Static task
static1
General
-
Target
malware_fcsc.exe
-
Size
199KB
-
MD5
76b6bf6cb2f1a3705d590cf4ecfeedb1
-
SHA1
b8ab78c349c6fa98000f28384fd4c32567b80c43
-
SHA256
d641c9bf7fd9c03b2926e3935a763d627a2daab7db6831def2ec652d10793c36
-
SHA512
da7c5b6612cfe8c2fd26cfa7997b76655f21da4ece50380d18b9ba3d62ded1520245ebe06bcc06f7abe7a6ab6f98aed49ce595b1cd87f01ad620ea0adbf597fa
-
SSDEEP
3072:DI0nPvatfJ7MGVFUaD9i6RAQqf5aMXT5m67RpexEzJ/G6M4klj6n+RHcHr:DKt57F5TA53XTE47exEzJwjRROr
Malware Config
Signatures
Files
-
malware_fcsc.exe.dll windows x64
c60074f21d3b2523e56004f278ea7d7f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
ntohl
htonl
freeaddrinfo
getaddrinfo
WSADuplicateSocketA
WSAGetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
htons
crypt32
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertGetCertificateContextProperty
wininet
InternetOpenW
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
winhttp
WinHttpOpen
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
kernel32
EnterCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetLastError
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
OpenThread
SetLastError
SuspendThread
ResumeThread
Sleep
LoadLibraryA
GetVersionExW
CreateToolhelp32Snapshot
LeaveCriticalSection
Thread32Next
FlushInstructionCache
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
VirtualProtectEx
ExitProcess
SetUnhandledExceptionFilter
CreateRemoteThread
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
GetCurrentThreadId
SetHandleInformation
FlushFileBuffers
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GlobalFree
CreateThread
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
SetStdHandle
WriteConsoleW
Thread32First
SetNamedPipeHandleState
GetModuleHandleExW
HeapFree
HeapAlloc
RtlUnwindEx
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
EncodePointer
DecodePointer
user32
GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop
advapi32
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateLoggedOnUser
OpenThreadToken
ole32
CoCreateGuid
Sections
.text Size: 133KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ