F[.]exe | Triage

Resubmissions

04/11/2023, 12:35

231104-psth7shh5x 7

04/11/2023, 10:39

231104-mp6m9aga7x 7

Sharing

Copy URL Twitter E-mail

General

Target

F.exe
Size

440KB
MD5

8df3f8578e5af54d6a3cabe5fa9d7cfd
SHA1

e9a152e373cd15eeabd2e10393c4a1830698b67b
SHA256

d71eebf57efaf80e9d60b847ab1a032cd2f9d915c8aa20a8587107f24e0f1f47
SHA512

4f89d3ffcfbce9ed454a3574b1e6d6fc0e27bb5150c2536ab0c0fd3cfafb1bbda61017ba83adb36fb9b7c2d7aaba0036fdc7638b640f70f50d496f52c92b51ba
SSDEEP

6144:1J5gBuohNpNAoy2nzRwMWzDUJL9MXRtIBicP1cGLlBKE3/KJZMry:1zh4NzAobnUWL9MDIBictLKEvSZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
F.exe

Files

F.exe
.exe windows:4 windows x86

f37de17af1a7bbfb59c29b3aacfa4520

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LocalFree
lstrcpynA
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
LocalReAlloc
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
GetProcessVersion
GlobalFlags
InterlockedExchange
RaiseException
CloseHandle
FlushFileBuffers
SetFilePointer
SetStdHandle
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
Sleep
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetProcessHeap
IsBadReadPtr
FreeLibrary
LoadLibraryA
lstrcmpA
GetProcAddress

comctl32

ord17

user32

AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
LoadStringA
UnhookWindowsHookEx
GetClientRect
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
SetWindowLongA

gdi32

SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Sections

.text
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f37de17af1a7bbfb59c29b3aacfa4520

Headers

File Characteristics

Imports

kernel32

comctl32

user32

gdi32

winspool.drv

Sections

.text Size: 376KB - Virtual size: 372KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 16KB - Virtual size: 29KB

.text
Size: 376KB - Virtual size: 372KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 16KB - Virtual size: 29KB