ffs[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ffs.zip
Size

413KB
MD5

551db647a5fb60eb299045b081e619a2
SHA1

c4810e325ba80cf71dd6021e8f80588d41903056
SHA256

672c717f1b43ff463ae220b50bf82b6c30d38fda9b9da9c71052996b7fabc923
SHA512

0e06bc58fd8afd38ea42e8b48caebc0b847b6cb0e350ca1c4414f91db6a4314cc257b824c1e594fa5795414fd0235121a8a400182b7f1b5dd74fd735d3b08b6a
SSDEEP

12288:Q53oZf4RkG2kDN9Dm0HavKWB26rcp/9+fS:Q5QEk4DNc06/B/rcNAK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ffs/ffs.exe

Files

ffs.zip
.zip
ffs/ffs.exe
.exe windows x86

993566bcd4a7fec237d6229e5a933b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
_ftime
_iob
fopen
fclose
printf
exit
fwrite
_controlfp
malloc
__setusermatherr
fprintf
memmove
strcmp
qsort
realloc
strerror
raise
wcsstr
_vsnprintf
vfprintf
tolower
isspace
isdigit
_strnicmp
_ftol
memchr
getenv
_wfopen
fread
fflush
_setmode
ftell
fseek
fgets
_stricmp
isxdigit
_stat
isupper
sscanf
strtoul
gmtime
fputs
_getch
signal
_errno
abort
strchr
strstr
atoi
time
localtime
strncpy
__CxxFrameHandler
_splitpath
_makepath
strncmp
_except_handler3
sprintf
free

ws2_32

shutdown
select
recv
send
WSAGetLastError
WSAStartup
socket
setsockopt
inet_addr
htons
connect
bind
closesocket
WSASetLastError

mfc42

ord551
ord1575
ord540
ord4160
ord3318
ord3811
ord800
ord3790
ord665
ord1979
ord5442
ord5186
ord354
ord561
ord815
ord3337

kernel32

GetProcAddress
GetCurrentThreadId
GetTickCount
FreeLibrary
LoadLibraryA
FlushConsoleInputBuffer
GetVersion
SetLastError
GetLocalTime
Sleep
CloseHandle
GetPrivateProfileStringA
GetCommandLineA
GetModuleHandleA
GetFileType
GetStdHandle
MultiByteToWideChar
GetCurrentProcessId
GlobalMemoryStatus
QueryPerformanceCounter
GetLastError
WritePrivateProfileStringA

advapi32

RegOpenKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegCloseKey
RegCreateKeyA

msvcp60

??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

netapi32

Netbios

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

Sections

.text
Size: 588KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

993566bcd4a7fec237d6229e5a933b6d

Headers

File Characteristics

Imports

msvcrt

ws2_32

mfc42

kernel32

advapi32

msvcp60

netapi32

user32

Sections

.text Size: 588KB - Virtual size: 585KB

.rdata Size: 216KB - Virtual size: 214KB

.data Size: 40KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 160B

.text
Size: 588KB - Virtual size: 585KB

.rdata
Size: 216KB - Virtual size: 214KB

.data
Size: 40KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 160B