fsquirt[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fsquirt.exe
Size

130KB
MD5

4a10b6c31937ac70822806b32edd9059
SHA1

48213268e092b55904ce20f020f92c92f2d35bda
SHA256

d76d30c2fb42771f5211eeac4018b53d0de7b4ac0bbd68b5ecf3bcd888766a99
SHA512

eeb48ab34bad1e7a9d5895efc25294598e4fbd2b0e02a988025d536d7832667f1baa68e0ceaa6b75abd305a213aa55fd1d13b77700f0a7c8601afedebda51632
SSDEEP

1536:3C68p77L6K2p039nM2QM8Rx9huOK6JvBMBOGu2Co1mrh+n9tJnhIs2z:kopElnR8R3yBOSCo1s+9bhr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fsquirt.exe

Files

fsquirt.exe
.exe windows x86

4dac79f4463af97caac636947d45e5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegGetValueW
RegSetValueExW

kernel32

IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
GetCurrentProcessId
GetLastError
CreateSemaphoreExW
CreateFileW
WriteFile
RaiseException
HeapFree
ResetEvent
CreateEventW
CreateThread
MulDiv
RemoveDirectoryW
LocalFree
PowerCreateRequest
PowerSetRequest
GetFileSizeEx
GetTickCount64
GetFileAttributesW
GetTempPath2W
CreateDirectoryW
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
ReadFile
WaitForMultipleObjects
GetOverlappedResult
HeapReAlloc
GetModuleHandleExW
GetProcessHeap
SetEvent
HeapAlloc
FormatMessageW
CreateMutexExW
GetTickCount

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
CreateFontIndirectW

user32

GetWindowLongW
LoadImageW
GetDC
ReleaseDC
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
SendDlgItemMessageW
SetWindowLongW
EnableWindow
KillTimer
PostQuitMessage
PostThreadMessageW
GetParent
PostMessageW
GetDlgItem
LoadStringW
CharNextW
MessageBoxW
ShowWindow
SetDlgItemTextW
GetWindowTextLengthW
SetWindowTextW
SetForegroundWindow
MapWindowPoints
GetWindowRect
SendMessageW

msvcrt

__dllonexit
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
__p__fmode
__getmainargs
_amsg_exit
memcpy
__p__commode
_unlock
_cexit
_CxxThrowException
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_lock
_acmdln
_initterm
__setusermatherr
_XcptFilter
_ismbblead
malloc
free
_get_errno
_exit
exit
__CxxFrameHandler3
__set_app_type
_set_errno
rand_s
_ui64tow_s
wcstoul
_wcsicmp
memcpy_s
_vsnwprintf
memmove
_callnewh
memset

comctl32

PropertySheetW
InitCommonControlsEx

shell32

ord258
SHCreateItemFromParsingName
ord190
SHCreateShellItemArrayFromIDLists
SHBindToParent
SHGetKnownFolderItem
SHSetLocalizedName
SHBrowseForFolderW
SHGetDesktopFolder
SHCreateItemFromIDList
ord155
ShellExecuteW
SHGetFolderPathW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

shlwapi

PathFindFileNameW
StrFormatByteSizeW
StrStrIA
PathAddExtensionW
PathAppendW
PathRemoveFileSpecW
StrRetToBufW
ord174
PathIsDirectoryW
PathFindExtensionW
PathCombineW

ws2_32

getpeername
ioctlsocket
WSARecv
WSAGetOverlappedResult
WSASend
WSASetServiceW
listen
getsockname
bind
connect
WSAGetLastError
setsockopt
socket
closesocket
WSACleanup
WSAStartup

mswsock

AcceptEx

ole32

CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoInitializeEx
CoRevokeClassObject

bthprops.cpl

BluetoothEnableDiscovery
BluetoothGetDeviceInfo
BluetoothFindRadioClose
BluetoothFindFirstRadio
BluetoothAuthenticateDeviceEx

powrprof

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dac79f4463af97caac636947d45e5f1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

shell32

comdlg32

shlwapi

ws2_32

mswsock

ole32

bthprops.cpl

powrprof

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 62KB - Virtual size: 62KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 62KB - Virtual size: 62KB

.reloc
Size: 3KB - Virtual size: 2KB