FXSCOVER[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

FXSCOVER.exe
Size

284KB
MD5

7bde9375e86e8068362e92e4f5f4c942
SHA1

f25b4f95b763ab2b6440a8b5a66893de18e2092d
SHA256

8dc3f6332f5062fcb5b03c57b8b3379a711f18f0a69d5c3a79b588790555863f
SHA512

8ecb98f8f56cddec666c3e3d5f99f59c4751cb4af6482f2dfe05eaf8a45f89dd191847aa66a62b293db8d431413eb99a142aaeb132388850ffce8569118ff4b7
SSDEEP

6144:rtnmLMfBmsYO62xJ+w9Y4DDBv2WEV+QC7kLkgZQ7KgcYMu/:RnmoJmsL/WkDBOWEV/CskgZQhMu/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FXSCOVER.exe

Files

FXSCOVER.exe
.exe windows:10 windows x64 arch:x64

97d14d9ca0fd9b355fcf1f56d0df4a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegSetValueW
RegQueryValueExW
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

LoadLibraryW
FormatMessageW
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
ExpandEnvironmentStringsW
GetCommandLineW
ExpandEnvironmentStringsA
LoadLibraryExA
MulDiv
CreateDirectoryW
IsDebuggerPresent
DebugBreak
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
CloseThreadpoolTimer
OutputDebugStringW
ReleaseMutex
GetModuleFileNameW
SetErrorMode
GetEnvironmentVariableW
GetLocaleInfoW
GetFileAttributesW
GetLastError
CloseHandle
HeapSetInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
GetWindowsDirectoryW
GlobalLock
LocalUnlock
GetProfileStringW
LocalFree
FreeLibrary
GlobalUnlock
LocalLock
SetLastError
LocalAlloc
Sleep
GetStartupInfoW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetVersion
GetLocaleInfoEx
GetUserPreferredUILanguages
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GlobalFree
GlobalAlloc

gdi32

GetObjectW
SetBrushOrgEx
BitBlt
CreateCompatibleBitmap
SelectObject
GetCurrentObject
GetTextMetricsW
CreateCompatibleDC
GetEnhMetaFileBits
GetDeviceCaps
CreateEnhMetaFileW
CreateDCW
CloseEnhMetaFile
GetViewportOrgEx
WidenPath
RoundRect
CreateFontIndirectW
DeleteObject
CreatePenIndirect
LPtoDP
Ellipse
RectInRegion
Polygon
Rectangle
EndPath
EnumFontFamiliesW
GetWindowOrgEx
CreatePolygonRgn
PathToRegion
CreateRoundRectRgn
CreateEllipticRgnIndirect
BeginPath
CreateBrushIndirect
PatBlt
DPtoLP
CreatePen
GetTextExtentPoint32W
GetStockObject

user32

SetProcessDefaultLayout
LoadCursorW
LoadIconW
EnableWindow
MessageBoxW
RegisterWindowMessageW
CopyRect
LoadStringW
SendMessageW
EqualRect
ReleaseDC
SetWindowLongW
GetWindowDC
InSendMessage
InvalidateRect
SetRect
GetClientRect
IntersectRect
GetSysColor
UnionRect
CreateWindowExW
InflateRect
DestroyWindow
GetKeyState
ReleaseCapture
SetCursor
SetCapture
DrawFocusRect
GetCapture
OffsetRect
SetCaretPos
UpdateWindow
SystemParametersInfoW
GetSysColorBrush
IsClipboardFormatAvailable
AppendMenuW
DestroyCaret
SetFocus
CreateCaret
ClientToScreen
CreatePopupMenu
GetSystemMetrics
ScreenToClient
IsRectEmpty
GetMessagePos
PostMessageW
GetMenu
MoveWindow
GetDlgItem
GetParent
SetForegroundWindow
IsIconic
GetFocus
WinHelpW
GetWindowContextHelpId
GetWindowLongW
RegisterClipboardFormatW

mfc42u

ord2565
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord5687
ord6437
ord1777
ord4771
ord5702
ord852
ord4721
ord5245
ord5406
ord5077
ord2517
ord337
ord3761
ord1040
ord5887
ord2975
ord4473
ord2846
ord4523
ord1284
ord1286
ord1287
ord1122
ord1124
ord1126
ord626
ord624
ord1471
ord1443
ord6762
ord2925
ord1441
ord6457
ord1463
ord1505
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3484
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord4772
ord5062
ord2002
ord6070
ord4211
ord2211
ord2210
ord4533
ord3192
ord6287
ord4474
ord1574
ord4557
ord2900
ord877
ord1977
ord5807
ord3440
ord5602
ord371
ord2408
ord1410
ord3373
ord2014
ord6834
ord5821
ord3414
ord4833
ord1783
ord2812
ord3022
ord2895
ord5987
ord6174
ord946
ord5430
ord5527
ord5324
ord5411
ord5100
ord4733
ord5034
ord4840
ord4686
ord4678
ord1738
ord5009
ord5433
ord4843
ord4842
ord4864
ord5368
ord4727
ord1312
ord2064
ord5007
ord1309
ord5878
ord6331
ord3237
ord451
ord4319
ord5826
ord851
ord4176
ord6407
ord2420
ord336
ord1646
ord1874
ord1483
ord3675
ord940
ord2779
ord5933
ord5921
ord1379
ord1380
ord5949
ord445
ord927
ord433
ord4131
ord2767
ord2827
ord6821
ord5804
ord1259
ord6050
ord4436
ord620
ord4375
ord5543
ord4910
ord4919
ord5513
ord5548
ord5549
ord4777
ord6091
ord4467
ord3058
ord3554
ord4767
ord2060
ord5251
ord5214
ord5064
ord5666
ord961
ord6465
ord5435
ord3672
ord6777
ord5956
ord1361
ord3586
ord3595
ord3994
ord3353
ord483
ord2670
ord4977
ord4984
ord3140
ord3146
ord6769
ord2513
ord1752
ord5894
ord3254
ord5988
ord4732
ord3601
ord3282
ord6586
ord6880
ord1562
ord6609
ord2461
ord2898
ord2261
ord542
ord4295
ord2676
ord1677
ord1882
ord1442
ord4561
ord5905
ord3258
ord1166
ord3535
ord6440
ord1778
ord2393
ord5712
ord6614
ord665
ord1825
ord867
ord3774
ord1153
ord4599
ord3862
ord3783
ord1561
ord826
ord310
ord6392
ord2570
ord2409
ord2147
ord1869
ord6351
ord6632
ord4623
ord2177
ord4612
ord4609
ord3234
ord6839
ord4647
ord3830
ord2046
ord3314
ord1013
ord3312
ord4731
ord1392
ord2605
ord2571
ord4442
ord4621
ord6243
ord6131
ord6130
ord6133
ord3742
ord3879
ord2427
ord1647
ord3790
ord1991
ord2906
ord1006
ord1381
ord568
ord5449
ord5369
ord5366
ord5284
ord1734
ord1023
ord6108
ord6525
ord594
ord6173
ord2793
ord4234
ord4253
ord1353
ord3831
ord6773
ord3029
ord3359
ord2386
ord1754
ord2270
ord2186
ord6634
ord5467
ord4830
ord6661
ord4014
ord5654
ord5690
ord2519
ord4975
ord4974
ord4859
ord5662
ord5682
ord4780
ord3932
ord4946
ord5297
ord4712
ord4682
ord4690
ord4886
ord4901
ord4899
ord4881
ord4884
ord4879
ord2540
ord6252
ord2981
ord2012
ord4328
ord3256
ord1658
ord5880
ord464
ord1972
ord815
ord292
ord1921
ord3740
ord287
ord1025
ord2472
ord596
ord4586
ord4544
ord2595
ord6691
ord2466
ord1650
ord2449
ord3820
ord6127
ord2776
ord4297
ord6607
ord4671
ord6599
ord4668
ord6603
ord6138
ord4720
ord5244
ord1472
ord6276
ord1713
ord465
ord1575
ord1537
ord3516
ord1665
ord4273
ord2757
ord2754
ord2756
ord3437
ord966
ord3962
ord2199
ord2525
ord1904
ord1425
ord2328
ord2326
ord3180
ord2661
ord3177
ord381
ord3784
ord4553
ord4581
ord1499
ord1498
ord2531
ord488
ord3846
ord921
ord1225
ord4506
ord426
ord1838
ord5052
ord5042
ord6610
ord4124
ord4061
ord4707
ord5507
ord5483
ord1718
ord1724
ord1053
ord3409
ord6253
ord4459
ord2136
ord647
ord3908
ord4592
ord5093
ord5091
ord4806
ord5659
ord4784
ord5674
ord2750
ord2405
ord5704
ord3141
ord5521
ord5524
ord4774
ord4364
ord890
ord4703
ord5509
ord4797
ord4817
ord4633
ord3481
ord5420
ord2671
ord1674
ord2497
ord2644
ord1316
ord5839
ord3536
ord2920
ord2919
ord4461
ord387
ord1036
ord6379
ord2133
ord613
ord4565
ord6556
ord6806
ord2535
ord5656
ord5670
ord5701
ord2455
ord4345
ord5838
ord4422
ord2404
ord2643
ord6235
ord4743
ord832
ord2422
ord2023
ord4542
ord2589
ord2089
ord3751
ord4789
ord5229
ord4017
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord4365
ord4988
ord3888
ord598
ord1027
ord1340
ord5945
ord3278
ord3591
ord5614
ord6318
ord3916
ord659
ord4472
ord2653
ord6510
ord5873
ord6842
ord1337
ord3280
ord3593
ord5615
ord1388

msvcrt

_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
free
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcstok
tanf
_callnewh
malloc
wcsncmp
_wtol
tan
sin
memset
wcscmp
_XcptFilter
_itow
_wtoi
_wcsdup
wcsstr
_wcsupr
_wsplitpath_s
_vsnwprintf
__CxxFrameHandler4
_commode
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
wcschr
iswalpha
_CxxThrowException
atan2
cos
memcmp
memcpy

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

ShellAboutW
CommandLineToArgvW
SHGetFileInfoW
SHGetFolderPathAndSubDirW
SHGetFolderPathW
SHSetLocalizedName

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97d14d9ca0fd9b355fcf1f56d0df4a75

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comdlg32

shell32

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB