FfR0c[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FfR0c.exe
Size

21.8MB
MD5

de67839f414fd4ba6c600a8a6dccd8bc
SHA1

c1692d24309f41f18ac5b2cbb7191cb575f2ae26
SHA256

3779800f4271dbe635f3519d1a44196531205cf9d5130567903216003d706f21
SHA512

e0a72e9ff2c5542e3fa020ad5fa4889aa32e031fc6a23c885ba9633ba3777102d3470d21653206e591d89da881c49ac2e672c8187187e95fb37ca2b601840244
SSDEEP

393216:YYitJ4HOrob6U8mqXlJKjaUhP0MIV5AnYsamD4:YYit+RN8mqlJkaqchnBsa24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FfR0c.exe

Files

FfR0c.exe
.exe windows:6 windows x64 arch:x64

c1691466e22076c9a842d1eb4f44d056

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoCreateInstance

oleaut32

SysAllocString

kernel32

CheckRemoteDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

BlockInput

shell32

ShellExecuteW

advapi32

CloseServiceHandle

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ws2_32

WSACleanup

urlmon

URLDownloadToFileW

ntdll

NtQuerySystemInformation

vcruntime140

_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

_aligned_free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

strtod

Sections

��Ɔ�P�8
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

A0�R�
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

-�+B��
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

祝�ѤIV
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�٢��H
Size: - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�)&��2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gݗ��0;
Size: - Virtual size: 38B

�if;f�
Size: - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��YA/"
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��-X��K�
Size: 21.8MB - Virtual size: 21.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��"�P
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1691466e22076c9a842d1eb4f44d056

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

kernel32

user32

shell32

advapi32

msvcp140

ws2_32

urlmon

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

��Ɔ�P�8 Size: - Virtual size: 680KB

A0�R� Size: - Virtual size: 202KB

-�+B��� Size: - Virtual size: 1.5MB

祝�ѤIV Size: - Virtual size: 23KB

�٢���H Size: - Virtual size: 40B

�)&���2 Size: - Virtual size: 4KB

gݗ���0; Size: - Virtual size: 38B

�if;f� Size: - Virtual size: 13.1MB

���YA/" Size: 9KB - Virtual size: 8KB

��-X��K� Size: 21.8MB - Virtual size: 21.8MB

��"�P Size: 512B - Virtual size: 422B

��Ɔ�P�8
Size: - Virtual size: 680KB

A0�R�
Size: - Virtual size: 202KB

-�+B��
Size: - Virtual size: 1.5MB

祝�ѤIV
Size: - Virtual size: 23KB

�٢��H
Size: - Virtual size: 40B

�)&��2
Size: - Virtual size: 4KB

gݗ��0;
Size: - Virtual size: 38B

�if;f�
Size: - Virtual size: 13.1MB

��YA/"
Size: 9KB - Virtual size: 8KB

��-X��K�
Size: 21.8MB - Virtual size: 21.8MB

��"�P
Size: 512B - Virtual size: 422B