FastProxy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FastProxy.exe
Size

104KB
MD5

9b3754b3e6bccd7c32147e121e555b1a
SHA1

3df3382449b932d1f2a4f58e82dc2c904e929aea
SHA256

40b926b777fad47a8f83b87e1487349c5aad7f10fc8f068ad0f9f8ec55563998
SHA512

a2675e08e0eda1e4f5cd94e04b47788b125d4defc372d4d7f6f64ea4bc69a41de8c525bd8c03d935065538143ff846776d14098fd071bcad4b5dd6838d7b6cca
SSDEEP

3072:Gs9gLTw/xiAKMkxgPmQN72UDqi0T6GvAD:TgX2Mtq9s6qi0TRvc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FastProxy.exe

Files

FastProxy.exe
.exe windows:5 windows x86 arch:x86

5c3d56335b459f7494ee7437a03e3236

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SetThreadPriority
GetCurrentThread
lstrcmpiA
CreateEventW
WaitForMultipleObjectsEx
CancelIo
ResetEvent
SetEvent
CreateFileW
GetCurrentProcess
QueryPerformanceCounter
TerminateProcess
WaitForMultipleObjects
OpenProcess
CreateThread
lstrcpyA
GetCurrentProcessId
GetModuleFileNameA
Sleep
WaitForSingleObject
GetTickCount
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
SetStdHandle
WriteConsoleW
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryW
HeapReAlloc
HeapAlloc
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
LocalAlloc
SetFilePointer
LocalFree
SetLastError
GetModuleHandleA
GetVersionExW
LocalLock
LocalUnlock
PostQueuedCompletionStatus
LocalReAlloc
QueryPerformanceFrequency
SleepEx
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
OpenThread
GetCurrentThreadId
QueueUserAPC
CreateMutexA
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
RaiseException

user32

wsprintfW
wsprintfA

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey

ws2_32

getpeername
getsockname
connect
gethostbyname
accept
listen
WSAIoctl
setsockopt
sendto
WSACleanup
WSARecvFrom
closesocket
htons
inet_addr
socket
WSAGetLastError
WSAStartup
WSASend
WSASendTo
ntohs
shutdown
WSASocketA
WSACreateEvent
ioctlsocket
WSARecv
WSAGetOverlappedResult
bind

iphlpapi

GetAdaptersAddresses
GetBestInterface

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c3d56335b459f7494ee7437a03e3236

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 15KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 15KB

.reloc
Size: 7KB - Virtual size: 7KB