FnBadware[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FnBadware.exe
Size

779KB
MD5

0841cf733edc661adb6c4a572313acc6
SHA1

72959b44add7663573c25df324d6d41e1d4b0862
SHA256

f35a2d2f892f54ffafa6a28a9469b9e74f5d2108622fe0412f212a36c2360f9f
SHA512

7467dd56502c272aff033aa244870df597c52ad2d8e861a705dd8ffb2e94f6d896d3cf28f1edd9ed9b8854dcb2c1d74f77259cab9a0fc9ba96ae78a31861b746
SSDEEP

12288:hiYeg5ItFJlz75UQVlaT0D+L1o/jnOxGztWLaBdOVBLnoIe:hisi5PVacQWOxSYmKVBLnoIe

Score

N/A

Malware Config

Signatures

Files

FnBadware.exe
.exe windows x64

09753ff452458b5ed4e95a76730ac452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

MultiByteToWideChar
VirtualAlloc
GetStdHandle
SetConsoleTextAttribute
Sleep
QueryPerformanceFrequency
GlobalUnlock
InitializeCriticalSectionEx
CreateFileA
FreeLibrary
CreateThread
GetCurrentProcessId
QueryPerformanceCounter
GetSystemDirectoryA
FlushFileBuffers
GlobalLock
GlobalFree
DeleteCriticalSection
GlobalAlloc
GetCurrentProcess
VirtualProtect
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
CreateFileMappingW
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleA
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
FormatMessageA
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
SleepEx
LoadLibraryA
GetProcAddress
WideCharToMultiByte
GetLastError
CloseHandle
CreateFileW

user32

UpdateWindow
RegisterClassExA
FindWindowA
MessageBoxA
PostQuitMessage
GetKeyState
GetActiveWindow
GetCapture
PeekMessageA
mouse_event
LoadCursorA
ClientToScreen
SetCapture
SetCursor
UnregisterClassA
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ScreenToClient
GetClientRect
GetWindowThreadProcessId
GetWindow
ReleaseCapture
SetCursorPos
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetWindowLongA
GetForegroundWindow
MoveWindow
DefWindowProcA
CreateWindowExA
GetCursorPos
TranslateMessage

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

d3d9

Direct3DCreate9Ex

ntdll

VerSetConditionMask
ZwOpenKey
RtlCaptureContext
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwSetValueKey

normaliz

IdnToAscii

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CryptQueryObject
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
PFXImportCertStore
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx

ws2_32

getsockname
getpeername
connect
htons
WSAGetLastError
send
recv
closesocket
getsockopt
ntohs
setsockopt
socket
WSASetLastError
gethostname
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
ntohl
sendto
bind
WSAIoctl

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
strchr
memset
memmove
__current_exception
memcmp
memchr
_CxxThrowException
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
strrchr
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fwrite
_wfopen
__p__commode
_lseeki64
__stdio_common_vsprintf
fseek
ftell
fread
__stdio_common_vsscanf
feof
_read
fputs
fopen
__stdio_common_vsprintf_s
_write
_close
_open
fclose
fflush
_popen
_pclose
fgets
__acrt_iob_func
_set_fmode
fputc

api-ms-win-crt-string-l1-1-0

strncmp
wcscpy_s
_strdup
isprint
tolower
strpbrk
strcmp
strcspn
isupper
strncpy
strspn

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_set_new_mode
_callnewh
calloc

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtol
atof
strtoll
strtod
strtoull

api-ms-win-crt-runtime-l1-1-0

abort
_errno
_configure_narrow_argv
strerror
__sys_nerr
system
exit
_beginthreadex
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
terminate
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

cosf
floorf
sqrtf
tanf
fmodf
pow
powf
sinf
ceilf
__setusermatherr
_dclass
asin

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_access

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

shell32

ShellExecuteA

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09753ff452458b5ed4e95a76730ac452

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

imm32

msvcp140

d3d9

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

advapi32

shell32

Sections

.text Size: 616KB - Virtual size: 616KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 25KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 616KB - Virtual size: 616KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB