CmdProc
FinalizeOVSCore
InitOVSCore
Static task
static1
1 signatures
General
-
Target
FreeVPN.exe
-
Size
3.1MB
-
MD5
4ed6543c73e759ee179dbe9695789bf8
-
SHA1
f4096c19328ef6dd1b03168524719245a0eefb5a
-
SHA256
8bab725accbd7999dd2d4aa4a5f822db0d9187223679295e61ca52147288c3a3
-
SHA512
2af5d77731fd03f7081b3dbb9869aa0a6151eb772841411b9d17ee206e1e070493e1b1e3a4e972e7fc5861a582676ac3dcc0bc0e29cf0defa9083087e3bd103e
-
SSDEEP
49152:YcYk8eDM5dcDvLy9nZKf2pebqMYi03SAmvVZxCMeMVnauNaSz7beTI1clv/guhJ2:YcYHHeGzR5oVZxJauNaSTclvJpgS
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource FreeVPN.exe
Files
-
FreeVPN.exe.exe windows:6 windows x86 arch:x86
2da2885283d19dcce0689809b27d3395
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
libcurl
curl_formfree
curl_slist_free_all
curl_formadd
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_easy_strerror
libeay32
ord2660
ord251
ord2996
ord3782
ord276
ord3783
ord501
ord2894
rasapi32
RasGetConnectStatusA
RasDialA
RasSetCredentialsA
RasDeleteEntryA
RasEnumConnectionsA
RasValidateEntryNameA
RasGetConnectionStatistics
RasSetEntryPropertiesA
RasHangUpA
kernel32
CreateFileA
LocalFileTimeToFileTime
ReadFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
SystemTimeToFileTime
SetLastError
SetEvent
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpA
GetCommandLineW
CreatePipe
WaitForSingleObject
CreateMutexA
CreateEventA
GetCurrentProcess
CreateProcessA
OpenProcess
GetTickCount
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
GlobalHandle
GlobalFree
FormatMessageA
lstrcmpW
lstrcmpiA
FindResourceA
GetLocaleInfoW
IsDBCSLeadByte
GetUserDefaultUILanguage
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateThread
TerminateThread
GetSystemTimeAsFileTime
TerminateProcess
SetCurrentDirectoryA
K32GetModuleBaseNameA
GetNativeSystemInfo
K32EnumProcesses
GetCurrentProcessId
K32EnumProcessModules
GetFileSize
lstrcpyA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
CreateDirectoryA
GetDriveTypeW
CreateProcessW
GetTimeZoneInformation
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
VirtualQuery
GetSystemInfo
RtlUnwind
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetVersionExW
GetVersion
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetTempPathW
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
GetFileType
GetCurrentDirectoryA
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetVersionExA
FormatMessageW
LocalFree
GetModuleFileNameA
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
MoveFileExW
RtlCaptureStackBackTrace
DeleteFileW
GetStdHandle
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetExitCodeProcess
SetConsoleCtrlHandler
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
Sleep
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExW
WideCharToMultiByte
WriteConsoleW
PeekNamedPipe
user32
SetWindowContextHelpId
AllowSetForegroundWindow
GetWindowThreadProcessId
MapDialogRect
PostMessageA
UnregisterClassA
FindWindowA
SetWindowRgn
LoadStringA
RegisterWindowMessageA
DrawAnimatedRects
DefWindowProcA
RegisterClassExA
GetForegroundWindow
AppendMenuA
CreateWindowExA
IsWindow
DestroyWindow
SetTimer
KillTimer
LoadMenuA
DestroyMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
SetActiveWindow
SetForegroundWindow
RedrawWindow
GetWindowRect
GetCursorPos
GetWindowLongA
SetWindowLongA
SetParent
EnumChildWindows
GetClassNameA
LoadIconA
DestroyIcon
CreatePopupMenu
CreateMenu
GetAsyncKeyState
GetActiveWindow
SendDlgItemMessageA
EndDialog
DialogBoxIndirectParamA
DialogBoxParamA
CreateDialogIndirectParamA
BringWindowToTop
PostQuitMessage
AttachThreadInput
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
LoadImageA
GetParent
GetDesktopWindow
SetRect
FillRect
GetSysColor
ScreenToClient
ClientToScreen
MessageBoxA
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextA
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsChild
GetClassInfoExA
CallWindowProcA
PostThreadMessageA
SendMessageA
wsprintfA
SystemParametersInfoA
GetWindow
advapi32
CloseServiceHandle
CryptGenRandom
CryptAcquireContextW
DuplicateTokenEx
RegDeleteKeyExA
RegQueryInfoKeyA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
EnumDependentServicesA
DeleteService
CreateServiceA
ControlService
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CreateProcessAsUserA
LookupAccountSidA
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
OpenProcessToken
ole32
OleInitialize
CreateStreamOnHGlobal
CoGetClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
CoUninitialize
OleLockRunning
OleSetContainedObject
OleCreate
OleUninitialize
shell32
SHGetSpecialFolderPathA
ShellExecuteExA
CommandLineToArgvW
ShellExecuteA
SHAppBarMessage
Shell_NotifyIconA
oleaut32
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantClear
DispCallFunc
comctl32
InitCommonControlsEx
gdi32
BitBlt
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectA
CreateRoundRectRgn
TextOutA
CreateCompatibleBitmap
psapi
GetModuleFileNameExA
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
urlmon
URLDownloadToFileA
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile
LoadUserProfileA
iphlpapi
GetAdaptersAddresses
ws2_32
htons
connect
select
WSAStartup
WSAAddressToStringA
send
recv
WSAGetLastError
__WSAFDIsSet
closesocket
inet_addr
socket
fwpuclnt
FwpmTransactionCommit0
FwpmSubLayerAdd0
FwpmSubLayerGetByKey0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmFilterDeleteByKey0
FwpmFreeMemory0
FwpmFilterAdd0
FwpmEngineClose0
Exports
Exports
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 235KB - Virtual size: 234KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ