Static task
static1
Behavioral task
behavioral1
Sample
clientfmUx.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
clientfmUx.exe
Resource
win10v2004-20231127-en
General
-
Target
clientfmUx.exe
-
Size
516KB
-
MD5
38a9b7e6b93904b572e76cad2f99353c
-
SHA1
20bd0ea13cbc76cdbb9d002a457e543d02e9d500
-
SHA256
06b9b10a15c0b2856620dd4469c8a976bfbc42e506747a04a763dbeeaf1ecb79
-
SHA512
b381687ef7f9f32af5b254b33bfffc287f675ba06d990df011a460c4f76c81d76546203af6bf0fc412e328d5e013e3997db56b3454002edc71ab6357e4211683
-
SSDEEP
12288:1oPHzIcgTRo9RvHBQAC76LUkd0bpaMwdHqUz:SPHM1ohP0XAx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource clientfmUx.exe
Files
-
clientfmUx.exe.exe windows:4 windows x86 arch:x86
bdb1192f2013d9ddd25c0fdb6bbf8244
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindResourceA
ResetEvent
CreateEventA
GetLastError
DeleteFileA
FindClose
FindFirstFileA
GetFileAttributesA
CreateMutexA
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
LocalFree
GetCommandLineW
LoadLibraryA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
lstrcmpiA
SetCurrentDirectoryA
GetCurrentDirectoryA
DeleteCriticalSection
LeaveCriticalSection
LoadResource
LockResource
InitializeCriticalSection
EnterCriticalSection
Sleep
GetTickCount
ReadFile
VirtualQuery
FlushInstructionCache
TlsSetValue
RaiseException
TlsGetValue
TlsAlloc
TlsFree
CompareStringA
lstrcatA
CreateProcessA
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
FormatMessageA
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
SetUnhandledExceptionFilter
GetThreadContext
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetLocalTime
SetThreadPriority
SuspendThread
CreateFileA
GetEnvironmentVariableA
GetSystemDirectoryA
GetWindowsDirectoryA
SetFilePointer
WriteFile
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
SizeofResource
SetEvent
WaitForSingleObject
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetLastError
SetEnvironmentVariableA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemInfo
GetFileType
GetStdHandle
SetHandleCount
LCMapStringA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
VirtualProtect
FreeResource
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcpynA
MulDiv
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetOEMCP
GetFileTime
GetFullPathNameA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
WritePrivateProfileStringA
SetErrorMode
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
ExitThread
CreateThread
TerminateProcess
HeapReAlloc
HeapSize
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
InterlockedExchange
advapi32
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RevertToSelf
QueryServiceStatus
ControlService
RegCloseKey
StartServiceA
ChangeServiceConfigA
OpenServiceA
QueryServiceConfigA
user32
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
GetSysColor
GetMenu
UpdateWindow
IsWindowVisible
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
GetKeyState
TrackPopupMenu
ScrollWindow
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
IsChild
SendDlgItemMessageA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
WinHelpA
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
wsprintfA
GetDC
ReleaseDC
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
FindWindowA
IsRectEmpty
DrawIcon
SetWindowRgn
InvalidateRect
SetCapture
GetClassInfoA
GetCursorPos
PostQuitMessage
ShowOwnedPopups
ValidateRect
TranslateMessage
GetMessageA
InflateRect
GetMenuItemInfoA
DestroyMenu
WindowFromPoint
GetNextDlgTabItem
SetRect
CopyAcceleratorTableA
InvalidateRgn
TranslateAcceleratorA
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
CharNextA
SetWindowContextHelpId
MessageBeep
RegisterClipboardFormatA
GetNextDlgGroupItem
PostThreadMessageA
EndDialog
MapDialogRect
SetWindowPos
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetParent
SendMessageA
PostMessageA
MessageBoxA
GetWindowRect
OffsetRect
LoadImageA
GetClientRect
SetTimer
KillTimer
SetForegroundWindow
RegisterWindowMessageA
CloseClipboard
IsWindowEnabled
SetFocus
GetFocus
GetAsyncKeyState
GetWindowPlacement
CopyRect
PtInRect
GetWindow
SetClipboardData
EmptyClipboard
OpenClipboard
LoadIconA
SystemParametersInfoA
GetDlgItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
SetRectEmpty
MsgWaitForMultipleObjects
SetMenuDefaultItem
SetMenuItemInfoA
LoadMenuA
ScreenToClient
SetCursor
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
IsIconic
IntersectRect
LoadCursorA
CharUpperA
GetDesktopWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
ReleaseCapture
IsWindow
GetSysColorBrush
gdi32
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
CreateSolidBrush
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
CreateFontA
GetTextColor
GetBkColor
CreateCompatibleBitmap
GetRgnBox
GetMapMode
Ellipse
LPtoDP
CreateEllipticRgn
shell32
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
DragFinish
DragQueryFileA
SHGetMalloc
version
GetFileVersionInfoA
VerQueryValueA
wsock32
recv
send
setsockopt
htons
connect
socket
closesocket
WSAStartup
bind
WSACleanup
comctl32
ImageList_Draw
ImageList_Destroy
ord17
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
_TrackMouseEvent
ImageList_GetImageInfo
shlwapi
SHAutoComplete
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
ole32
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
oleaut32
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
SysAllocStringLen
SysFreeString
SysAllocString
SysReAllocString
VariantClear
VariantChangeType
VariantInit
comdlg32
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
oledlg
ord8
Sections
.text Size: 300KB - Virtual size: 300KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 108KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 521B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ