EZFN Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EZFN Launcher.exe
Size

49.6MB
MD5

954b7e644f6aa0ddf51d7f1743eefabc
SHA1

9b82fe0c4d16a01220bb7fde40a82714c31f23ec
SHA256

b91f55138349b65b084c7746df80efdb7f6423307e4026615d84175b8cf71850
SHA512

4d653adac59f8539bf931cc434923b8f4f0fdc2237dab06e917a3396b3af4a331d28cb0ffc24b50641f7d7323f3bc000e9036c3cfd42312bd075e4e9f5138b6b
SSDEEP

1572864:/bi+yTMhZ9WutsLjNV1xQCVls+/yhMkmKY:NhZg/j1tls+Kh/m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EZFN Launcher.exe

Files

EZFN Launcher.exe
.exe windows:6 windows x64 arch:x64

0d73ab0538747d39742ebef22846ae84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
SwitchToThread
GetCurrentThreadId
ConnectNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
CloseHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
ReleaseSRWLockExclusive
FindClose
CopyFileExW
RemoveDirectoryW
GetFileInformationByHandleEx
MultiByteToWideChar
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
GetUserDefaultLocaleName
GetProcessId
OpenProcess
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
CreateFileW
WaitNamedPipeW
GetNamedPipeServerProcessId
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
Sleep
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
RtlLookupFunctionEntry
GetProcAddress
GetCurrentThread
RtlCaptureContext
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
lstrlenW
GetComputerNameExW
CreateNamedPipeW
SetHandleInformation
SetFilePointerEx
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetSystemInfo
CreatePipe
SleepConditionVariableSRW
WakeConditionVariable
UnregisterWait
PostQueuedCompletionStatus
GetModuleHandleW
RegisterWaitForSingleObject
WakeAllConditionVariable
LoadLibraryExW
VirtualQuery
FreeLibrary
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
SetFileInformationByHandle
GetSystemTimes
GetProcessIoCounters
GetProcessTimes
ReadProcessMemory
LocalFree
VirtualQueryEx
GlobalMemoryStatusEx
K32GetPerformanceInfo
LoadLibraryW
WriteFile
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
TlsFree

ws2_32

WSACleanup
getpeername
getsockname
send
freeaddrinfo
getaddrinfo
setsockopt
WSASocketW
accept
ioctlsocket
listen
bind
connect
getsockopt
WSAIoctl
socket
WSASend
WSARecv
WSAGetLastError
recv
WSAStartup
shutdown
closesocket

dbghelp

MiniDumpWriteDump

ntdll

NtReadFile
NtSuspendProcess
NtCancelIoFileEx
RtlGetNtVersionNumbers
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetVersion
NtDeviceIoControlFile
NtCreateFile
NtQueryInformationProcess
NtWriteFile

advapi32

EventWriteTransfer
EventUnregister
RegGetValueW
OpenProcessToken
IsValidSid
GetLengthSid
CopySid
EventRegister
GetTokenInformation
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
EventSetInformation
RegSetValueExW
RegCloseKey

user32

GetMessageA
DispatchMessageA
AppendMenuW
TrackMouseEvent
GetAsyncKeyState
FlashWindowEx
IsIconic
EnumChildWindows
CreateAcceleratorTableW
RegisterTouchWindow
IsWindow
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextW
GetWindowTextLengthW
RedrawWindow
GetForegroundWindow
MonitorFromPoint
SetWindowTextW
GetTouchInputInfo
IsWindowVisible
SetMenu
CreateMenu
SetCursorPos
GetCursorPos
GetClientRect
CheckMenuItem
RegisterHotKey
SetMenuItemInfoW
ShowCursor
ClipCursor
GetActiveWindow
ClientToScreen
CreateIcon
MonitorFromRect
GetWindowLongPtrW
GetKeyState
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
GetKeyboardState
ReleaseCapture
SetCapture
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
GetMonitorInfoW
SetWindowPlacement
ChangeDisplaySettingsExW
IsProcessDPIAware
MonitorFromWindow
GetDC
PostThreadMessageW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
ShowWindow
PostQuitMessage
UnregisterHotKey
VkKeyScanW
DefWindowProcW
RegisterClassExW
RegisterRawInputDevices
SetCursor
LoadCursorW
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
CloseTouchInputHandle
SetForegroundWindow
GetSystemMetrics
ScreenToClient
CloseClipboard
OpenClipboard
DestroyWindow
AllowSetForegroundWindow
SendInput
WaitForInputIdle
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowLongPtrW
CreateWindowExW
TranslateAcceleratorW
GetAncestor
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetClipCursor

comctl32

RemoveWindowSubclass
SetWindowSubclass
TaskDialogIndirect
DefSubclassProc

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CoCreateInstance
OleInitialize
RegisterDragDrop
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree

shell32

DragQueryFileW
DragFinish
ShellExecuteW
SHCreateItemFromParsingName
CommandLineToArgvW
SHGetKnownFolderPath
SHAppBarMessage

bcrypt

BCryptGenRandom

crypt32

CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertFreeCertificateContext
CertOpenStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertCloseStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertEnumCertificatesInStore

secur32

EncryptMessage
DeleteSecurityContext
FreeContextBuffer
DecryptMessage
ApplyControlToken
FreeCredentialsHandle
AcquireCredentialsHandleA
AcceptSecurityContext
QueryContextAttributesW
InitializeSecurityContextW

psapi

GetProcessMemoryInfo
GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncmp
strcpy_s
strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_cexit
_register_onexit_function
_crt_atexit
terminate
_configure_narrow_argv
__p___argv
abort
__p___argc
signal
_exit
exit
_initialize_narrow_environment
_invoke_watson
_initterm_e
_set_invalid_parameter_handler
_get_initial_narrow_environment
_seh_filter_exe
_set_app_type
_initterm
_c_exit

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr
floor
pow
trunc
round

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45.4MB - Virtual size: 45.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d73ab0538747d39742ebef22846ae84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

dbghelp

ntdll

advapi32

user32

comctl32

pdh

ole32

shell32

bcrypt

crypt32

secur32

psapi

powrprof

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 45.4MB - Virtual size: 45.4MB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 122KB - Virtual size: 121KB

.eh_fram Size: 512B - Virtual size: 88B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 45.4MB - Virtual size: 45.4MB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 122KB - Virtual size: 121KB

.eh_fram
Size: 512B - Virtual size: 88B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 45KB - Virtual size: 44KB