start-flashpoint[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

start-flashpoint.exe
Size

2.9MB
MD5

db828d9226e08befc009ecad50e3de7e
SHA1

70e167d0b22320fcd5e71fc6d26118c9fca277ba
SHA256

703f387b6e7a539aea1898afcdd69afcbd1485e6f54bf8f8a4b5552df0730c20
SHA512

f27602b3166d0dec9ad8c14e74408ad82af3c8241cfc9d94613af94ec6f56383509a5e9482d73790db13b3091cb6128e0cfa076f55c0dfb4d243631da7182a28
SSDEEP

49152:+fOUwukkwco2R/Rt1La760V8+VC3qjIEevWE:+fN/Rt1+hVPjIE

Score

1^/10

Malware Config

Signatures

Files

start-flashpoint.exe
.exe windows x86

2f06c61a7a74bc2347dfb94ae5587b9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
SetHandleInformation
RaiseException
RtlUnwind
IsProcessorFeaturePresent
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SleepConditionVariableSRW
PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
GetCurrentThreadId
ReadFile
GetOverlappedResult
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
FreeEnvironmentStringsW
ReleaseMutex
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetUnhandledExceptionFilter
EncodePointer
DuplicateHandle
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
QueryPerformanceCounter
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CreateFileW
DeleteFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateThread
GetModuleHandleA
GetConsoleMode
WriteConsoleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockShared
AcquireSRWLockShared
GetEnvironmentStringsW
TlsFree
TlsSetValue
TlsGetValue
FreeLibrary
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
LoadLibraryExW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ws2_32

getsockopt
WSAIoctl
bind
WSASocketW
getpeername
shutdown
recv
WSAGetLastError
send
WSASend
setsockopt
WSAStartup
WSACleanup
freeaddrinfo
getsockname
getaddrinfo
ioctlsocket
connect
closesocket

secur32

ApplyControlToken
AcquireCredentialsHandleA
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext
EncryptMessage

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateChain
CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore

user32

MessageBoxW

ntdll

NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx

bcrypt

BCryptGenRandom

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
__p___argv
_crt_atexit
_register_thread_local_exe_atexit_callback
_controlfp_s
terminate
_initterm
__p___argc
_initterm_e
abort
_exit
_get_initial_narrow_environment
_c_exit
exit
_set_app_type
_cexit
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
_set_new_mode

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f06c61a7a74bc2347dfb94ae5587b9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

secur32

crypt32

user32

ntdll

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 611KB - Virtual size: 611KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 367KB - Virtual size: 366KB

.reloc Size: 81KB - Virtual size: 80KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 611KB - Virtual size: 611KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 367KB - Virtual size: 366KB

.reloc
Size: 81KB - Virtual size: 80KB