FASMW[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FASMW.EXE
Size

156KB
MD5

26857e262f654b4710651af6993607f6
SHA1

4afb9a30348f48fca948a67c99c440fe9edb0e09
SHA256

21545ec23471668ffbe5124b83429e662d771141ef3393b99c5c556bd52aae33
SHA512

0c8758c8e45d50510690d010d941ec020d806de445fe99b6f1b2481b76216b765c374eec5a33cf67e539b3f49233cb0cee0799914d28985a2b245163ae6b399b
SSDEEP

3072:cAlbdK+re+w+gglZH/YvP2lZ073ByY2L05qa/VtYFcVY:cAl8+reBylZ2ef0rw05b/3DV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FASMW.EXE

Files

FASMW.EXE
.exe windows:1 windows x86 arch:x86

4916814448d90d779a8d62bb31bec028

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CloseHandle
lstrcmpiA
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
VirtualAlloc
VirtualFree
CreateThread
SetThreadPriority
TerminateThread
ExitThread
GetExitCodeThread
WaitForSingleObject
CreateMutexA
ReleaseMutex
CreateProcessA
GetEnvironmentVariableA
GetSystemTime
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
ExitProcess

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

RegisterClassA
CreateCaret
ShowCaret
SetCaretPos
DestroyCaret
BeginPaint
EndPaint
GetDC
GetUpdateRect
ReleaseDC
DrawTextA
FillRect
InvalidateRect
GetKeyboardState
ToAscii
GetScrollInfo
SetScrollInfo
SetCapture
ReleaseCapture
GetCursorPos
ClientToScreen
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
LoadCursorA
LoadIconA
LoadBitmapA
LoadMenuA
EnableMenuItem
CheckMenuItem
GetSubMenu
TrackPopupMenu
LoadAcceleratorsA
IsClipboardFormatAvailable
CharUpperA
wsprintfA
wvsprintfA
MessageBoxA
WinHelpA
DialogBoxParamA
GetDlgItem
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageA
EndDialog
FindWindowA
SetForegroundWindow
CreateWindowExA
DestroyWindow
GetWindowLongA
SetWindowLongA
DefWindowProcA
GetClientRect
GetWindowRect
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
ShowWindow
EnableWindow
UpdateWindow
SetFocus
GetSystemMetrics
GetSysColor
SendMessageA
GetMessageA
TranslateAccelerator
TranslateMessage
DispatchMessageA
PostMessageA
PostQuitMessage

gdi32

SetBkColor
SetTextColor
CreateSolidBrush
CreateFontA
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
GetObjectA
DeleteObject

comctl32

CreateStatusWindowA
ImageList_Create
ImageList_Add
ImageList_Destroy

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseFontA
ChooseColorA

shell32

DragAcceptFiles
DragQueryFile
DragFinish
ShellExecuteA

Sections

.data
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4916814448d90d779a8d62bb31bec028

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

comctl32

comdlg32

shell32

Sections

.data Size: 1KB - Virtual size: 42KB

.text Size: 141KB - Virtual size: 140KB

.bss Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 42KB

.text
Size: 141KB - Virtual size: 140KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 8KB