DFYL-GF[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

DFYL-GF.exe
Size

3.7MB
MD5

c009f623472ef0cd972a38608ac96db2
SHA1

a693743d627bae297c13cc8de9cf2489d05db65e
SHA256

85ffe86f99c418417bbf195b6f9d8e6c817d821506cc16a4a3ee8c6392d78620
SHA512

0feb25afe86aa5cdf7b4e18d94bd442d0e6fe4edf4ffe7479cb40d93a3ca648aed3b4244f7cb20928251ac7118d177bb4930bb2fd56c250f0ba3ea471fc12c0e
SSDEEP

98304:E7uBtY6oI62jEb678CqJe5VuP1rAuR7tKFecH3LL600BY:E7uo6QSEb67VuP1sudxeL+Y

Score

1^/10

Malware Config

Signatures

Files

DFYL-GF.exe
.exe windows x86

97e55abb960f663c96e7205bcda57f24

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:ab:f2:61:3a:b9:c8:74:1e:fb:e7:e9:e3:1e:d8:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01-06-2012 00:00

Not After

09-07-2015 23:59

Subject

CN=Aruba Networks\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Aruba Networks\, Inc.,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
wsprintfA
MessageBoxA
DestroyMenu
SetWindowTextA
LoadIconA
SetClassLongA
GetDlgItemTextA
EnableWindow
CreateDialogParamA
SetWindowPos
LoadMenuA
ClientToScreen
GetSubMenu
TrackPopupMenu
DestroyWindow
ChildWindowFromPoint
SetCursor
DialogBoxParamA
ShowWindow
LoadCursorA
GetDialogBaseUnits
PostMessageA
GetDlgItem
EndDialog
UpdateWindow
SetDlgItemTextA
BeginPaint
LoadBitmapA
EndPaint
GetDC
ReleaseDC

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
StretchBlt
SetTextColor
DeleteObject
GetStockObject
CreateCompatibleDC
Rectangle
SetBkMode
SetROP2

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

kernel32

GetStringTypeA
GetLocaleInfoA
GetStringTypeW
LoadLibraryA
HeapSize
GetOEMCP
GetACP
GetCPInfo
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InitializeCriticalSection
GetPrivateProfileIntA
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapDestroy
ExitProcess
CloseHandle
FormatMessageA
GetLastError
lstrcpyA
VirtualAlloc
lstrlenA
VirtualFree
lstrcmpA
GetFileAttributesA
lstrcatA
GetSystemDirectoryA
GetTempPathA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
CreateDirectoryA
GetFullPathNameA
ReadFile
SetFilePointer
CreateFileA
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
WriteFile
DeleteFileA
GetPrivateProfileStringA
GetTempFileNameA
GetModuleFileNameA
GetCurrentProcess
RemoveDirectoryA
Sleep
CreateThread
WinExec
WaitForSingleObject
CreateProcessA
SetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
MultiByteToWideChar
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97e55abb960f663c96e7205bcda57f24

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

1d:ab:f2:61:3a:b9:c8:74:1e:fb:e7:e9:e3:1e:d8:a3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

user32

advapi32

gdi32

shell32

ole32

kernel32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 33KB

.rsrc Size: 70KB - Virtual size: 69KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1d:ab:f2:61:3a:b9:c8:74:1e:fb:e7:e9:e3:1e:d8:a3
Certificate

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 33KB

.rsrc
Size: 70KB - Virtual size: 69KB