Far[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Far.exe
Size

820KB
MD5

2a1e05e1bb1d85ce36c5b7bf37c97816
SHA1

9c08182b4a918658bb979dc54cfce2d2532a9e8e
SHA256

cd6c35fad5689a1e1d43cadcaad3c4f6bf4296c2b17e575617b7dbac55581767
SHA512

df074b46b05c150029d637c309bf108c5a2752ed5190aa8f1410081ef850ff2b7780e23aa573b511278d7c81bf1ee130854235ae6553336abd553ed4e0813004
SSDEEP

12288:x3afpcJP0z//V2W8zXoyZQXsk0L4k76e6imrH8Rd6QMqikJ/Ghpf:AyJKnhckHre6imrE+fJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Far.exe

Files

Far.exe
.exe windows x86

1c9cd600efdd466cb12d420e9ed7d6e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetFileSecurityA
GetSecurityDescriptorOwner
GetUserNameA
LookupAccountSidA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA

kernel32

AllocConsole
BackupWrite
CloseHandle
CompareFileTime
CompareStringA
CopyFileA
CreateDirectoryA
CreateFileA
CreateFileW
CreateMutexA
CreateProcessA
CreateThread
DefineDosDeviceA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageA
FreeConsole
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCompressedFileSizeA
GetComputerNameA
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTempPathA
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
IsBadWritePtr
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
OpenProcess
PeekConsoleInputA
QueryDosDeviceA
RaiseException
ReadConsoleA
ReadConsoleInputA
ReadConsoleOutputA
ReadConsoleOutputW
ReadFile
ReleaseMutex
RemoveDirectoryA
RtlUnwind
SearchPathA
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleA
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteConsoleOutputA
WriteConsoleOutputW
WriteFile
lstrcpyW
lstrlenA
lstrlenW

mpr

WNetCancelConnection2A
WNetGetUniversalNameA
WNetGetConnectionA

winspool.drv

ClosePrinter
EndDocPrinter
EnumPrintersA
OpenPrinterA
StartDocPrinterA
WritePrinter

shell32

ExtractIconExA
FindExecutableA
SHFileOperationA
ShellExecuteA
ShellExecuteExA

user32

CharLowerA
CharToOemA
CharToOemBuffA
CharUpperA
CloseClipboard
CopyIcon
EmptyClipboard
EnumClipboardFormats
EnumThreadWindows
EnumWindows
GetAsyncKeyState
GetClipboardData
GetKeyboardLayoutList
GetSystemMetrics
GetWindowLongA
GetWindowPlacement
GetWindowTextA
GetWindowThreadProcessId
IsCharAlphaA
IsCharAlphaNumericA
IsCharLowerA
IsCharUpperA
IsIconic
IsWindowVisible
MapVirtualKeyA
MapVirtualKeyExA
MessageBeep
MessageBoxA
OemToCharA
OemToCharBuffA
OpenClipboard
PostMessageA
RegisterClipboardFormatA
SendMessageA
SetClipboardData
SetForegroundWindow
ShowWindowAsync
SystemParametersInfoA
VkKeyScanA
VkKeyScanExA
WaitForInputIdle
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c9cd600efdd466cb12d420e9ed7d6e6

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

winspool.drv

shell32

user32

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 656KB

.data Size: 121KB - Virtual size: 172KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 8KB

.reloc Size: 27KB - Virtual size: 28KB

.text
Size: 656KB - Virtual size: 656KB

.data
Size: 121KB - Virtual size: 172KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 27KB - Virtual size: 28KB