fabookie | 37db6db82813ddc8eeb42c58553da2de[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

37db6db82813ddc8eeb42c58553da2de.exe
Size

1.3MB
MD5

37db6db82813ddc8eeb42c58553da2de
SHA1

9425c1937873bb86beb57021ed5e315f516a2bed
SHA256

65302460bbdccb8268bc6c23434bcd7d710d0e800fe11d87a1597fdedfc2a9c7
SHA512

0658f3b15a4084ae292a6c0640f4e88fe095a2b2471633ca97c78998ee664631156e9cea1bee3d5ac5428ca600c52495437468770fbda6143e11651e797298c9
SSDEEP

24576:HAFnWzNUe3a9nvOvk+/QBNFjmDWTe2c6Ek:yWzmeK9n2FQbFBTq4

Score

10^/10

fabookie

Malware Config

Signatures

Detect Fabookie payload 1 IoCs

resource	yara_rule
sample	family_fabookie

Fabookie family
fabookie

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37db6db82813ddc8eeb42c58553da2de.exe

Files

37db6db82813ddc8eeb42c58553da2de.exe
.exe windows:6 windows x64 arch:x64

0e0b1327b851d652046461e0a8be7593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LocalFree
GetLastError
FormatMessageW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetEvent
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
RaiseException
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
Sleep
OutputDebugStringA
RtlUnwind

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

SHGetFolderPathW

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetCredentials

crypt32

CryptUnprotectData

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e0b1327b851d652046461e0a8be7593

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

winhttp

crypt32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 24KB - Virtual size: 37KB

.pdata Size: 47KB - Virtual size: 47KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 572B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 24KB - Virtual size: 37KB

.pdata
Size: 47KB - Virtual size: 47KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 572B

.reloc
Size: 9KB - Virtual size: 9KB