HiddenFileFinder[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HiddenFileFinder.exe
Size

3.1MB
MD5

778317c26a83fbbf7ab796abcc673772
SHA1

f6abf92574927ca607cc702a4e0a3d2bd59afd20
SHA256

1a052bcf731acaf24ddd136d12b0efcf0982696d91adc6a5cc4f641a06bc2d45
SHA512

c038517ba209f93ac7fac4c187138f88467bde7bfcf6a531a2f9cdb22d1c4a4690f7ab37d95a2cfd757f3ce9658e5e8761f445ece567e5a257f3b599a83877b4
SSDEEP

98304:0OUJ0/Nacm68QHGtxJegViTuqDvvvvvvvvvvvW11111111111RVzjm:0Fncm6YJegVioVzj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HiddenFileFinder.exe

Files

HiddenFileFinder.exe
.exe windows x86

e400e7dac05606a81bbebe20b75d57f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
LCMapStringW
GetCommandLineA
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
SearchPathA
GetProfileIntA
GetTempFileNameA
VerifyVersionInfoA
VerSetConditionMask
FindResourceExW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
lstrcpyA
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
GetACP
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
lstrcmpiA
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
DeleteFileA
GetPrivateProfileIntA
SuspendThread
SetThreadPriority
lstrcmpA
GetVersionExA
GetCurrentThread
GetModuleFileNameA
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
OutputDebugStringA
SetLastError
CopyFileA
FormatMessageA
GlobalSize
GetFileSize
GetVolumeInformationA
ResetEvent
SetEvent
WaitForSingleObject
FreeResource
ResumeThread
GlobalFree
MulDiv
CreateEventA
GetPrivateProfileStringA
WritePrivateProfileStringA
InterlockedDecrement
FindClose
FindNextFileA
InterlockedIncrement
FindFirstFileA
LocalFree
LeaveCriticalSection
EnterCriticalSection
Sleep
LocalAlloc
GetTickCount
InterlockedCompareExchange
GetWindowsDirectoryA
InitializeCriticalSection
FreeLibrary
lstrcpynA
LoadLibraryA
MultiByteToWideChar
GlobalUnlock
CreateDirectoryA
CreateProcessA
GetProcessHeap
DeleteCriticalSection
GlobalLock
GetProcAddress
DecodePointer
FileTimeToLocalFileTime
SetFileAttributesA
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
GlobalAlloc
FileTimeToSystemTime
CreateFileA
GetFileAttributesA
GetTempPathA
HeapSize
GetSystemWindowsDirectoryA
GetModuleHandleA
FindResourceA
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
WriteFile
GetCurrentDirectoryA
GetCurrentProcess
HeapFree
GetFileAttributesExA
GetFileSizeEx
GetLogicalDrives
ReadFile
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
VirtualQuery
CreateFileW

user32

GetMessageA
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
IntersectRect
MapVirtualKeyA
GetKeyNameTextA
GetWindowThreadProcessId
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
TranslateMessage
ShowOwnedPopups
CharUpperA
EnableWindow
SendMessageA
GetClientRect
UnregisterClassA
SetClipboardData
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
IsWindow
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
GetWindowRect
InflateRect
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
TrackMouseEvent
LoadImageW
WaitMessage
LoadCursorW
DeleteMenu
SetTimer
KillTimer
CharNextA
CopyAcceleratorTableA
InvalidateRgn
IsRectEmpty
MessageBeep
CreatePopupMenu
GetMenuDefaultItem
PostMessageA
GetIconInfo
WindowFromPoint
OffsetRect
GetCapture
DrawFocusRect
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
GetSysColor
EmptyClipboard
CloseClipboard
DestroyIcon
OpenClipboard
CopyIcon
LoadImageA
InvalidateRect
SetRect
DrawTextA
LoadIconW
GetSystemMenu
AppendMenuA
UpdateWindow
IsIconic
GetSystemMetrics
DrawIcon
LoadIconA
LoadMenuW
GetSubMenu
EnableMenuItem
GetCursorPos
GetActiveWindow
GetDC
ReleaseDC
FillRect
CopyRect
ReleaseCapture
PtInRect
GetParent
SetCursor
SetCapture
SetWindowLongA
RedrawWindow
LoadCursorA
DrawStateA
CreateAcceleratorTableA
DrawEdge
GetNextDlgGroupItem
SetRectEmpty
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
GetWindowLongA
ClientToScreen
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
UnionRect
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
FrameRect
SetCursorPos
BringWindowToTop
IsZoomed
DrawFrameControl
SetParent
SetClassLongA
SetWindowRgn

gdi32

GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
GetMapMode
SetRectRgn
GetTextExtentPoint32A
GetTextMetricsA
GetRgnBox
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetBkColor
CreateDCA
CopyMetaFileA
SetDIBitsToDevice
SetStretchBltMode
CreateFontIndirectA
GetObjectA
GetNearestColor
GetTextColor
DeleteDC
GetDeviceCaps
CreateSolidBrush
SelectObject
SetTextColor
SetBkMode
DeleteObject
GetStockObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DPtoLP
GetBkColor
CreateFontA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
CryptGetHashParam
RegOpenKeyExA
OpenProcessToken
CryptDestroyHash
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
CryptReleaseContext
AdjustTokenPrivileges
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
CryptCreateHash
CryptHashData
RegSetValueExA

shell32

SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHAppBarMessage
DragFinish
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragAcceptFiles
ord155
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFolderLocation
DragQueryFileA

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
StrFormatKBSizeA
PathIsUNCA
PathStripToRootA

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed
GetWindowTheme

ole32

OleIsCurrentClipboard
DoDragDrop
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoInitializeEx
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
GetHGlobalFromStream
CreateStreamOnHGlobal
OleFlushClipboard
CoDisconnectObject

oleaut32

SysAllocString
OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantCopy
OleLoadPicture
SafeArrayDestroy
VariantTimeToSystemTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
OleCreatePictureIndirect
SystemTimeToVariantTime

oledlg

ord8

psapi

GetModuleFileNameExA
GetPerformanceInfo

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageWidth

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e400e7dac05606a81bbebe20b75d57f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

psapi

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 23KB - Virtual size: 58KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 23KB - Virtual size: 58KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB