cmd-fy78fa[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cmd-fy78fa.exe
Size

230KB
MD5

e72506477317969211638830de3174d8
SHA1

bba73f6c1c212b20d3291e04036328a867506be4
SHA256

4b2f2b322507f4e59204e8750dbdf4761825f546f617571e76461768f795fb55
SHA512

9db667228c0b2772547144cc630a0b0e46179cdbfb9174bb3c66e9ed1da40e9a65a98caefea2fe9a8ff58dacda4630bf483a5fe8e7f621a9769753ba0d1cda56
SSDEEP

6144:2LCkt63w0V/4rQt9t/GEmgLL3c8Vif/z3WSEctnmGT:2Vt+w8wyv/666WoJf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmd-fy78fa.exe

Files

cmd-fy78fa.exe
.exe windows:10 windows x86

392b4d61b1d1dadc1f06444df258188a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
_unlock
_lock
_initterm
wcsspn
_tell
_except_handler4_common
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
calloc
free
_purecall
__CxxFrameHandler3
?terminate@@YAXXZ
_wcslwr
_controlfp
_dup2
memcmp
_local_unwind4
_dup
??1type_info@@UAE@XZ
_close
_open_osfhandle
swscanf
_ultoa
_pipe
memmove
wcsncmp
_setmode
exit
_getch
iswspace
wcschr
iswxdigit
_setjmp3
time
srand
_wtol
fflush
wcsstr
iswalpha
wcstoul
??3@YAXPAX@Z
_errno
??_V@YAXPAX@Z
printf
memcpy_s
_onexit
fgets
qsort
rand
_pclose
fprintf
wcsrchr
ferror
realloc
towlower
setlocale
towupper
_wcsupr
feof
_wpopen
_wcsnicmp
_get_osfhandle
longjmp
iswdigit
wcstol
_vsnwprintf
_wcsicmp
__iob_func
malloc
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memset

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlFindLeastSignificantBit
RtlFreeHeap
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationFile
NtQueryVolumeInformationFile
NtSetInformationProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtCancelSynchronousIoFile
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString

api-ms-win-core-kernel32-legacy-l1-1-0

GetConsoleWindow
CopyFileW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
TryAcquireSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
LeaveCriticalSection
ReleaseMutex
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapSize
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
CreateProcessW
CreateProcessAsUserW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
DeleteProcThreadAttributeList
OpenThread
ResumeThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
SetThreadLocale
GetACP
GetThreadLocale
GetUserDefaultLCID
GetCPInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
ReadProcessMemory

api-ms-win-core-console-l1-1-0

ReadConsoleW
WriteConsoleW
GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-file-l1-1-0

ReadFile
GetFileAttributesW
GetFileSize
SetFilePointer
GetFullPathNameW
GetVolumePathNameW
CreateFileW
WriteFile
SetFilePointerEx
FindFirstFileExW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
CompareFileTime
RemoveDirectoryW
FindFirstFileW
GetFileType
FindNextFileW
FindClose
GetVolumeInformationW
SetFileTime
DeleteFileW
SetEndOfFile
SetFileAttributesW
CreateDirectoryW
GetDriveTypeW
FlushFileBuffers
GetFileAttributesExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableW
GetCurrentDirectoryW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
SearchPathW
GetCommandLineW

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
FlushConsoleInputBuffer
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ScrollConsoleScreenBufferW

api-ms-win-security-base-l1-1-0

RevertToSelf
GetSecurityDescriptorOwner
GetFileSecurityW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
SetLocalTime
GetLocalTime
GetVersion
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
GetFileInformationByHandleEx
MoveFileExW
MoveFileWithProgressW
CreateHardLinkW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

392b4d61b1d1dadc1f06444df258188a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 176KB - Virtual size: 175KB

.data Size: 512B - Virtual size: 109KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 176KB - Virtual size: 175KB

.data
Size: 512B - Virtual size: 109KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 9KB