fgh[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fgh.exe
Size

11.6MB
MD5

3e94f2451d6479610d0caaa6a0a5a796
SHA1

b88c8ce04f18ec1f6074285c0a1df055e2b3a79b
SHA256

e841fcdc8fd4ae8f1d066ffe26c3a51e90b025e3244c706fb905c99be1f1d1ec
SHA512

ebef693371f977e765e6b8ef4d6b75d2af242ba2982bc41d0c00d16ef568196acebeb635f48b810746b6e7eb41709b1683dad1f0f11f28b9c9dbe6644c382d54
SSDEEP

98304:p2xrwlmIijHDtCoez+FXbcnirTQBLqEikOj1ZUz22X9Hd0x/y2kepjNjMSqKw0zf:pzX9a2wFhGI

Score

1^/10

Malware Config

Signatures

Files

fgh.exe
.exe windows x64

b4584a4ace010dda7e81015418fe4da8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

MiniDumpWriteDump
StackWalk64
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymInitialize

kernel32

AddVectoredContinueHandler
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueEx
DeleteTimerQueueTimer
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FlushConsoleInputBuffer
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
GetACP
GetBinaryTypeW
GetCPInfo
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentStrings
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadTimes
GetTickCount
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSetInformation
InitializeCriticalSection
IsDBCSLeadByteEx
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReleaseSemaphore
RemoveVectoredContinueHandler
ResetEvent
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlMoveMemory
RtlVirtualUnwind
SearchPathW
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_chmod
_creat
_ctime64
_dup
_dup2
_environ
_errno
_fileno
_fmode
_fpreset
_fstat64
_get_osfhandle
_getpid
_initterm
_isatty
_isatty
_lock
_lseeki64
_mkdir
_onexit
_open_osfhandle
_pipe
_read
_read
_setmode
_strdup
_telli64
_time64
_unlock
_umask
_utime64
_vsnwprintf
_wassert
_wcsdup
_wcsdup
_wfdopen
_unlink
_write
_write
_wsplitpath_s
_wstat
_wstat64
abort
acos
acosf
asin
asinf
atan
atanf
atof
atoi
bsearch
calloc
cos
cosf
cosh
coshf
exit
exp
expf
fclose
feof
fflush
fprintf
fputc
fputwc
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
islower
isspace
isupper
ldexp
localeconv
log
logf
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
pow
powf
qsort
raise
realloc
setlocale
signal
sin
sinf
sinh
sinhf
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
swprintf_s
tan
tanf
tanh
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsnlen

shell32

CommandLineToArgvW

user32

MessageBoxA

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps

ws2_32

WSAGetLastError
closesocket
recv
select
send

Sections

.text
Size: 939KB - Virtual size: 939KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 690KB - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4584a4ace010dda7e81015418fe4da8

Headers

File Characteristics

Imports

dbghelp

kernel32

msvcrt

shell32

user32

winmm

ws2_32

Sections

.text Size: 939KB - Virtual size: 939KB

.data Size: 143KB - Virtual size: 142KB

.rdata Size: 213KB - Virtual size: 213KB

.pdata Size: 18KB - Virtual size: 17KB

.xdata Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 20KB - Virtual size: 20KB

/19 Size: 4.3MB - Virtual size: 4.3MB

/31 Size: 125KB - Virtual size: 125KB

/45 Size: 359KB - Virtual size: 358KB

/57 Size: 57KB - Virtual size: 56KB

/70 Size: 31KB - Virtual size: 30KB

/81 Size: 690KB - Virtual size: 689KB

/92 Size: 126KB - Virtual size: 126KB

.text
Size: 939KB - Virtual size: 939KB

.data
Size: 143KB - Virtual size: 142KB

.rdata
Size: 213KB - Virtual size: 213KB

.pdata
Size: 18KB - Virtual size: 17KB

.xdata
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 20KB - Virtual size: 20KB

/19
Size: 4.3MB - Virtual size: 4.3MB

/31
Size: 125KB - Virtual size: 125KB

/45
Size: 359KB - Virtual size: 358KB

/57
Size: 57KB - Virtual size: 56KB

/70
Size: 31KB - Virtual size: 30KB

/81
Size: 690KB - Virtual size: 689KB

/92
Size: 126KB - Virtual size: 126KB