Spoofer[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Spoofer.exe
Size

56.3MB
MD5

0b07a073eb75bbe4de562a5ccedb3041
SHA1

69e0fb65aa278e65d02bfa4aa6e664f0176e1790
SHA256

64508480425c9de4206ddc4e737e5f43af97048857ecbe1a111af796687f8a12
SHA512

a4cd8477622a4081c83c76bfb4de06a2d9cbdceed6649b77c60239efe77ac4242d61af76aac01fbca649fdc7c5296b29cb5bb39347fe4dc6bd308e42367408b4
SSDEEP

786432:cQSNyPsvlfueCp8Lo3IVI09XLmbpQEHrFnK/tUuneZ/u7v18hXK0dPpj/ZECti:B9PsN2bLY992jZK19eo79AXbdhaC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Spoofer.exe

Files

Spoofer.exe
.exe windows:6 windows x64 arch:x64

274f120d4d8b4ddc408e57f497100fa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AreFileApisANSI
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowA

gdi32

GetDeviceCaps

advapi32

RegCloseKey

imm32

ImmReleaseContext

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

d3d9

Direct3DCreate9

psapi

GetModuleInformation

normaliz

IdnToAscii

wldap32

ord200

crypt32

CertOpenStore

ws2_32

gethostname

rpcrt4

UuidToStringA

userenv

UnloadUserProfile

vcruntime140

__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strspn

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

fgets

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

shell32

ShellExecuteA

Sections

L'^X@X[w
Size: - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

WwG\noNU
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

nS<TGx>x
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T\a#dwhZ
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

EZA9hR]L
Size: - Virtual size: 34.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

x]^#;rOd
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

%)lL`Su$
Size: 56.3MB - Virtual size: 56.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Di?DuCVL
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

;p<=Vgc(
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

274f120d4d8b4ddc408e57f497100fa3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

imm32

msvcp140

d3d9

psapi

normaliz

wldap32

crypt32

ws2_32

rpcrt4

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Sections

L'^X@X[w Size: - Virtual size: 748KB

WwG\noNU Size: - Virtual size: 190KB

nS<TGx>x Size: - Virtual size: 3.2MB

T\a#dwhZ Size: - Virtual size: 33KB

EZA9hR]L Size: - Virtual size: 34.7MB

x]^#;rOd Size: 5KB - Virtual size: 5KB

%)lL`Su$ Size: 56.3MB - Virtual size: 56.3MB

Di?DuCVL Size: 512B - Virtual size: 284B

;p<=Vgc( Size: 512B - Virtual size: 480B

L'^X@X[w
Size: - Virtual size: 748KB

WwG\noNU
Size: - Virtual size: 190KB

nS<TGx>x
Size: - Virtual size: 3.2MB

T\a#dwhZ
Size: - Virtual size: 33KB

EZA9hR]L
Size: - Virtual size: 34.7MB

x]^#;rOd
Size: 5KB - Virtual size: 5KB

%)lL`Su$
Size: 56.3MB - Virtual size: 56.3MB

Di?DuCVL
Size: 512B - Virtual size: 284B

;p<=Vgc(
Size: 512B - Virtual size: 480B