Exitlag by fazbear[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Exitlag by fazbear.exe
Size

63.0MB
MD5

19d80f6d46d96b0308053a8ada14da0d
SHA1

2b7865228a06fcce7419b9d2786da0f554eebcc3
SHA256

27a8e5f7d8cbac44bdc0fdf657f5fab0cd2e203c7547dadc63d80b3208b7ef36
SHA512

c7cc84a423994d2cfd8c3ac4e85b31ed38c881b3fa236ca550fa4f564ef6e95f7e6314c53f0c0ff6267ee0e202222b27c09442cfe974f0071a5a8b0f1bf8374c
SSDEEP

6144:Vx//QnN75ABV33rEjM7pG7HTt23lioHZg6HunAALxCPI+IVKJsfHa0W:DnQz6qMe523lh5g6TYoP60sva0W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Exitlag by fazbear.exe

Files

Exitlag by fazbear.exe
.exe windows:6 windows x86 arch:x86

165fb41197374f2ff6eecfd747853af1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LocalFree
WideCharToMultiByte
FindFirstFileA
WriteFile
SetFilePointer
FindClose
GetModuleHandleA
GetLastError
GetFileAttributesA
CreateFileA
CloseHandle
GetModuleFileNameA
Sleep
CopyFileA
GetProcAddress
GetUserDefaultLangID
CreateSemaphoreA
GlobalAlloc
ReadFile
GetFileSize
OpenProcess
IsProcessorFeaturePresent
GlobalMemoryStatusEx
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetTickCount
CreateFileW
LoadLibraryW
LoadLibraryA
DecodePointer
HeapReAlloc
HeapSize
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
WakeAllConditionVariable
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
HeapFree
HeapAlloc
MultiByteToWideChar
CompareStringW
LCMapStringW
DeleteFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
GetFileType
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW

advapi32

GetCurrentHwProfileA

shell32

ord680

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

165fb41197374f2ff6eecfd747853af1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB