fsquirt[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

fsquirt.exe
Size

164KB
MD5

73ac3004624cc2ae81bca7a2b9a3ffe2
SHA1

b962761fbb73be31aefa57b2d6186f81ee8425ee
SHA256

87a6ddeb377134081a1c0d4214262854ebdf6b4bf47e3af89af311c7fe1050ed
SHA512

6711595f07fbc13c3b154c989b08559f211fa86335c648d02f9307318b1867ede8cd75f253b1b043602c9e2249a3cb80829a0dec038a2294205941c48c856335
SSDEEP

1536:ryM0hnbE4jEhDjdcoJjEJyAvqvCAmHbqvmQy+/LhOiJch2nvUR7bmuKnvUPgqJCu:rfUnA/ZJcByJsHbJSxOhMmm78PgHHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fsquirt.exe

Files

fsquirt.exe
.exe windows:10 windows x64 arch:x64

cf9f329811ec0bb29fada59b7f004646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegGetValueW
RegSetValueExW

kernel32

IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
GetCurrentProcessId
GetLastError
CreateSemaphoreExW
CreateFileW
WriteFile
RaiseException
HeapFree
ResetEvent
CreateEventW
CreateThread
MulDiv
RemoveDirectoryW
LocalFree
PowerCreateRequest
PowerSetRequest
GetFileSizeEx
GetTickCount64
GetFileAttributesW
GetTempPath2W
CreateDirectoryW
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
ReadFile
WaitForMultipleObjects
GetOverlappedResult
HeapReAlloc
GetModuleHandleExW
GetProcessHeap
SetEvent
HeapAlloc
FormatMessageW
CreateMutexExW
GetSystemTimeAsFileTime

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
CreateFontIndirectW

user32

GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongPtrW
ReleaseDC
LoadImageW
SetTimer
SendDlgItemMessageW
SetWindowLongPtrW
EnableWindow
SendMessageW
KillTimer
PostQuitMessage
PostThreadMessageW
LoadStringW
CharNextW
MessageBoxW
ShowWindow
GetParent
PostMessageW
GetDlgItem
SetDlgItemTextW
GetWindowTextLengthW
SetWindowTextW
SetWindowLongW
SetForegroundWindow
MapWindowPoints
GetWindowRect
GetDC

msvcrt

_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
memmove
_XcptFilter
__CxxFrameHandler3
_acmdln
?what@exception@@UEBAPEBDXZ
exit
memmove_s
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_initterm
__setusermatherr
_ismbblead
_cexit
_CxxThrowException
_exit
_get_errno
_set_errno
rand_s
_amsg_exit
__getmainargs
??0exception@@QEAA@XZ
__set_app_type
_ui64tow_s
wcstoul
__C_specific_handler
_wcsicmp
memcpy_s
_vsnwprintf
memcpy
_callnewh
strcmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

comctl32

PropertySheetW
InitCommonControlsEx

shell32

ord155
SHGetKnownFolderItem
SHGetFolderPathW
SHGetDesktopFolder
ord190
SHCreateShellItemArrayFromIDLists
SHSetLocalizedName
SHBrowseForFolderW
ord258
SHCreateItemFromParsingName
ShellExecuteW
SHBindToParent
SHCreateItemFromIDList

comdlg32

CommDlgExtendedError
GetOpenFileNameW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathAddExtensionW
StrStrIA
ord174
PathFindFileNameW
StrFormatByteSizeW
PathCombineW
PathIsDirectoryW
StrRetToBufW

ws2_32

WSACleanup
getpeername
ioctlsocket
WSARecv
WSAGetOverlappedResult
WSASend
WSASetServiceW
listen
getsockname
bind
connect
WSAGetLastError
setsockopt
socket
closesocket
WSAStartup

mswsock

AcceptEx

ole32

OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoUninitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoInitializeEx
OleUninitialize
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream

bthprops.cpl

BluetoothEnableDiscovery
BluetoothGetDeviceInfo
BluetoothFindRadioClose
BluetoothFindFirstRadio
BluetoothAuthenticateDeviceEx

powrprof

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf9f329811ec0bb29fada59b7f004646

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

comctl32

shell32

comdlg32

shlwapi

ws2_32

mswsock

ole32

bthprops.cpl

powrprof

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 64KB - Virtual size: 62KB

.reloc Size: 4KB - Virtual size: 180B

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 64KB - Virtual size: 62KB

.reloc
Size: 4KB - Virtual size: 180B