ffdroider | 0x000600000001413d-159[.]dat

Sharing

Copy URL

Twitter E-mail

General

Target

0x000600000001413d-159.dat
Size

4.6MB
MD5

a026d536a303ffb878a59e3fbecfa54f
SHA1

adec7d1bbbeb0165cc8467be53fd150a4a518c53
SHA256

06513f1517419cea31daa73ceb9ff9fbe6ffaa8bdd66d7e3af95b84c377c546a
SHA512

841b9296d45b0663a6673861520e0c903e4c891b2a8b2f5ecfb9b2af14278cc708d3fd2183d34168263470f88936d27ba9dbc0b8463bd8537b14ece5c54f97ed
SSDEEP

98304:yoR2I5wqk0BAX3yRx31gjqpSTZZpzGcyn4OiZrq1DfPHNADtV6v+D:5/lSZpzGp4O7NADtV6v+

Score

10^/10

ffdroider

Malware Config

Signatures

FFDroider payload 1 IoCs

Processes:

resource yara_rule

sample family_ffdroider
Ffdroider family
ffdroider
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0x000600000001413d-159.dat

resource	yara_rule
sample	family_ffdroider

resource
0x000600000001413d-159.dat

Files

0x000600000001413d-159.dat
.exe windows:5 windows x86 arch:x86

998dab0c316930f4fac9a23d65880975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\免杀\FbRobot_newEncrypt\FbRobot_newEncrypt\Release\FbRobot.pdb

Imports

kernel32

GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
VirtualFree
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InterlockedDecrement
TryEnterCriticalSection
InitializeCriticalSection
SwitchToThread
GetFullPathNameW
GetFullPathNameA
HeapCompact
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetVersionExW
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
SignalObjectAndWait
GetCurrentThreadId
CreateTimerQueue
LockFileEx
GetDiskFreeSpaceW
LoadLibraryExA
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FreeResource
GetModuleHandleA
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAddAtomW
lstrcpyW
EncodePointer
GlobalFindAtomW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindClose
DuplicateHandle
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTempFileNameW
VirtualProtect
GetProfileIntW
SearchPathW
FindResourceExW
GetUserDefaultLCID
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitThread
GetTimeZoneInformation
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetThreadTimes
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
DeleteFileW
GetTickCount
SetFilePointer
SetEndOfFile
Sleep
GetExitCodeThread
FindNextFileW
FindFirstFileW
CreateFileA
LoadLibraryExW
ReadFile
WideCharToMultiByte
GetVolumeInformationW
CopyFileW
CreateFileW
CreateDirectoryW
GetSystemDirectoryW
OutputDebugStringA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
CreateMutexW
CloseHandle
WriteFile
GetFileSize
WaitForSingleObject
TerminateThread
CreateThread
GetCurrentProcessId
GetCurrentProcess
VirtualQuery
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetPrivateProfileStringW
FindResourceW
LoadLibraryA
SizeofResource
LoadResource
GetProcAddress
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer

user32

GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
EqualRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
InvalidateRect
LoadCursorW
IntersectRect
RealChildWindowFromPoint
SendDlgItemMessageA
CopyImage
DeleteMenu
SetTimer
KillTimer
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBeep
SetLayeredWindowAttributes
SetRectEmpty
EnumDisplayMonitors
SetParent
MonitorFromPoint
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
UpdateLayeredWindow
GetUpdateRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
UpdateWindow
GetKeyNameTextW
SubtractRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
DestroyCursor
GetWindowRgn
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MessageBoxW
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDesktopWindow
SendMessageW
IsIconic
EnableWindow
GetSystemMetrics
GetSystemMenu
AppendMenuW
DrawIcon
GetClientRect
LoadIconW
wsprintfA
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
MapWindowPoints
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
CopyRect
GetMenuItemInfoW
DestroyMenu
UnhookWindowsHookEx
PtInRect
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
CreateAcceleratorTableW
GetSysColorBrush
RegisterClassW

gdi32

GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetPixel
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
CopyMetaFileW
Polygon
Polyline
GetTextMetricsW
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
DeleteDC
GetClipBox
ExcludeClipRect
Escape
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
DeleteObject
CreateSolidBrush
CreateRectRgn
CombineRgn
GetObjectType
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCW
OffsetViewportOrgEx
CreatePolygonRgn
GetTextFaceW
SetPixelV
GetWindowOrgEx
LPtoDP
GetViewportOrgEx

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW

ole32

CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
CLSIDFromString
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRun
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoInitialize
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFileExistsW
PathRemoveFileSpecW

uxtheme

OpenThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
CloseThemeData

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream

ws2_32

WSAStartup
socket
send
recv
listen
htons
htonl
closesocket
accept
bind

winhttp

WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpOpen
WinHttpReceiveResponse

quartz

AMGetErrorTextW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

998dab0c316930f4fac9a23d65880975

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

uxtheme

oledlg

gdiplus

ws2_32

winhttp

quartz

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 489KB - Virtual size: 489KB

.data Size: 70KB - Virtual size: 109KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 160KB - Virtual size: 159KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 489KB - Virtual size: 489KB

.data
Size: 70KB - Virtual size: 109KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 160KB - Virtual size: 159KB