FreeBadwareFn[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FreeBadwareFn.exe
Size

778KB
MD5

564d5d298b0fb7cda51dcac424d35306
SHA1

3316014d63169f10d33d6bbdfa6d399038d220cf
SHA256

591c37e7472ed3608fa9b1e48172aa9d8c383b0b8b83f6e0367478f338dcc7f5
SHA512

623d2f134838d1939a5a23c1eb654939a9679fbc7b5abecc184450dca67cda8794264ee432d00205e181a08eed4eecc219928700d63f7e2c928368767c130925
SSDEEP

12288:U2B8pn94dz+fQMrPu4XwIVqcXROZcw6NFDUFIDPj2ErymbMHyjnOCKRMV:T6Oz+fr1VqcBOZ1PFITNrydyjnOxRMV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FreeBadwareFn.exe

Files

FreeBadwareFn.exe
.exe windows:6 windows x64 arch:x64

a238dd604fb2ad22723fd508e20abc53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

Sleep
MultiByteToWideChar
VirtualAlloc
GetStdHandle
SetConsoleTextAttribute
CreateFileA
QueryPerformanceFrequency
GlobalUnlock
InitializeCriticalSectionEx
FreeLibrary
CreateThread
GetCurrentProcessId
QueryPerformanceCounter
GetSystemDirectoryA
FlushFileBuffers
GlobalLock
GlobalFree
DeleteCriticalSection
GlobalAlloc
GetCurrentProcess
VirtualProtect
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
CreateFileMappingW
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleA
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
FormatMessageA
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
SleepEx
LoadLibraryA
GetProcAddress
WideCharToMultiByte
GetLastError
CloseHandle
CreateFileW

user32

RegisterClassExA
FindWindowA
PostQuitMessage
MessageBoxA
UnregisterClassA
UpdateWindow
ScreenToClient
GetActiveWindow
mouse_event
TranslateMessage
GetKeyState
GetCapture
ClientToScreen
SetCapture
PeekMessageA
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
LoadCursorA
SetCursor
GetWindowThreadProcessId
GetClientRect
ReleaseCapture
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetWindowLongA
GetForegroundWindow
MoveWindow
DefWindowProcA
SetCursorPos
CreateWindowExA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Throw_Cpp_error@std@@YAXH@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

d3d9

Direct3DCreate9Ex

ntdll

VerSetConditionMask
ZwOpenKey
RtlCaptureContext
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwSetValueKey

normaliz

IdnToAscii

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertCreateCertificateChainEngine
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CryptDecodeObjectEx
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore

ws2_32

getsockname
getpeername
connect
htons
WSAGetLastError
send
recv
closesocket
getsockopt
ntohs
setsockopt
socket
WSASetLastError
gethostname
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
ntohl
sendto
bind
WSAIoctl

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
strchr
memset
memmove
__current_exception
memcmp
memchr
_CxxThrowException
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
strrchr
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fwrite
_wfopen
__p__commode
_lseeki64
__stdio_common_vsprintf
fseek
ftell
fread
__stdio_common_vsscanf
feof
_read
fputs
fopen
__stdio_common_vsprintf_s
_write
_close
_open
fclose
fflush
_popen
_pclose
fgets
__acrt_iob_func
_set_fmode
fputc

api-ms-win-crt-string-l1-1-0

strncmp
wcscpy_s
_strdup
isprint
tolower
strpbrk
strcmp
strcspn
isupper
strncpy
strspn

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_set_new_mode
_callnewh
calloc

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtol
atof
strtoll
strtod
strtoull

api-ms-win-crt-runtime-l1-1-0

abort
_errno
_configure_narrow_argv
strerror
__sys_nerr
system
exit
_beginthreadex
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
terminate
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

cosf
floorf
sqrtf
tanf
fmodf
pow
powf
sinf
ceilf
__setusermatherr
_dclass
asin

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_access

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

shell32

ShellExecuteA

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a238dd604fb2ad22723fd508e20abc53

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

imm32

msvcp140

d3d9

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

advapi32

shell32

Sections

.text Size: 616KB - Virtual size: 616KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 25KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 616KB - Virtual size: 616KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB