AFUWINx64[.]EXE

Sharing

Copy URL Twitter E-mail

General

Target

AFUWINx64.EXE
Size

598KB
MD5

5d3dfbbf5905d6fac9e028eb666ada13
SHA1

d50c49c57083438899b34f1174d641b1c9ebf10c
SHA256

760e13d74b613a8a029d0659a017ef04a95bd84e294b5586c9fb412f7b28f5b5
SHA512

d2bdf638b455ae18763ae8e8925e9ab8e1803aaf38bc5e676137089e7511ce763046ec5d11dd5cd813c2f7360710f72e675ccd1f993bf75bc78e2799f1174a64
SSDEEP

12288:2wxslmAlrhKIlzpwq3C1NM++drnTIp1xi6rNN+PkSKuXB:2wqlmAlVKIlzqq3C1Nodrgo6pcPkroB

Score

1^/10

Malware Config

Signatures

Files

AFUWINx64.EXE
.exe windows x64

64ec05f37b9ac515da59abb185da43ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassExA
ExitWindowsEx
BlockInput
SystemParametersInfoA
wsprintfA
MessageBoxA

kernel32

SetConsoleCtrlHandler
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateFileA
CreateMutexA
DeviceIoControl
GetWindowsDirectoryA
GetSystemDirectoryA
GetFullPathNameA
CreateThread
LocalFree
CreateNamedPipeA
WriteFile
ReadFile
SetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableA
GetLastError
SetThreadExecutionState
Sleep
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
CloseHandle
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
HeapFree
WideCharToMultiByte
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
ExitProcess
GetCommandLineA
RaiseException
RtlPcToFileHeader
MultiByteToWideChar
GetFileAttributesA
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetFilePointer
HeapSetInformation
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

RegSetValueExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegQueryValueExA

shell32

ShellExecuteA

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64ec05f37b9ac515da59abb185da43ba

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

shell32

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 18KB - Virtual size: 83KB

.pdata Size: 25KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 18KB - Virtual size: 83KB

.pdata
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB