EZFN Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EZFN Launcher.exe
Size

51.0MB
MD5

4cb5984592763658061f07e9b95061b2
SHA1

80ac6e0ae74397eee46e7359f5f50069e9891fe6
SHA256

bb2bfabd16d8015fdd757b83d17966c8277f35cf284e449488fc532d79246dfb
SHA512

368154f92472bc2baea0c3065d3e5a88d8ead15468d9fedf607627161cf0fb8a1939af68afb41c606a5245e15c86bf038f78bbe070ab7820556c377df98cbb55
SSDEEP

1572864:zvcbi+DTyV1xQCVls+/yhyvbi+nT3/PZ9WutsLz9Mcf:jJtls+KhiPZg/z9Mc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EZFN Launcher.exe

Files

EZFN Launcher.exe
.exe windows:6 windows x64 arch:x64

97805cdce3affe1b2873ec55f952400b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation
NtCreateFile
RtlGetNtVersionNumbers
NtDeviceIoControlFile
NtSuspendProcess
RtlPcToFileHeader
RtlUnwindEx
RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFile

kernel32

GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
lstrlenW
CreatePipe
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
Sleep
HeapReAlloc
HeapFree
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
OpenProcess
GetProcessId
GetSystemInfo
GetUserDefaultLocaleName
GetProcAddress
GetModuleHandleA
CopyFileExW
RemoveDirectoryW
CloseHandle
GetFileInformationByHandleEx
GlobalFree
GlobalAlloc
GetLastError
MultiByteToWideChar
GlobalUnlock
GlobalSize
GlobalLock
PostQueuedCompletionStatus
SetHandleInformation
FindClose
ReleaseSRWLockExclusive
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
InitializeSListHead
IsDebuggerPresent
GetSystemTimes
GetProcessIoCounters
GetProcessTimes
ReadProcessMemory
RaiseException
LocalFree
VirtualQueryEx
GlobalMemoryStatusEx
K32GetPerformanceInfo
FreeLibrary
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
SwitchToThread
AcquireSRWLockExclusive
LoadLibraryW
TlsSetValue
TryAcquireSRWLockExclusive
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
TlsFree

user32

LoadCursorW
SetCursor
ScreenToClient
CreateIcon
CreateMenu
AppendMenuW
GetMonitorInfoW
SetWindowPlacement
SetCapture
RedrawWindow
GetClientRect
PostThreadMessageW
CheckMenuItem
GetMessageA
DispatchMessageA
RegisterHotKey
SetMenuItemInfoW
ChangeDisplaySettingsExW
ShowCursor
ClipCursor
IsProcessDPIAware
MonitorFromWindow
EnumChildWindows
GetClipCursor
GetDC
GetMessageW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SendInput
GetTouchInputInfo
PostQuitMessage
UnregisterHotKey
VkKeyScanW
DefWindowProcW
TranslateMessage
RegisterClassExW
MonitorFromPoint
RegisterRawInputDevices
GetActiveWindow
CloseTouchInputHandle
TrackMouseEvent
DispatchMessageW
GetAsyncKeyState
FlashWindowEx
IsIconic
EnumDisplayMonitors
PeekMessageW
DestroyIcon
DestroyAcceleratorTable
ClientToScreen
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
SetForegroundWindow
MonitorFromRect
GetCursorPos
GetWindowLongPtrW
CreateAcceleratorTableW
GetSystemMenu
EnableMenuItem
MsgWaitForMultipleObjectsEx
PostMessageW
GetAncestor
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
SendMessageW
RegisterTouchWindow
IsWindow
GetRawInputData
ValidateRect
GetUpdateRect
MapVirtualKeyW
SetWindowDisplayAffinity
GetWindowTextW
GetWindowTextLengthW
GetForegroundWindow
SetWindowTextW
IsWindowVisible
SetMenu
ReleaseCapture
ShowWindow
GetKeyboardState
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetCursorPos
CloseClipboard
OpenClipboard
GetKeyState
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
DestroyWindow
WaitForInputIdle
GetSystemMetrics
SetClipboardData
SetWindowLongW

comctl32

RemoveWindowSubclass
DefSubclassProc
TaskDialogIndirect
SetWindowSubclass

pdh

PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW

advapi32

GetLengthSid
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
OpenProcessToken
IsValidSid
CopySid
GetTokenInformation

ole32

OleInitialize
RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal

shell32

DragQueryFileW
DragFinish
SHCreateItemFromParsingName
CommandLineToArgvW
SHAppBarMessage
SHGetKnownFolderPath
ShellExecuteW

bcrypt

BCryptGenRandom

ws2_32

closesocket
WSASocketW
ioctlsocket
connect
getsockopt
getsockname
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
WSAIoctl
recv
WSAGetLastError
bind
shutdown
WSASend
send
getpeername

secur32

DeleteSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
QueryContextAttributesW
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
FreeContextBuffer

crypt32

CertAddCertificateContextToStore
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenStore
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertCloseStore
CertGetCertificateChain
CertDuplicateCertificateChain

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

api-ms-win-crt-string-l1-1-0

strlen
_wcsicmp
wcslen
wcsncmp
strcpy_s

api-ms-win-crt-math-l1-1-0

trunc
floor
round
__setusermatherr
pow

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_seh_filter_exe
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
__p___argv
exit
_c_exit
_initialize_narrow_environment
abort
_initialize_onexit_table
_crt_atexit
_cexit
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47.5MB - Virtual size: 47.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97805cdce3affe1b2873ec55f952400b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

comctl32

pdh

advapi32

ole32

shell32

bcrypt

ws2_32

secur32

crypt32

psapi

powrprof

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 47.5MB - Virtual size: 47.5MB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 102KB - Virtual size: 101KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 47.5MB - Virtual size: 47.5MB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 102KB - Virtual size: 101KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 40KB - Virtual size: 39KB