FXCRASHH[.]exe | Triage

Sharing

General

Target

FXCRASHH.exe
Size

17KB
MD5

3a76867560e21aa2ed3652be517e8f96
SHA1

6adf8785d589e760d6f5c396175d83ef510a0e93
SHA256

eeb97dcf54cf069714b471e2795d62cd3c6f4dc851d167827ca8446fc28d3ca0
SHA512

9a8012bf9e888f52c2a6128f43a8bf1b0a2fd15004e3ab8ee4ba2d970ebe6425bd62f0e1741ee5ce00199aa91a2e45582d66a7386f169d7bc329c9465fbd4a78
SSDEEP

384:8ndPwvAJJ0A5irGT0aHY3yJE+q3QQ4B/WTuygx:sBwIJJv5cjaHUlZQQ4BeCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FXCRASHH.exe

Files

FXCRASHH.exe
.exe windows:5 windows x86 arch:x86

feb9bebf646137f4ff73e503cbcb6361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
CloseHandle
CreateFileA
SetFilePointerEx
ExitProcess
IsProcessorFeaturePresent
GetModuleHandleA
SetFilePointer
DeviceIoControl
WriteFile
GetCurrentProcess
GetProcAddress
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

advapi32

CryptAcquireContextA
CryptGenRandom
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
AdjustTokenPrivileges

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ