo
Module32NextW
EnumResourceNamesA
InterlockedExchange
GetCPInfo
SetSystemTimeAdjustment
CloseHandle
GetStartupInfoA
CompareStringW

user32

MessageBoxIndirectW
HideCaret
GetUpdateRgn
GetMenuState
SetDlgItemInt
OpenDesktopA
SendNotifyMessageA
CopyAcceleratorTableA
BroadcastSystemMessageA
ActivateKeyboardLayout
GetDlgItemTextA
GetMenuCheckMarkDimensions
WindowFromPoint
GetWindowRgnBox
DestroyWindow
ShowWindowAsync
GetWindowDC
TrackPopupMenuEx

winmm

mixerGetNumDevs

msacm32

acmDriverClose

mprapi

MprAdminMIBEntryDelete
MprAdminConnectionGetInfo

rasapi32

RasGetSubEntryHandleW
RasSetCredentialsW

esent

JetEndSession

oleaut32

SysReAllocStringLen
VarBstrFromR4
VarI2FromStr
VarUI1FromStr
VarBoolFromR4
VarCyFromUI2
VarR8FromI2
SafeArrayGetUBound

comdlg32

GetSaveFileNameA
CommDlgExtendedError

lz32

LZInit

comctl32

DestroyPropertySheetPage

clusapi

ClusterRegSetValue
ClusterResourceEnum
ClusterRegEnumValue

setupapi

SetupDiEnumDriverInfoA
SetupDiGetClassDevsExA

ntdsapi

DsQuoteRdnValueW

advapi32

RegOpenKeyA
ObjectPrivilegeAuditAlarmA
DeleteService
SetSecurityDescriptorGroup
RegEnumKeyExW
GetServiceKeyNameA
ChangeServiceConfigA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text1
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a53673c04ce9a3b3eb9a2458cef5817

Headers

File Characteristics

Imports

netapi32

shlwapi

shell32

gdi32

msvfw32

crypt32

ole32

opengl32

winspool.drv

wininet

cfgmgr32

rpcrt4

iphlpapi

kernel32

user32

winmm

msacm32

mprapi

rasapi32

esent

oleaut32

comdlg32

lz32

comctl32

clusapi

setupapi

ntdsapi

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 3KB

.text1 Size: 124KB - Virtual size: 120KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 576B

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 3KB

.text1
Size: 124KB - Virtual size: 120KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 576B