Farlight_84[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Farlight_84.rar
Size

5.4MB
MD5

730a25631b1f4cbda0dce6214b45e628
SHA1

7e1d65ba72cd37537a1b59ba7e4a07d6516d5406
SHA256

c6e38a1c90b0922c18a533420005faf6b5ba9274c527a9f6233c208c785ea71f
SHA512

41d5890f017286aa303869be8b36834d932d8ad136498293487aef91f1a693ba1214b55eebbf3f0df64cc35e9806a84a633add1e660fa7e844e32e6815219350
SSDEEP

98304:5XVl6bVF5luX1446x8dejJRfM6c2+TpS+HCJSFkKAHgHUb4En22ZXlnQI2bE1c7p:5P6b/54X14CdeVpMd2+TM+5+VoUbtn2X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Farlight 84/Farlight84.exe

Files

Farlight_84.rar
.rar
Farlight 84/Farlight84.exe
.exe windows x64

84f7bd7631189157866a922ecafa8f1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opengl32

glGetIntegerv
wglGetCurrentDC
glDisable
glDrawElements
glIsEnabled
glGetString
wglGetProcAddress
glViewport
glScissor
glEnable
glGenTextures
glPolygonMode
glPixelStorei
glTexImage2D
glTexParameteri
glBindTexture
glClear

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
GetModuleHandleExW
FormatMessageW
FreeLibrary
GetCurrentThreadId
GetModuleHandleA
GetTempPathW
Module32First
SetLastError
FormatMessageA
LocalFree
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
Module32Next
VirtualFree
WriteProcessMemory
CheckRemoteDebuggerPresent
IsDebuggerPresent
CreateDirectoryA
EnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
InitializeCriticalSection
SetThreadExecutionState
GetModuleHandleW
FindClose
GetFullPathNameA
FindNextFileA
FindFirstFileA
Process32Next
TerminateProcess
Process32First
CreateRemoteThread
ReadProcessMemory
VirtualAllocEx
ExitProcess
GetProcAddress
GetThreadContext
FreeConsole
LoadLibraryA
GetCurrentThread
OpenProcess
VirtualAlloc
DeviceIoControl
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
LeaveCriticalSection
GetConsoleWindow
CloseHandle
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
GetPrivateProfileStringA
WritePrivateProfileStringA
WideCharToMultiByte
CreateToolhelp32Snapshot
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
GetLastError
Sleep
HeapSize
InitializeCriticalSectionEx
HeapFree
GetModuleFileNameA

user32

MessageBoxA
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
EmptyClipboard
GetAsyncKeyState
GetPropW
SetPropW
ReleaseDC
GetDC
CloseClipboard
GetClientRect
GetWindowLongA
SetWindowLongA
TranslateMessage
GetForegroundWindow
ClientToScreen
ShowWindow
SetWindowPos
TrackMouseEvent
DispatchMessageW
PeekMessageW
GetMessageTime
SendMessageW
PostMessageW
WaitMessage
DefWindowProcW
RegisterClassExW
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
MoveWindow
FlashWindow
RemovePropW
OpenClipboard
SetWindowTextW
GetCursorPos
CreateWindowExW
DestroyWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DispatchMessageA
GetWindow
GetWindowThreadProcessId
SendInput
FindWindowA
SetClipboardData
GetClipboardData
PeekMessageA

gdi32

ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
GetDeviceCaps
DeleteDC
CreateDCW
CreateDIBSection
DeleteObject
CreateRectRgn
SwapBuffers
CreateBitmap

advapi32

RegSetValueExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
GetUserNameA
RegSetKeyValueW
RegCreateKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegGetValueW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey

shell32

DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

msvcp140

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Cnd_broadcast
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

normaliz

IdnToAscii

wldap32

ord41
ord50
ord45
ord60
ord211
ord46
ord301
ord22
ord30
ord79
ord35
ord33
ord32
ord27
ord217
ord143
ord26
ord200

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA

ws2_32

closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
WSAIoctl
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
getaddrinfo

ntdll

NtReadVirtualMemory
NtRaiseHardError
RtlInitUnicodeString
NtQuerySystemInformation
RtlAdjustPrivilege

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__std_terminate
strstr
memset
memcpy
memmove
_CxxThrowException
memchr
memcmp
strchr
__current_exception_context
__current_exception
__C_specific_handler
strrchr
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
_set_new_mode
calloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
exit
system
_errno
_invalid_parameter_noinfo_noreturn
_c_exit
strerror
__sys_nerr
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_resetstkoflw
__p___argv
__p___argc
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_getpid
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_exit

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_lseeki64
__stdio_common_vsprintf
fsetpos
feof
ungetc
_close
_set_fmode
fputs
fopen
fread
_popen
setvbuf
fgetpos
__p__commode
fflush
_read
_write
_pclose
__acrt_iob_func
ftell
_open
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fwrite
fputc
fgets
__stdio_common_vswprintf
fgetc
fseek
fclose
_fseeki64
__stdio_common_vsscanf
_wfopen

api-ms-win-crt-convert-l1-1-0

strtoull
strtol
atoi
strtoll
strtod
strtoul
atof

api-ms-win-crt-math-l1-1-0

tanf
ldexp
atan2f
__setusermatherr
acosf
ceil
fmodf
cosf
_dclass
ceilf
pow
sinf
sqrt
sqrtf
powf
log2

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64
clock
_localtime64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
isupper
strpbrk
strncpy
_stricmp
strncmp
strcspn
strspn
tolower

api-ms-win-crt-filesystem-l1-1-0

_stat64
remove
_fstat64
_lock_file
_unlock_file
_stat64i32
_wremove
_access
_unlink

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Farlight 84/Res/Config/Config1.ini
Farlight 84/Res/Config/gui.ini
Farlight 84/Res/Key/key.cx
Farlight 84/Res/fonts/bold.ttf

Sharing

General

Malware Config

Signatures

Files

84f7bd7631189157866a922ecafa8f1f

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

normaliz

wldap32

crypt32

ws2_32

ntdll

imm32

rpcrt4

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 461KB - Virtual size: 460KB

.data Size: 25KB - Virtual size: 278KB

.pdata Size: 46KB - Virtual size: 45KB

.rsrc Size: 157KB - Virtual size: 156KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 461KB - Virtual size: 460KB

.data
Size: 25KB - Virtual size: 278KB

.pdata
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 157KB - Virtual size: 156KB

.reloc
Size: 6KB - Virtual size: 5KB