ffpmeg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffpmeg.exe
Size

2.6MB
MD5

d33397636aab94460515fde7ce0f869c
SHA1

a6c4fa347bb0362929798990b42d9eb6fdded200
SHA256

9a260b4a07480f62f6cc49d08f1becffc4dd0cfc05db60675b8084cca77e1d7d
SHA512

12d1aa51e5886b9b92cbe05d593e636396a3b08a78d1aa472aba7d3ad005caceb0557979a8ac01805f681c5a230c428fadc04ea266262108a77bb772422e14d7
SSDEEP

49152:VBCJ6xtLysiuryiKhu9/Ye/gC/+wMAGl2O0bIU6iXh7A7R:nNiurFKhu9/YeoC/+BA02OR+W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffpmeg.exe

Files

ffpmeg.exe
.exe windows x64

d8e5d5e192a59e9a804a2ca971dbe5da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipDisposeImage
GdipFree
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdiplusShutdown
GdipCloneImage
GdipAlloc

user32

LoadStringA

bcrypt

BCryptGenRandom

ole32

CoGetApartmentType
CoGetObjectContext

kernel32

AcquireSRWLockExclusive
InitOnceExecuteOnce
TlsAlloc
TlsGetValue
TlsSetValue
RtlVirtualUnwind
WriteConsoleW
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
Sleep
WideCharToMultiByte
FormatMessageW
MoveFileExW
CloseHandle
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
ReleaseSRWLockExclusive
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
TryAcquireSRWLockExclusive
GetLocaleInfoEx
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetExitCodeThread
RtlPcToFileHeader
RaiseException
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
SetEnvironmentVariableW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetConsoleOutputCP
InitializeSRWLock
SetLastError
GetLastError
GetModuleHandleA
LoadLibraryA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
FreeLibrary
GetProcAddress
LoadLibraryExA
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
InitializeConditionVariable
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
TlsFree
RtlUnwindEx

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

ws2_32

connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
bind
__WSAFDIsSet
inet_pton
socket
accept
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
htons
select

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8e5d5e192a59e9a804a2ca971dbe5da

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

user32

bcrypt

ole32

kernel32

crypt32

advapi32

ws2_32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 533KB - Virtual size: 533KB

.data Size: 25KB - Virtual size: 39KB

.pdata Size: 84KB - Virtual size: 83KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 533KB - Virtual size: 533KB

.data
Size: 25KB - Virtual size: 39KB

.pdata
Size: 84KB - Virtual size: 83KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 8KB - Virtual size: 8KB