spf[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spf.exe
Size

63.5MB
MD5

d7330a76e22ee63736641ab7c3d88a1c
SHA1

c7642d75c4037bc72e0a3fd9bd3d8bef6f6f58df
SHA256

8b4ce7b247ec57c95dad92066028c8085ea3f80a8c58bdd4a429cb38e24730c4
SHA512

f0ed6409f55ed2ce9f1a815c983f8c95f54c2b8b5bf65da2afeedba0f887567741a4f450a3f928ea39c78b086543e44dc5023496ecc5009f6d4400f71f768c14
SSDEEP

1572864:jURQlJXU133v5V/TKFqRl4aVtyVxPObnsDTFu:jU+XUpv5pP4ayxWy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spf.exe

Files

spf.exe
.exe windows:6 windows x64 arch:x64

af5453923689c69454ccb3bb55e41595

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetFolderPathW

advapi32

RegQueryInfoKeyA

ole32

CoInitializeEx

oleaut32

VariantInit

comdlg32

GetOpenFileNameW

wininet

HttpQueryInfoA

ws2_32

sendto

ntdll

RtlUnwindEx

kernel32

GetVersionExW

user32

SetWindowsHookExW

gdi32

CreateCompatibleBitmap

winspool.drv

ord203

shlwapi

PathIsRelativeW

iphlpapi

GetTcpTable

userenv

GetUserProfileDirectoryW

urlmon

URLDownloadToFileW

winmm

timeGetTime

oleacc

AccessibleObjectFromWindow

comctl32

ImageList_GetIconSize

imm32

ImmAssociateContextEx

usp10

ScriptItemize

bcrypt

BCryptGenRandom

gdiplus

GdipAlloc

netapi32

NetUserAdd

rpcrt4

UuidFromStringA

slwga

SLIsGenuineLocal

secur32

LsaFreeReturnBuffer

crypt32

CertCloseStore

version

VerQueryValueW

wldap32

ord301

Sections

.text
Size: - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Jw'
Size: - Virtual size: 32.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.=g<
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Enj
Size: 63.5MB - Virtual size: 63.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af5453923689c69454ccb3bb55e41595

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

ole32

oleaut32

comdlg32

wininet

ws2_32

ntdll

kernel32

user32

gdi32

winspool.drv

shlwapi

iphlpapi

userenv

urlmon

winmm

oleacc

comctl32

imm32

usp10

bcrypt

gdiplus

netapi32

rpcrt4

slwga

secur32

crypt32

version

wldap32

Sections

.text Size: - Virtual size: 9.3MB

.rdata Size: - Virtual size: 10.5MB

.data Size: - Virtual size: 12.5MB

.pdata Size: - Virtual size: 332KB

_RDATA Size: - Virtual size: 500B

.Jw' Size: - Virtual size: 32.9MB

.=g< Size: 2KB - Virtual size: 1KB

.Enj Size: 63.5MB - Virtual size: 63.5MB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: - Virtual size: 9.3MB

.rdata
Size: - Virtual size: 10.5MB

.data
Size: - Virtual size: 12.5MB

.pdata
Size: - Virtual size: 332KB

_RDATA
Size: - Virtual size: 500B

.Jw'
Size: - Virtual size: 32.9MB

.=g<
Size: 2KB - Virtual size: 1KB

.Enj
Size: 63.5MB - Virtual size: 63.5MB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 292B