ffdroider | 04a40ba8eba39bcbb36f5406e1d77711d46a0fb759db46e7e06922d2f1245bcc

Sharing

Copy URL

Twitter E-mail

General

Target

04a40ba8eba39bcbb36f5406e1d77711d46a0fb759db46e7e06922d2f1245bcc
Size

4.1MB
MD5

6e5726c6a030712eb642c81c7fce36cf
SHA1

dd5b8e3f6c82781420bcdb84022f9182f215e734
SHA256

04a40ba8eba39bcbb36f5406e1d77711d46a0fb759db46e7e06922d2f1245bcc
SHA512

e91ca9ce7bf57129f60e603a9d0de7ee2444c50e1f7177196243d816dedb04efa3845446674c99a4e689ff961d0afc9536c3680987332f2da845ab5d444ba1e4
SSDEEP

98304:T5WIdmJwF4r2TTFk3r9pb7dUkNm5CPfQ1qQ2W4OiZrq1DfPHNADtV6v+sYJ:s4LXS3BdQ1qQZ4O7NADtV6v+VJ

Score

10^/10

ffdroider

Malware Config

Extracted

Family

ffdroider

http://152.32.228.19

Signatures

FFDroider payload 1 IoCs

resource	yara_rule
sample	family_ffdroider

Ffdroider family
ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a40ba8eba39bcbb36f5406e1d77711d46a0fb759db46e7e06922d2f1245bcc

Files

04a40ba8eba39bcbb36f5406e1d77711d46a0fb759db46e7e06922d2f1245bcc
.exe windows:5 windows x86 arch:x86

54e54f7bdb96eda1caeb7597ab9a2189

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\FbRobot\Release\FbRobot.pdb

Imports

kernel32

GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
VirtualFree
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
InterlockedDecrement
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
SwitchToThread
GetCurrentThreadId
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
FlushFileBuffers
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
GetVersionExW
FormatMessageW
InitializeCriticalSection
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
SystemTimeToFileTime
UnmapViewOfFile
SignalObjectAndWait
GetVersionExA
CreateTimerQueue
MapViewOfFile
TryEnterCriticalSection
LoadLibraryExA
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAddAtomW
GetModuleHandleA
FreeResource
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
lstrcpyW
EncodePointer
GlobalFindAtomW
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindClose
DuplicateHandle
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SearchPathW
GetProfileIntW
GetTempFileNameW
VirtualProtect
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitProcess
GetModuleHandleExW
ExitThread
GetTimeZoneInformation
GetCommandLineW
RtlUnwind
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateSemaphoreW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetStringTypeW
ReadConsoleW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetThreadTimes
HeapCompact
GetFullPathNameA
GetFullPathNameW
GetTickCount
SetEndOfFile
GetExitCodeThread
Sleep
FindNextFileW
LoadLibraryExW
FindFirstFileW
CreateFileA
GetVolumeInformationW
GetCurrentProcessId
DeleteFileW
GetModuleFileNameA
GetModuleFileNameW
CopyFileW
WideCharToMultiByte
GetSystemDirectoryW
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
VirtualQuery
CreateMutexW
GetFileSize
OutputDebugStringA
TerminateProcess
TerminateThread
LoadLibraryW
FreeLibrary
CreateThread
CloseHandle
CreateFileW
ReadFile
WriteFile
OutputDebugStringW
SetFilePointer
LockResource
LoadLibraryA
GetProcAddress
MultiByteToWideChar
SizeofResource
GetPrivateProfileStringW
LoadResource
FindResourceW
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

user32

GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
EqualRect
SetWindowLongW
GetClassLongW
GetTopWindow
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
LoadCursorW
RealChildWindowFromPoint
CopyImage
DeleteMenu
SetTimer
KillTimer
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
DestroyIcon
CharUpperW
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
MessageBeep
SetRectEmpty
IntersectRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
SetCursorPos
SetRect
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
SendDlgItemMessageA
GetUpdateRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
CharUpperBuffW
ToUnicodeEx
GetKeyboardLayout
GetCapture
MapVirtualKeyW
CreateAcceleratorTableW
FrameRect
PostThreadMessageW
GetKeyNameTextW
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
DestroyCursor
CreateMenu
GetWindowRgn
HideCaret
InvertRect
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
ValidateRect
GetKeyState
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
FillRect
DrawFocusRect
GetSysColor
MapWindowPoints
RedrawWindow
SetWindowRgn
DrawStateW
IsWindowVisible
DrawFrameControl
DrawEdge
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
ScreenToClient
ClientToScreen
GetCursorPos
GetWindowRect
IsWindow
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
MessageBoxW
GetDesktopWindow
EnableWindow
SendMessageW
GetSystemMetrics
AppendMenuW
LoadIconW
GetClientRect
DrawIcon
IsIconic
GetSystemMenu
wsprintfA
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
CopyRect
GetMenuItemInfoW
DestroyMenu
GetClassNameW
InvalidateRect
UpdateWindow
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetKeyboardState
SetActiveWindow
GetSysColorBrush

gdi32

BitBlt
CreateCompatibleDC
CreatePen
CreatePatternBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
Polygon
GetTextMetricsW
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
CopyMetaFileW
ScaleWindowExtEx
CreateFontIndirectW
CreateRoundRectRgn
CreateCompatibleBitmap
CreateDIBSection
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
GetRgnBox
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
DeleteDC
CreatePolygonRgn
ExtTextOutW
PatBlt
GetTextExtentPoint32W
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
MoveToEx
Polyline
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
CreateBitmap
GetDeviceCaps
CreateDCW
GetObjectW
ScaleViewportExtEx
GetTextFaceW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
ShellExecuteW
SHGetFolderPathA

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFileExistsW
StrFormatKBSizeW

uxtheme

GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipAlloc
GdipBitmapUnlockBits
GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipBitmapLockBits

ws2_32

WSAStartup
htonl
accept
listen
send
closesocket
socket
bind
recv
htons

wininet

InternetQueryOptionW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpReadData
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpCrackUrl

quartz

AMGetErrorTextW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 2.1MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 477KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

54e54f7bdb96eda1caeb7597ab9a2189

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msimg32

comctl32

shlwapi

uxtheme

oledlg

gdiplus

ws2_32

wininet

winhttp

quartz

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 2.1MB - Virtual size: 2.2MB

.rdata Size: 477KB - Virtual size: 480KB

.data Size: 46KB - Virtual size: 88KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 156KB - Virtual size: 156KB

.text
Size: 2.1MB - Virtual size: 2.2MB

.rdata
Size: 477KB - Virtual size: 480KB

.data
Size: 46KB - Virtual size: 88KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 156KB - Virtual size: 156KB