KoftrFarm[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

KoftrFarm.exe
Size

9.4MB
MD5

b1ec219eb9231f29856c7f5bf834856f
SHA1

594aa55aefd4e46d34236c35b1d71a5ec7d88aa6
SHA256

08d9725d31203de8a308b7c7c46e9014cdf152941ed6f61df6731c2abed80fe9
SHA512

096446e3448fe48e1410a7941a13317ecf3f2b23ee98a605f515ffe8df3ae681dca25b13029fa6cd19e3bfb7f7854a56fda4f23d4212585d6783ed046135f5a3
SSDEEP

196608:KUHZojMYBpcRPJORRv6mm+Ir5+7cs9WzV4vq24VT9d6d:X5ojMqp+JqZM+GACzTa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KoftrFarm.exe

Files

KoftrFarm.exe
.exe windows:6 windows x64 arch:x64

349961b9e8986bc0742381075acbc1ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

lua54

luaL_checklstring

winmm

timeEndPeriod

crypt32

CertFindExtension

crypto-49

EVP_MD_CTX_new

ws2_32

setsockopt

bcrypt

BCryptGenRandom

spdlog

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ

fmt

??$snprintf_float@N@detail@v8@fmt@@YAHNHUfloat_specs@012@AEAV?$buffer@D@012@@Z

kernel32

DeleteCriticalSection
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RegisterClassExW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

ole32

CoSetProxyBlanket

oleaut32

SysAllocString

advapi32

CryptCreateHash

msvcp140

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

iphlpapi

GetAdaptersAddresses

wldap32

ord46

normaliz

IdnToAscii

d3d9

Direct3DCreate9

dbghelp

MiniDumpWriteDump

imm32

ImmSetCandidateWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

__p___argv

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_stat64

gdi32

GetDeviceCaps

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

349961b9e8986bc0742381075acbc1ba

Headers

DLL Characteristics

File Characteristics

Imports

lua54

winmm

crypt32

crypto-49

ws2_32

bcrypt

spdlog

fmt

kernel32

user32

ole32

oleaut32

advapi32

msvcp140

iphlpapi

wldap32

normaliz

d3d9

dbghelp

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

gdi32

wtsapi32

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 284KB

.data Size: - Virtual size: 27KB

.pdata Size: - Virtual size: 55KB

.vmp0 Size: - Virtual size: 6.8MB

.vmp1 Size: 9.4MB - Virtual size: 9.4MB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 284KB

.data
Size: - Virtual size: 27KB

.pdata
Size: - Virtual size: 55KB

.vmp0
Size: - Virtual size: 6.8MB

.vmp1
Size: 9.4MB - Virtual size: 9.4MB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 6KB - Virtual size: 5KB