SftExtra[.]exe

Resubmissions

18/02/2024, 14:15

240218-rkvgmsbd93 3

17/02/2024, 15:20

240217-sq6mjagf55 3

Sharing

Copy URL Twitter E-mail

General

Target

SftExtra.exe
Size

8KB
MD5

41dd1d760584053847d6f173fc44058f
SHA1

f2d335d0e54235abe9cca21ca6163bfa54e27200
SHA256

247d78389495338246cc3bebab450ec580b8321c0f14db97a949bdc00b5b8912
SHA512

38ff74145a1d8ed2f3f8e04a3d217cfc1a8fa73cdd132677c78d5b9560f088dcab4657355db6faf440155c6454d6c0ebf6a27ddecc62c87dda3536e40e1fa264
SSDEEP

96:o9i8QcTYcTsEqtlgOGAuslYAZ3JXiSljFjA:yi8cE4lgalh3JyMJjA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SftExtra.exe

Files

SftExtra.exe
.exe windows:4 windows x86 arch:x86

b0a002e1d705ff6a08ced4c7b32abf07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

d3dcompiler_47

D3DDisassemble
D3DGetBlobPart
D3DGetInputAndOutputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflectLibrary
D3DSetBlobPart
D3DStripShader

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVAHD_CreateDevice
GetMonitorCapabilities
GetMonitorDisplayAreaPosition
GetNumberOfPhysicalMonitorsFromHMONITOR
SaveCurrentSettings
SetMonitorContrast
SetMonitorRedGreenOrBlueDrive
SetMonitorRedGreenOrBlueGain

kernel32

ApplicationRecoveryFinished
CreateRemoteThread
HeapSetInformation
IsValidLocaleName
ProcessIdToSessionId
RtlCaptureStackBackTrace
SetLocaleInfoA
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks

mscms

DisassociateColorProfileFromDeviceW
GetPS2ColorRenderingDictionary
InstallColorProfileW
SetColorProfileHeader
UninstallColorProfileA
WcsGetDefaultColorProfileSize
WcsGetDefaultRenderingIntent

ncrypt

BCryptDecrypt
BCryptDeriveKeyPBKDF2
BCryptDuplicateKey
BCryptGenerateKeyPair
BCryptOpenAlgorithmProvider
NCryptDecrypt
NCryptIsKeyHandle

rpcrt4

CStdStubBuffer_QueryInterface
NdrConformantArrayMarshall
NdrInterfacePointerFree
RpcBindingInqAuthInfoExW
RpcNsBindingInqEntryNameW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqIfW

shell32

ILFindLastID
ILGetSize
ILIsParent
PathGetShortPath
PifMgr_OpenProperties
SHGetSetFolderCustomSettings
SHLoadNonloadedIconOverlayIdentifiers
SHOpenWithDialog
SHSetTemporaryPropertyForItem

snmpapi

SnmpSvcSetLogType
SnmpUtilDbgPrint
SnmpUtilIdsToA
SnmpUtilMemFree
SnmpUtilOctetsCmp
SnmpUtilOidAppend
SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindListCpy

srvcli

NetFileEnum
NetFileGetInfo
NetServerComputerNameAdd
NetServerDiskEnum
NetServerSetInfo
NetSessionGetInfo
NetShareGetInfo

user32

AdjustWindowRectEx
ChildWindowFromPoint
InvalidateRect
SetWindowLongA
ShutdownBlockReasonDestroy
TranslateAcceleratorW

usp10

ScriptApplyDigitSubstitution
ScriptGetFontFeatureTags
ScriptGetFontLanguageTags
ScriptItemizeOpenType
ScriptPlaceOpenType
ScriptStringAnalyse
ScriptString_pSize
ScriptString_pcOutChars

wldap32

ber_bvdup
ber_free
ldap_compare_ext
ldap_compare_ext_sA
ldap_controls_freeW
ldap_get_values_lenW
ldap_next_entry

cr

XiTLQLKInJaiwWWb

Sections

.text
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b0a002e1d705ff6a08ced4c7b32abf07

Headers

DLL Characteristics

File Characteristics

Imports

d3dcompiler_47

dxva2

kernel32

mscms

ncrypt

rpcrt4

shell32

snmpapi

srvcli

user32

usp10

wldap32

cr

Sections

.text Size: 512B - Virtual size: 92B

.eh_fram Size: 512B - Virtual size: 56B

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 512B - Virtual size: 92B

.eh_fram
Size: 512B - Virtual size: 56B

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B