FuhDsBitchAsleep[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

FuhDsBitchAsleep.exe
Size

7.1MB
MD5

c2242b939f1c6fbfa6f8c98a84791f15
SHA1

28283bb2d6283bfc876349f976df2abb693d326c
SHA256

64e525cd85fe662e3852c60823038bffba31a7941846649a0c46f1a81aba9017
SHA512

b1b5d80b72e6e5b616fd2dfd3b593510005b7af6fb4053c5cb69806f3c57fefca6e61a8e60e24771046a0bef72130de8bfcb5195cd2954f62d9996a62174d84b
SSDEEP

196608:dmEaEo9gL+CmJyFoci1e5ExvMUpmKEPm6BJ2RxjNR6KBNc:sERo9gLisFa054vMUxEPlBJsjz6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FuhDsBitchAsleep.exe

Files

FuhDsBitchAsleep.exe
.exe windows:6 windows x64 arch:x64

dcf807b2d3e5d586e34b3fef5ddff514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDevice

ntdll

RtlCaptureContext

ws2_32

getsockopt

crypt32

CertFreeCertificateChain

advapi32

CryptHashData

kernel32

LoadLibraryExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetClipboardData
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ole32

CoSetProxyBlanket

oleaut32

SysAllocString

imm32

ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

bcrypt

BCryptGenRandom

wtsapi32

WTSSendMessageW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.svh0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.svh1
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcf807b2d3e5d586e34b3fef5ddff514

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

ntdll

ws2_32

crypt32

advapi32

kernel32

user32

ole32

oleaut32

imm32

d3dcompiler_47

bcrypt

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 2.4MB

.rdata Size: - Virtual size: 671KB

.data Size: - Virtual size: 1.3MB

.pdata Size: - Virtual size: 108KB

_RDATA Size: - Virtual size: 348B

.svh0 Size: - Virtual size: 3.4MB

.svh1 Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 512B - Virtual size: 200B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 2.4MB

.rdata
Size: - Virtual size: 671KB

.data
Size: - Virtual size: 1.3MB

.pdata
Size: - Virtual size: 108KB

_RDATA
Size: - Virtual size: 348B

.svh0
Size: - Virtual size: 3.4MB

.svh1
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 512B - Virtual size: 200B

.rsrc
Size: 1KB - Virtual size: 1KB