DiskFucker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DiskFucker.exe
Size

242KB
MD5

c474b4841db959b842a5ef56faca24c3
SHA1

1ed59a2a4ee3df36158ad7027e08a7a3dd7bd984
SHA256

f92f6228c31d0db3fb066b4f1041a5ba2bbfc42c8ae6b5b2f129d3c85c07ee9c
SHA512

1af52c8094bec782f8f3c6c91e2765687b7dab6f2976c711acc7b09ed8a5ebd5b0674293ad0cb4dbcc5f3a77fdf2c01c39ce083da9d12c464dd2c4165f727758
SSDEEP

6144:kaSUs3R3EoKUAkPdCtPJwfwIM1HzTsUUNVPI8mr8y:RJMEoK3kPdPfi1HzQUUDKrF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DiskFucker.exe

Files

DiskFucker.exe
.exe windows:5 windows x86 arch:x86

9dd0adf5bf851f3dc20249af2934dfa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteW

version

VerQueryValueW

user32

CharNextW

oleaut32

VariantCopy

netapi32

NetWkstaGetInfo

advapi32

RegLoadKeyW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 235KB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE