mc-fw-host[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mc-fw-host.exe
Size

1.1MB
MD5

f271ba6c424c9df4ff7a2da20addaf7a
SHA1

7def07d5bccf02262730f561c6a99ea71333a69b
SHA256

092d13da455e8bd34cf7ed241371b97cb7c2dab03c25f9d43d30e7f6569574d6
SHA512

f18b3efae68fd3e9cb86d5ef2828d8c3cb0bf638ff16a87cafd33809930d9be905ab208dcb1b5da3fa081579cb951cb39daf98ec09f0974284944394f7b01d58
SSDEEP

24576:1mCtUYgq9jquP9Z1qsz9yhuR7WKXiZY/09XuPjPoVgHz4+sQtVur:1mCHt9bPHAsPKKX6b9nsj4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Program Files/McAfee/WPS/1.18.255.1/mc-fw-host.exe

Files

mc-fw-host.exe
.zip

Password: India@2023@@
Device/HarddiskVolume3/Program Files/McAfee/WPS/1.18.255.1/mc-fw-host.exe
.exe windows:6 windows x64 arch:x64

Password: India@2023@@

d56b210fba699640a4c6f2821b13a20c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\_Consumer_Cardinal_aviary_master\build\pdb\x64\Release\mc-fw-host.pdb

Imports

kernel32

DeviceIoControl
GetFinalPathNameByHandleW
GetCurrentProcess
QueryFullProcessImageNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindResourceW
LoadResource
SizeofResource
SetFileInformationByHandle
GetModuleFileNameW
GetProcAddress
GetProcessTimes
OpenProcess
WaitForSingleObject
GetExitCodeProcess
GetSystemDirectoryW
LoadLibraryW
GetFileSize
CreateEventW
SetEvent
IsDebuggerPresent
RtlCaptureContext
RaiseFailFastException
GetFileAttributesW
Sleep
SetUnhandledExceptionFilter
SetErrorMode
WerSetFlags
SetDefaultDllDirectories
SetDllDirectoryW
HeapSetInformation
IsProcessorFeaturePresent
GetSystemTimePreciseAsFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryUnbiasedInterruptTime
SetFilePointer
VirtualQuery
LocalFree
IsWow64Process
IsWow64Process2
GetCurrentProcessId
ReadProcessMemory
TerminateProcess
GetFileInformationByHandleEx
LCMapStringEx
SetHandleInformation
CreateProcessW
MultiByteToWideChar
GetTickCount64
CreateFileW
GetModuleHandleW
FormatMessageW
DuplicateHandle
GetNativeSystemInfo
GetLargePageMinimum
VirtualFree
SetLastError
FreeLibrary
CreateThreadpoolWait
LocalAlloc
CreateEventExW
WaitForThreadpoolWaitCallbacks
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
GetThreadPriority
CopyFile2
CloseThreadpoolTimer
EnterCriticalSection
LeaveCriticalSection
RtlPcToFileHeader
GlobalFree
SetInformationJobObject
CreateJobObjectW
CreateIoCompletionPort
GetQueuedCompletionStatus
RaiseException
lstrcmpiW
WaitForSingleObjectEx
AttachConsole
AllocConsole
SetConsoleCtrlHandler
SetStdHandleEx
SetStdHandle
FreeConsole
GetStdHandle
SetThreadpoolWait
CloseThreadpoolWait
GetSystemInfo
VirtualProtect
LoadLibraryExA
FormatMessageA
GetLocaleInfoEx
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SwitchToThread
GetExitCodeThread
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
CopyFileW
MoveFileExW
WideCharToMultiByte
ReleaseSRWLockShared
AcquireSRWLockShared
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
EncodePointer
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetCommandLineA
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetFileType
WriteFile
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadFile
GetFileSizeEx
ReadConsoleW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
SetEndOfFile
GetSystemPreferredUILanguages
GetThreadUILanguage
WaitForMultipleObjectsEx
TrySubmitThreadpoolCallback
SetThreadpoolTimerEx
UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
OOBEComplete
SetCurrentDirectoryW
GetModuleHandleExW
LoadLibraryExW
AddVectoredExceptionHandler
GetCommandLineW
SetThreadPriority
GetCurrentThreadId
GetLastError
GetCurrentThread
CloseHandle
OutputDebugStringW
WaitForThreadpoolWorkCallbacks

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

rpcrt4

RpcServerInqCallAttributesW

userenv

ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
CreateEnvironmentBlock

bcrypt

BCryptDecrypt
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDeriveKeyPBKDF2
BCryptEncrypt
BCryptGetProperty
BCryptDestroyKey
BCryptExportKey
BCryptImportKey
BCryptHash
BCryptGenerateSymmetricKey

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsExW
WTSEnumerateSessionsW
WTSFreeMemoryExW
WTSQueryUserToken

crypt32

CryptVerifyTimeStampSignature
CertFreeCertificateContext
CertFreeCertificateChain
CryptMsgClose
CryptMemFree
CryptMsgOpenToDecode
CryptMsgUpdate
CryptStringToBinaryW
CertCloseStore
CertGetCertificateContextProperty
CertGetNameStringW
CertGetEnhancedKeyUsage
CertFindExtension
CertFindCertificateInStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertRemoveStoreFromCollection
CertOpenStore
CertAddStoreToCollection
CryptGetMessageCertificates
CryptDecodeObjectEx
CryptMsgGetParam
CryptBinaryToStringW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: India@2023@@

Password: India@2023@@

d56b210fba699640a4c6f2821b13a20c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

rpcrt4

userenv

bcrypt

wtsapi32

crypt32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 57KB - Virtual size: 97KB

.pdata Size: 61KB - Virtual size: 60KB

.didat Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 57KB - Virtual size: 97KB

.pdata
Size: 61KB - Virtual size: 60KB

.didat
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 11KB - Virtual size: 11KB