EZFN Launcher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

EZFN Launcher.exe
Size

40.0MB
MD5

640fdf423aa9c37ccbe033f14df3ef5a
SHA1

67f0a20574792ddb652b594b1edc66c9a2a6eae1
SHA256

ffb2de31ecd359799fbe0dc46bf4384b0bdac3247375db3e84d561001b57bca3
SHA512

cfd86a27cde781661b6e68021c7e3be265638f0e0b4570511e821693ee31b760341eddfb9c9b59141358234551492d69b4efc1f8f3091cd38698b835418173da
SSDEEP

786432:7qRz4reGQXGTEgIi+kTpbu2eGcDKoW6M+edE:rIbi+kTlu/HKoXzedE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EZFN Launcher.exe

Files

EZFN Launcher.exe
.exe windows:6 windows x64 arch:x64

49404fb54814d19b09755bc6ddd1eede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Joe\Documents\GitHub\tauri-windows-launcher\launcher\src-tauri\target\release\deps\ezfn.pdb

Imports

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
NtCreateFile
NtWriteFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlVirtualUnwind
NtSuspendProcess
RtlGetVersion
RtlPcToFileHeader
RtlGetNtVersionNumbers
RtlUnwindEx
NtReadFile

kernel32

GlobalLock
GetUserDefaultLocaleName
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetCurrentThread
CreateThread
GetUserDefaultUILanguage
WriteConsoleW
LoadLibraryW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
GetFullPathNameW
ExitProcess
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
WakeConditionVariable
WakeAllConditionVariable
MultiByteToWideChar
SleepEx
WriteFileEx
FormatMessageW
SetFilePointerEx
SetFileInformationByHandle
Sleep
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
GlobalFree
lstrlenW
SetLastError
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
K32GetPerformanceInfo
GlobalMemoryStatusEx
GlobalAlloc
CreateEventW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
FreeLibrary
LoadLibraryExA
GetSystemInfo
GetProcAddress
LoadLibraryExW
GetModuleHandleA
AcquireSRWLockShared
GetEnvironmentVariableW
SleepConditionVariableSRW
GetCurrentProcess
DuplicateHandle
CreatePipe
ReleaseSRWLockShared
GlobalSize
GetProcessId
GlobalUnlock
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDiskFreeSpaceExA
SetFileTime
GetStdHandle
GetModuleHandleW
WaitForSingleObject
TerminateProcess
OpenProcess
UnhandledExceptionFilter
GetCurrentThreadId
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
InitializeSListHead
IsDebuggerPresent
RaiseException
EncodePointer
LocalFree
TlsFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
GetCurrentProcessId
ReadProcessMemory
VirtualQueryEx
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimes
SetHandleInformation
GetProcessTimes
TlsSetValue
LCIDToLocaleName
MoveFileExW
SetFileAttributesW
GetConsoleMode
GetFileInformationByHandle
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult

dwmapi

DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea

user32

ScreenToClient
MonitorFromPoint
GetMessageA
IsProcessDPIAware
CloseTouchInputHandle
SetCursor
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
UnregisterHotKey
GetWindowTextLengthW
RegisterHotKey
CreateAcceleratorTableW
VkKeyScanW
MapVirtualKeyExW
GetKeyState
DispatchMessageA
GetKeyboardState
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
EnableMenuItem
GetSystemMenu
GetWindowTextW
ShowWindow
SetWindowLongW
SendMessageW
DestroyIcon
DestroyAcceleratorTable
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
SetForegroundWindow
EnumChildWindows
SendInput
RegisterClipboardFormatW
TrackMouseEvent
MonitorFromWindow
SetMenuItemInfoW
SetWindowTextW
CloseClipboard
SetClipboardData
CheckMenuItem
GetMonitorInfoW
EmptyClipboard
CreateMenu
SetWindowPos
GetDC
GetClipboardData
ClientToScreen
LoadCursorW
AppendMenuW
IsClipboardFormatAvailable
PostQuitMessage
ValidateRect
OpenClipboard
GetTouchInputInfo
RedrawWindow
GetWindowLongW
GetRawInputData
GetClientRect
ToUnicodeEx
GetKeyboardLayout
GetCursorPos
CreateIcon
GetAsyncKeyState
PostMessageW
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
SetCursorPos
GetForegroundWindow
IsIconic
FlashWindowEx
GetActiveWindow
SetMenu
ReleaseCapture
WaitForInputIdle
DispatchMessageW
TranslateMessage
GetUpdateRect
PeekMessageW
PostThreadMessageW

ole32

RevokeDragDrop
CreateStreamOnHGlobal
OleInitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
CoTaskMemAlloc
CoUninitialize

comctl32

TaskDialogIndirect
SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

shell32

DragQueryFileW
ShellExecuteW
SHGetKnownFolderPath
DragFinish
SHCreateItemFromParsingName
CommandLineToArgvW
SHAppBarMessage

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

advapi32

OpenProcessToken
GetTokenInformation
SystemFunction036
IsValidSid
CopySid
GetLengthSid
RegCloseKey
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegQueryValueExW
RegOpenKeyExW
RegGetValueW

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

uxtheme

SetWindowTheme

secur32

AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage
ApplyControlToken
FreeContextBuffer
InitializeSecurityContextW
EncryptMessage

ws2_32

freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
closesocket
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

pdh

PdhOpenQueryA
PdhAddEnglishCounterW
PdhCollectQueryData
PdhRemoveCounter
PdhCloseQuery
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
trunc
floor
pow

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
_set_new_mode
malloc
free

api-ms-win-crt-string-l1-1-0

wcslen
strcpy_s
strlen
wcsncmp
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initialize_onexit_table
_register_onexit_function
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
abort
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30.8MB - Virtual size: 30.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49404fb54814d19b09755bc6ddd1eede

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

dwmapi

user32

ole32

comctl32

shell32

gdi32

advapi32

oleaut32

uxtheme

secur32

ws2_32

crypt32

bcrypt

psapi

pdh

powrprof

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.7MB - Virtual size: 8.7MB

.rdata Size: 30.8MB - Virtual size: 30.8MB

.data Size: 16KB - Virtual size: 28KB

.pdata Size: 452KB - Virtual size: 451KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 8.7MB - Virtual size: 8.7MB

.rdata
Size: 30.8MB - Virtual size: 30.8MB

.data
Size: 16KB - Virtual size: 28KB

.pdata
Size: 452KB - Virtual size: 451KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 65KB - Virtual size: 64KB