F[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

F.exe
Size

448KB
MD5

af3b136f784ec3a8ca1022bf855b3df9
SHA1

87862e5899e38bef0de9b7ff6e5b7e95a1f2ae07
SHA256

dbcb65c8a0fd4ac234d91371765d1c3b6c091d27631c13b74a78938f2d4d2be4
SHA512

f0f9856bdf66ff4e73c2dc5692ac6985b96f8cccafca4902ea0318ec80c4b7d5064d7ecf6a3f981cd63e0e427682ebac3d5d2a3cc2beac9b56d5b701515272a6
SSDEEP

6144:/86X8qRLtQQ3moqAgq7of9AjM6ZreJhlQYBdYHQauZ47RY:Uu/WQ0fsql56QauZ47RY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
F.exe

Files

F.exe
.exe windows:1 windows x86 arch:x86

6263d3881dfe3f4052e489f924ebff5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

CreatePalette
CreateSolidBrush
ExtCreatePen
SelectObject
CreatePen
StretchBlt
CreateCompatibleDC

user32

MessageBoxA
LoadIconW
LoadCursorW
GetSystemMetrics
InvalidateRect
TranslateMessage
RegisterWindowMessageW
GetMessageW
MessageBoxW
GetDC
DefWindowProcW
SetWindowPos
PostQuitMessage
LoadBitmapW
ShowWindow
DispatchMessageW
RegisterClassExW
CreateWindowExW

kernel32

ReleaseSemaphore
CreateSemaphoreA
GetEnvironmentVariableA
GetTimeZoneInformation
MultiByteToWideChar
LCMapStringA
GlobalAlloc
GlobalFree
GetStringTypeW
WideCharToMultiByte
DeleteFileA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetHandleCount
GetLocaleInfoA
IsValidCodePage
GetUserDefaultLCID
GetSystemInfo
ReadFile
WriteFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetFileType
InterlockedExchange
RaiseException
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
SetUnhandledExceptionFilter
GetStdHandle
WriteConsoleA
FindFirstFileA
FindClose
FileTimeToDosDateTime
FindNextFileA
RtlUnwind
HeapReAlloc
GetTickCount
GetProcessHeap
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
GetPrivateProfileStringA
GetVersion
GetSystemDirectoryA
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetCommandLineA
GetModuleFileNameW
Sleep
ExitProcess
CreateProcessW
lstrcpyW
GetLastError
TerminateThread
TerminateProcess
LoadLibraryW
GetModuleHandleW
CreateMutexW
CreateThread
GetProcAddress
GetCommandLineW
CloseHandle
WaitForSingleObject
LocalFree
GetModuleHandleA
GetExitCodeProcess

shell32

CommandLineToArgvW
Shell_NotifyIconW

Sections

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT$XIA
Size: 140KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 28B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6263d3881dfe3f4052e489f924ebff5c

Headers

File Characteristics

Imports

gdi32

user32

kernel32

shell32

Sections

.idata Size: 3KB - Virtual size: 3KB

_TEXT Size: 242KB - Virtual size: 242KB

.CRT$XIA Size: 140KB - Virtual size: 152KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 22KB - Virtual size: 22KB

.debug Size: 28B - Virtual size: 512B

.idata
Size: 3KB - Virtual size: 3KB

_TEXT
Size: 242KB - Virtual size: 242KB

.CRT$XIA
Size: 140KB - Virtual size: 152KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 22KB - Virtual size: 22KB

.debug
Size: 28B - Virtual size: 512B