ffdroider | fb3bc18401f7cc5a5b426209cbf968c2

Sharing

Copy URL

Twitter E-mail

General

Target

fb3bc18401f7cc5a5b426209cbf968c2
Size

5.3MB
MD5

fb3bc18401f7cc5a5b426209cbf968c2
SHA1

670d97d270669c2e721d9940fe83fb0db9431edf
SHA256

40d7ead8c2b3f512f490edf1c2ac207bafca3bbc1def3bbda44fe855ef1fb9f3
SHA512

cd5b4502baf74556b7e6cfb7348e2af1537f7296ae343bb9b005748c51cd78764fd02036621565e655e58a67fb78b6cee55419b90ab68fb2011543ba2be2d931
SSDEEP

98304:brbMvQuxQBQe4dbR0zWRLFphiHvQ/qpyr0k88suiO+QahI+iZ7q1zPPXNAjtVa/u:X+fei5suiO+QCI+7NAjtVa/u

Score

10^/10

ffdroider

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider payload 1 IoCs

resource	yara_rule
sample	family_ffdroider

Ffdroider family
ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb3bc18401f7cc5a5b426209cbf968c2

Files

fb3bc18401f7cc5a5b426209cbf968c2
.exe windows:5 windows x86 arch:x86

839c1aedd6535cf1f305e31ff0f865f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetLogicalProcessorInformation
CreateTimerQueueTimer
LoadLibraryExA
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FreeResource
GetModuleHandleA
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
ChangeTimerQueueTimer
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAddAtomW
lstrcpyW
EncodePointer
GlobalFindAtomW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindClose
DuplicateHandle
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTempFileNameW
VirtualProtect
GetProfileIntW
SearchPathW
FindResourceExW
GetUserDefaultLCID
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitThread
GetTimeZoneInformation
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetThreadTimes
DeleteFiber
GlobalMemoryStatus
ConvertFiberToThread
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
VirtualFree
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InterlockedDecrement
TryEnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetFullPathNameW
GetFullPathNameA
HeapCompact
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetVersionExW
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
DeleteFileW
GetTickCount
SetFilePointer
SetEndOfFile
Sleep
GetExitCodeThread
FindNextFileW
FindFirstFileW
CreateFileA
LoadLibraryExW
ReadFile
WideCharToMultiByte
GetVolumeInformationW
CopyFileW
CreateFileW
CreateDirectoryW
GetSystemDirectoryW
OutputDebugStringA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
CreateMutexW
CloseHandle
WriteFile
GetFileSize
WaitForSingleObject
TerminateThread
CreateThread
GetCurrentProcessId
GetCurrentProcess
VirtualQuery
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetPrivateProfileStringW
FindResourceW
LoadLibraryA
SizeofResource
LoadResource
GetProcAddress
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer

user32

SetTimer
KillTimer
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBeep
SetLayeredWindowAttributes
SetRectEmpty
EnumDisplayMonitors
SetParent
MonitorFromPoint
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
UpdateLayeredWindow
GetUpdateRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
GetKeyNameTextW
SubtractRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
DestroyCursor
GetWindowRgn
GetProcessWindowStation
GetUserObjectInformationW
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
SetWindowTextW
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
DeleteMenu
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
CopyRect
GetMenuItemInfoW
DestroyMenu
UnhookWindowsHookEx
PtInRect
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MessageBoxW
CheckDlgButton
GetDesktopWindow
SendMessageW
IsIconic
EnableWindow
GetSystemMetrics
GetSystemMenu
AppendMenuW
DrawIcon
GetClientRect
LoadIconW
wsprintfA
CopyImage
SendDlgItemMessageA
RealChildWindowFromPoint
IntersectRect
LoadCursorW
InvalidateRect
GetWindowPlacement
IsDialogMessageW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
EndDeferWindowPos
EqualRect
AdjustWindowRectEx

gdi32

SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
ExtSelectClipRgn
Polygon
SetPolyFillMode
GetTextMetricsW
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
DeleteDC
SelectClipRgn
SaveDC
RestoreDC
RectVisible
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateDCW
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
GetLayout
SetLayout
PtInRegion
SetMapMode
SetBkMode
SetBkColor
SelectPalette
Polyline
SelectObject
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreatePolygonRgn
CopyMetaFileW
GetTextFaceW
SetPixelV
GetWindowOrgEx
LPtoDP
GetViewportOrgEx

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFileInfoW
SHAppBarMessage
ShellExecuteW
DragQueryFileW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
DragFinish
SHGetMalloc
SHGetPathFromIDListW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
OleRun
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

comctl32

InitCommonControlsEx

shlwapi

StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

oledlg

OleUIBusyW

gdiplus

GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize

ws2_32

recv
send
WSASetLastError
WSAGetLastError
WSACleanup
closesocket
WSAStartup

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders

quartz

AMGetErrorTextW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

839c1aedd6535cf1f305e31ff0f865f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

oledlg

gdiplus

ws2_32

winhttp

quartz

oleacc

imm32

winmm

winspool.drv

crypt32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 256KB - Virtual size: 256KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 256KB - Virtual size: 256KB