c123ea6e831be0b89633e08ab0b6105b65126ed749d2572212ae42103d310c4a

Sharing

Copy URL Twitter E-mail

General

Target

c123ea6e831be0b89633e08ab0b6105b65126ed749d2572212ae42103d310c4a
Size

5.2MB
MD5

278cd07af007cd1ac16f7463dbe47670
SHA1

e782baaa929f0c2fce72d5331fa3b8d63dc6856e
SHA256

c123ea6e831be0b89633e08ab0b6105b65126ed749d2572212ae42103d310c4a
SHA512

fb89bd7e26e093e866fc5f70a8061d9866084f17b15d55a5448976cd14657bac63f0918977dd75578505218540bb04e9bd932815fc5777487c68033068cc8f19
SSDEEP

98304:UgmdneaT82prWhlkdl15puqB9GQU1yn/2ybgDepreQp:Sdnek8qOGltukGhi0Gp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c123ea6e831be0b89633e08ab0b6105b65126ed749d2572212ae42103d310c4a

Files

c123ea6e831be0b89633e08ab0b6105b65126ed749d2572212ae42103d310c4a
.exe windows:5 windows x86 arch:x86

2d6ae23dc637d9d08767a24408f4f1b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Jenkins\workspace\FE12.1_Fnet_plugin_git\Starship\fxnet_release_v11\plugin_fxnet\FPM_Uninstall\Release\FxDump.pdb

Imports

kernel32

GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GetModuleHandleA
LoadLibraryA
GetVersionExA
GetModuleHandleW
GetVersionExW
GetTickCount
MulDiv
GetFullPathNameW
SetLastError
InitializeCriticalSection
HeapCreate
FlushInstructionCache
GetFileAttributesW
CopyFileA
SetCurrentDirectoryA
GetTempPathA
GetModuleFileNameA
CreateMutexW
lstrlenA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
OutputDebugStringA
GetCurrentThreadId
CopyFileW
FindFirstFileW
FindClose
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
lstrcpyW
LocalFree
LocalAlloc
InterlockedIncrement
CreateEventW
Sleep
SetEvent
ResumeThread
SuspendThread
GetExitCodeThread
TerminateThread
SetThreadPriority
CreateThread
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetDriveTypeW
GetPrivateProfileStringW
FindResourceW
CreateProcessW
LoadLibraryW
FormatMessageW
GetLocalTime
CloseHandle
WriteFile
SizeofResource
LoadResource
WaitForSingleObject
GetLastError
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetSystemTime
WriteConsoleW
SetConsoleCtrlHandler
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
MoveFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
SetFilePointerEx
GetACP
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
SetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
VerifyVersionInfoA
GetSystemDirectoryA
ExpandEnvironmentStringsA
PeekNamedPipe
GetFileType
WaitForMultipleObjects
SleepEx
FormatMessageA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
CreateDirectoryA
GetModuleHandleExA
GetStdHandle
GetCPInfo
GetStringTypeW
LCMapStringW
QueryPerformanceFrequency
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindResourceExW
VirtualProtect
GetUserDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetThreadTimes
GetCurrentThread
GlobalFlags
OpenProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
LockResource
FreeResource
InterlockedDecrement
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GlobalSize
FlushFileBuffers
GetFileSize
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
UnlockFile
DuplicateHandle
LoadLibraryExW
lstrcmpiW
FileTimeToLocalFileTime
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
EncodePointer
GetSystemDirectoryW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentProcessId
lstrcmpA
GlobalGetAtomNameW
SystemTimeToFileTime

user32

SetForegroundWindow
GetDC
ReleaseDC
GetWindowRect
MessageBoxW
IsWindowVisible
GetFocus
GetParent
PostMessageW
LoadCursorW
DestroyCursor
IsWindow
SetTimer
KillTimer
SetCursor
SetRect
CopyRect
InflateRect
IntersectRect
GetForegroundWindow
SetWindowPos
ShowWindow
DestroyWindow
AttachThreadInput
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetWindowThreadProcessId
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
RemoveMenu
CharUpperW
UnhookWindowsHookEx
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
FillRect
RegisterWindowMessageW
GetMessagePos
GetMessageTime
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsChild
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
GetMenu
SetMenu
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
GetClassLongW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
GetSysColorBrush
MoveWindow
CheckDlgButton
IsDialogMessageW
RealChildWindowFromPoint
SystemParametersInfoW
SetMenuItemBitmaps
FindWindowW
SetMenuItemInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
ShowOwnedPopups
GetNextDlgGroupItem
WindowFromPoint
DrawFocusRect
DrawIconEx
MessageBeep
EnableScrollBar
InvertRect
NotifyWinEvent
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
SendMessageW
GetActiveWindow
OffsetRect
UnregisterClassW
MonitorFromRect
SetActiveWindow
UnionRect
IsRectEmpty
EqualRect
PtInRect
CharNextW
DestroyIcon
GetIconInfo
SetFocus
GetKeyState
GetWindowLongW
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
GetDlgItem
GetClientRect
MapWindowPoints
SetWindowLongW
GetWindow
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
GetMenuCheckMarkDimensions
PostQuitMessage
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
LoadImageW
CreateIconFromResource
LoadBitmapW
LoadIconW
GetDesktopWindow
BeginPaint
IsWindowEnabled
EnableWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
SetWindowTextW
InvalidateRect
EndPaint

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
LineTo
GetClipRgn
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreatePalette
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
IntersectClipRect
SetGraphicsMode
SelectObject
CreateCompatibleDC
CreateBitmap
EnumFontsW
CreateRoundRectRgn
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps
EnumFontFamiliesW
SetWorldTransform
GetNearestPaletteIndex
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetWindowExtEx
CreateDCW
CopyMetaFileW
GetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
PatBlt
GetViewportExtEx
GetPixel
CreateFontIndirectW
GetObjectType
EnumFontFamiliesExW
GetTextMetricsW
GetTextExtentPoint32W
DPtoLP
GetWorldTransform
RectInRegion
Pie
CreateEllipticRgnIndirect
Arc
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
GetRgnBox
LPtoDP
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
SetPixel
GetTextCharsetInfo
CreateDIBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
SetRectRgn

advapi32

RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage
SHGetMalloc
SHFileOperationW
SHGetFileInfoW

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoDisconnectObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleTranslateAccelerator
IsAccelerator
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateBindCtx

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit

msimg32

GradientFill
AlphaBlend
TransparentBlt

shlwapi

PathIsDirectoryA
PathIsDirectoryW
PathRemoveFileSpecW
StrToIntExW
PathFileExistsW
PathFindFileNameA
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW

uxtheme

IsAppThemed
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeText
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground

urlmon

URLDownloadToFileW

gdiplus

GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateBitmapFromFile
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipImageGetFrameDimensionsList
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGraphicsClear
GdipSaveImageToFile

msi

ord292
ord205

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpSendRequestW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetQueryDataAvailable
HttpQueryInfoW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

winmm

PlaySoundW

psapi

GetModuleFileNameExW

crypt32

CryptMsgGetParam
CryptMsgClose
CertCloseStore
CryptQueryObject

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetOpenStatus
ImmGetContext

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

wldap32

ord32
ord27
ord26
ord33
ord41
ord50
ord60
ord211
ord46
ord143
ord35
ord79
ord200
ord301
ord22
ord30

ws2_32

gethostbyname
gethostname
shutdown
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
ioctlsocket
htonl
sendto
getservbyname

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 853KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d6ae23dc637d9d08767a24408f4f1b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

shlwapi

uxtheme

urlmon

gdiplus

msi

version

wininet

iphlpapi

winmm

psapi

crypt32

imm32

oleacc

winspool.drv

wldap32

ws2_32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 822KB - Virtual size: 822KB

.data Size: 83KB - Virtual size: 182KB

.rsrc Size: 853KB - Virtual size: 853KB

.reloc Size: 237KB - Virtual size: 237KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 822KB - Virtual size: 822KB

.data
Size: 83KB - Virtual size: 182KB

.rsrc
Size: 853KB - Virtual size: 853KB

.reloc
Size: 237KB - Virtual size: 237KB