dufs[.]exe | Triage

Resubmissions

24-04-2024 14:30

240424-rt9mxsbe65 3

24-04-2024 14:24

240424-rq4x9sbd84 3

Sharing

Copy URL

Twitter E-mail

General

Target

dufs.exe
Size

3.0MB
MD5

37a83b92061cad42e643e4d9e39e5704
SHA1

2a17a09c3c524072f805549333f42eac330de579
SHA256

d111f9182a4428a58f77439198b561eaab1bb12949fbfa30c91b96a10e37224e
SHA512

d4a28558bf08753a68705486a8682c8fab984fcf8f1200d768083e1e156dd42c5711fb966577e1052602c28dc9670cd3a65266ef11c44a1bdc04c82ba724369e
SSDEEP

24576:PZW6hYCYabDtppSQahHhEcMn7QyGlL/HsycTefPcOz1jkEJPi3dl46VurmejEdVl:wbHmCQEJUtLdV+Yit5IRFR9WGjfIrnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dufs.exe

Files

dufs.exe
.exe windows:6 windows x86 arch:x86

ed05c3a640af6964977a52b967154909

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SystemFunction036

kernel32

GetProcessHeap
HeapAlloc
HeapFree
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapReAlloc
SwitchToThread
GetCurrentProcessId
CloseHandle
FindClose
PostQueuedCompletionStatus
GetLastError
GetFileInformationByHandleEx
GetCurrentProcess
DuplicateHandle
SetFileInformationByHandle
CopyFileExW
MoveFileExW
TlsGetValue
TlsSetValue
GetTimeZoneInformationForYear
GetSystemInfo
SleepConditionVariableSRW
WakeAllConditionVariable
GetCommandLineW
SetLastError
GetModuleFileNameW
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetStdHandle
GetConsoleMode
SetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetProcAddress
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlCaptureContext
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
GetFileType
SetHandleInformation
WakeConditionVariable
CreateThread
SetConsoleCtrlHandler
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

bcrypt

BCryptGenRandom

ws2_32

getaddrinfo
freeaddrinfo
recv
WSACleanup
WSASend
ioctlsocket
listen
WSAStartup
send
bind
WSASocketW
accept
closesocket
shutdown
WSAIoctl
setsockopt
WSAGetLastError

iphlpapi

GetAdaptersAddresses

ntdll

NtReadFile
NtWriteFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile

vcruntime140

memcpy
memcmp
memmove
memset
__CxxFrameHandler3
_except_handler4_common
__current_exception_context
__current_exception

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

exit
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm_e
_controlfp_s
terminate
_exit
__p___argc
_wassert
_seh_filter_exe
_initterm
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 573KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ed05c3a640af6964977a52b967154909

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

bcrypt

ws2_32

iphlpapi

ntdll

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 573KB - Virtual size: 572KB

.data Size: 3KB - Virtual size: 4KB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 573KB - Virtual size: 572KB

.data
Size: 3KB - Virtual size: 4KB

.reloc
Size: 92KB - Virtual size: 91KB