fg_lite[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fg_lite.exe
Size

115KB
MD5

89e874587251880567de2ae6058f2d66
SHA1

e1665eccb93581878dfed3cad091e34c7415b7e2
SHA256

434dd11b45ff74b167a3f5b6ae4d9f08ff43c7b474c6bcbb3822b0ac69a1047a
SHA512

7b1cd012dfb32d8c656b3cecd8418d89e7b24b85fb4e6a4dcfff3bb5ca3a48909677c605a419c403b0bb48fdc5047d0d5e3888400971c9828f05a4fd7b20a3ab
SSDEEP

1536:n5fFH+kOgpZ+4pGvArp1/HGFup3UbQ4o+jYfbzQy4:Bd+kbzGv81/HGF6KCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fg_lite.exe

Files

fg_lite.exe
.exe windows:4 windows x86

11400137286ada37c1e62c1372aee830

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
GetStockObject
LineTo
MoveToEx
SelectObject

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTickCount
GlobalAddAtomA
GlobalGetAtomNameA
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_snprintf
_winmajor
abort
atexit
calloc
exit
exp
free
fwrite
log
malloc
memcpy
rand
signal
sin
sprintf
srand
sscanf
strcat
strcmp
strcpy
strlen
time
vfprintf

shell32

ShellExecuteA

user32

AppendMenuA
BeginPaint
CreateMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
DrawTextA
EndDialog
EndPaint
GetClientRect
GetDC
GetMessageA
GetWindowRect
GetWindowTextA
LoadCursorA
LoadIconA
MessageBoxA
MoveWindow
PackDDElParam
PostMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
SendMessageA
SetFocus
SetScrollPos
SetScrollRange
SetWindowTextA
ShowWindow
TranslateMessage
UnpackDDElParam
UpdateWindow

winmm

waveOutClose
waveOutGetDevCapsA
waveOutGetErrorTextA
waveOutGetID
waveOutGetNumDevs
waveOutGetVolume
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11400137286ada37c1e62c1372aee830

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

shell32

user32

winmm

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 37KB - Virtual size: 37KB

.rdata Size: 9KB - Virtual size: 8KB

.eh_fram Size: 1024B - Virtual size: 820B

.bss Size: - Virtual size: 212KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 37KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 8KB

.eh_fram
Size: 1024B - Virtual size: 820B

.bss
Size: - Virtual size: 212KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB