Backdoor[.]Win32[.]Finfish[.]yv-a5e84362b0c0e77d60c1a0fac150bb269e6f08b60c235c2f0de27515da79e409

Sharing

Copy URL Twitter E-mail

General

Target

Backdoor.Win32.Finfish.yv-a5e84362b0c0e77d60c1a0fac150bb269e6f08b60c235c2f0de27515da79e409
Size

5.4MB
MD5

bd752bd310ff1c5b8ddd4bca470b7242
SHA1

b9113aa4fed21c72f8697351e2f5fb2661343141
SHA256

a5e84362b0c0e77d60c1a0fac150bb269e6f08b60c235c2f0de27515da79e409
SHA512

06c8c0bae0f72aadfea3c9bc87782c17c2f56b3f88bd706dedcd973ae9dc31a9408022574522137b47ded35cce4f87f2b13db70c37873fc4b559a4f7155272c4
SSDEEP

98304:emhd1UryeBF+NBi40xmKGV7wQqZUha5jtSyZIUh:elPM85G2QbaZtliU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.Finfish.yv-a5e84362b0c0e77d60c1a0fac150bb269e6f08b60c235c2f0de27515da79e409

Files

Backdoor.Win32.Finfish.yv-a5e84362b0c0e77d60c1a0fac150bb269e6f08b60c235c2f0de27515da79e409
.exe windows:5 windows x86 arch:x86

95122753ea27818b35f9b51859e4c692

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
lstrlenW
WideCharToMultiByte
MoveFileExW
GetTempFileNameW
GetTempPathW
DeleteFileW
MoveFileW
WriteFile
ReadFile
GetFileSize
CreateFileW
SetFileAttributesW
GetModuleFileNameW
GetComputerNameA
GetSystemTime
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
GetStringTypeW
SetStdHandle
WriteConsoleW
SetEndOfFile
GetProcessHeap
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleHandleA
CreateProcessW
LoadLibraryW
SystemTimeToFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
TlsFree
GetProcAddress

user32

FlashWindow

advapi32

CreateServiceW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
GetUserNameW
GetUserNameA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathIsRootW
PathAddExtensionW
PathAppendW
PathRemoveExtensionW
PathFileExistsW

Sections

.text
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l2
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95122753ea27818b35f9b51859e4c692

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 351KB - Virtual size: 350KB

.rdata Size: 368KB - Virtual size: 368KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.l2 Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 351KB - Virtual size: 350KB

.rdata
Size: 368KB - Virtual size: 368KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.l2
Size: 1.2MB - Virtual size: 1.2MB