Ftool[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ftool.exe
Size

6.5MB
MD5

f7e0ed1c272d465e2abe98bf99ae846c
SHA1

2dcb39681ff1c39e7a5d736f5d60b06d0d6daf29
SHA256

fceb36a31e8c582a855f79d83a71a7eeb47eeb6425652e443782e68339fe3f4f
SHA512

c3f28b036d5e06dcdd2616e4b67b322b3d5bb8a5f37226e80fbb74d6dbec300981f52333ef7e9756b5f99e894a8dfe09d7ed8adf78eb30205861488ffbf390aa
SSDEEP

49152:I2SmCUIC0MEmiseZiUv/FoX6FCPbiDl62a3egsnvgDZ31nHZLQKDO57rLuYai6lf:0isnvgDZFnBQKu7Pu13e4qmTFbc3M2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ftool.exe

Files

Ftool.exe
.exe windows:6 windows x86 arch:x86

160d9eef67397ef1e31d66d6d1c5b3bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glTexImage2D
glTexParameteri
glTranslated
glTranslatef
glVertex2d
glVertex2i
glPopAttrib
glTexEnvi
glTexCoord2d
glScissor
glRotated
glReadPixels
glRasterPos2i
glRasterPos2d
glPushMatrix
glPopMatrix
glPolygonStipple
glPolygonMode
glPointSize
glPixelZoom
glPixelStorei
glOrtho
glMultMatrixd
glMatrixMode
glMapGrid1f
glMapGrid1d
glMap1d
glLogicOp
glLoadIdentity
glLineWidth
glPopClientAttrib
glPushAttrib
glPushClientAttrib
glTexCoord2f
glVertex2f
glGetIntegerv
glLineStipple
glIsEnabled
glHint
glGenTextures
glFlush
glEvalMesh1
glEnd
glEnable
glDrawPixels
glDisable
wglCreateContext
glDeleteTextures
glCopyPixels
glColor4ub
glClearColor
glClear
glBlendFunc
glBindTexture
glBegin
glTexSubImage2D
glViewport
glGetString
wglShareLists
wglMakeCurrent
wglGetProcAddress
wglGetCurrentDC
wglGetCurrentContext
wglDeleteContext

kernel32

GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
ReadConsoleW
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointerEx
GetCurrentProcessId
RaiseException
RtlUnwind
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindClose
HeapAlloc
GetCommandLineA
HeapReAlloc
ResumeThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
GetFileType
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DeleteCriticalSection
GetTimeZoneInformation
GetProcessHeap
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
FindFirstFileExW
HeapSize
SetStdHandle
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
GetVersion
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
HeapFree
ReadConsoleInputA
SetConsoleMode
GetDriveTypeW
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetACP
EnterCriticalSection
LeaveCriticalSection
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetSystemDirectoryW
SetLastError
GetTickCount
GetLocalTime
ExitThread
GetCurrentThread
CreateThread
SwitchToThread
CreateMutexA
lstrcpynW
GetModuleHandleW
GetFileAttributesW
GetCPInfoExA
GetVersionExA
GetSystemInfo
GetCPInfoExW
CompareStringW
FormatMessageW
LocalFree
GetModuleFileNameW
GetCurrentThreadId
CreateMutexW
ReleaseMutex
GetLastError
GetCommandLineW
WaitForSingleObject
lstrcpyW
MulDiv
GetSystemDefaultUILanguage
GetComputerNameW
GetVersionExW
OutputDebugStringW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryW
lstrlenW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
ReadFile
GetFileSize
DeleteFileW
CreateFileW
Sleep
GetModuleFileNameA
SetCurrentDirectoryA
CloseHandle
WriteFile
CreateFileA
GetConsoleMode
TlsAlloc

user32

FillRect
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
PostQuitMessage
TrackMouseEvent
GetMessageExtraInfo
SendMessageW
DefWindowProcW
CallWindowProcW
GetClassInfoW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
SendInput
MapVirtualKeyW
EnableWindow
IsWindowEnabled
GetSystemMetrics
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetCursorPos
SetCursor
ClientToScreen
ScreenToClient
ChildWindowFromPointEx
DrawFocusRect
GetWindowLongW
SetWindowLongW
GetParent
SetParent
LoadCursorW
GetScrollBarInfo
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetClassLongW
GetAsyncKeyState
GetWindowRect
GetCursorPos
GetDesktopWindow
SystemParametersInfoA
IsMenu
GetActiveWindow
SetMenu
GetMenuState
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
RemoveMenu
SetMenuItemBitmaps
TrackPopupMenu
GetMenuInfo
SetMenuInfo
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
SetForegroundWindow
CheckMenuRadioItem
SetFocus
SystemParametersInfoW
RegisterClipboardFormatW
GetClipboardFormatNameW
DragDetect
GetCapture
SetCapture
ReleaseCapture
GetSysColor
GetFocus
GetKeyState
GetCaretPos
DrawEdge
InflateRect
DrawTextW
GetClientRect
FrameRect
RegisterClassW
UnregisterClassW
UpdateLayeredWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
EndDialog
GetDlgItem
BeginPaint
EndPaint
InvalidateRect
LockWindowUpdate
GetWindow
LoadImageW
DefFrameProcW
DefMDIChildProcW
CreateMDIWindowW
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
DestroyCursor
DestroyIcon
CreateIconIndirect
PtInRect
GetComboBoxInfo
DisableProcessWindowsGhosting
EnumWindows
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnumDisplayMonitors
MapWindowPoints
SetScrollPos
ShowScrollBar
EnableScrollBar
SetScrollInfo
GetScrollInfo
ShowCursor
GetKeyboardLayout
VkKeyScanA
MapVirtualKeyA
IsWindow
SetGestureConfig
GetClassNameA
DrawFrameControl
SetTimer
KillTimer
MessageBoxIndirectW
GetClassLongA
SetRect
ScrollDC
SetWindowRgn
ReleaseDC
GetDC
GetForegroundWindow
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard

gdi32

GetMetaFileW
DeleteMetaFile
GetTextFaceW
PolyBezierTo
PolyBezier
Polyline
Polygon
CreatePolygonRgn
TextOutW
MoveToEx
ExtCreatePen
StrokePath
StrokeAndFillPath
SetArcDirection
SelectClipPath
PathToRegion
FillPath
EndPath
CloseFigure
BeginPath
ArcTo
ModifyWorldTransform
GetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
SetStretchBltMode
SetROP2
StretchDIBits
StretchBlt
SetPolyFillMode
SetPixelV
SetGraphicsMode
SetBkMode
SetBkColor
SelectPalette
SelectClipRgn
RealizePalette
Rectangle
PtInRegion
SetDCBrushColor
PatBlt
OffsetRgn
PlgBlt
MaskBlt
LineTo
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
ExcludeClipRect
GetObjectType
GetObjectW
SetMetaFileBitsEx
SetLayout
GetRgnBox
GetGraphicsMode
Ellipse
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePenIndirect
CreatePen
CreatePalette
CreateFontW
CreateFontIndirectW
CreateEllipticRgn
CreateDIBPatternBrushPt
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
Chord
BitBlt
Arc
EndPage
StartPage
EndDoc
StartDocW
DeleteEnhMetaFile
GdiFlush
CreateDIBSection
GetEnhMetaFileBits
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
GetLayout
SetViewportOrgEx
ChoosePixelFormat
DescribePixelFormat
EnumEnhMetaFile
GetMetaFileBitsEx
GetDIBits
GetDeviceCaps
GetBitmapDimensionEx
DeleteObject
DeleteDC
CreateCompatibleDC
CloseMetaFile
ResizePalette
SetPixelFormat
SwapBuffers
GetEnhMetaFileW
GetEnhMetaFileHeader
SetWinMetaFileBits
CreateRectRgnIndirect
CreateMetaFileW
Pie

winspool.drv

ClosePrinter
OpenPrinterA
DeviceCapabilitiesW

comdlg32

GetOpenFileNameW
ChooseFontW
PrintDlgW
PrintDlgA
GetSaveFileNameW

advapi32

RegOpenKeyExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegisterEventSourceA
ReportEventA
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource
RegEnumValueA
RegCloseKey
GetUserNameW
RegQueryValueExA
RegQueryInfoKeyA

shell32

DragFinish
DragQueryFileW
DragQueryPoint
DragAcceptFiles
ord74
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

OleInitialize
RegisterDragDrop
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoInitializeEx
OleUninitialize
CoLockObjectExternal

comctl32

ImageList_Create
ord13
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_Draw
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetIconSize
ord14

gdiplus

GdipCreatePath
GdipDeletePath
GdipResetPath
GdipSetPathFillMode
GdipClosePathFigure
GdipGetPathLastPoint
GdipAddPathLine
GdipAddPathArc
GdipMeasureString
GdipDrawString
GdipGetLogFontW
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipGetGenericFontFamilySansSerif
GdiplusStartup
GdipAddPathClosedCurve
GdipAddPathEllipse
GdipAddPathPie
GdipRecordMetafileI
GdipAddPathPolygon
GdipAddPathStringI
GdipAddPathLineI
GdipAddPathArcI
GdipAddPathBezierI
GdipAddPathClosedCurveI
GdipAddPathEllipseI
GdipAddPathPieI
GdipGetHemfFromMetafile
GdipCreateHBITMAPFromBitmap
GdipRecordMetafileFileNameI
GdipCreateFromHDC2
GdipDrawCachedBitmap
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipGraphicsClear
GdipResetWorldTransform
GdipFlush
GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipCreateFromHWND
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCloneFontFamily
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetMetafileHeaderFromMetafile
GdipIsVisiblePointI
GdipResetClip
GdipSetClipRegion
GdipSetClipPath
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipFillClosedCurveI
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectangleI
GdipFillRectangle
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawPath
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipTransformPointsI
GdipGetDpiY
GdipGetDpiX
GdipSetPageScale
GdipSetPageUnit
GdipGetWorldTransform
GdipSetWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapSetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateBitmapFromGraphics
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePixelFormat
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipSetPenDashArray
GdipSetPenDashStyle
GdipSetPenColor
GdipSetPenLineJoin
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipSetPenWidth
GdipCloneImage
GdipDisposeImage
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathGradient
GdipCreateLineBrushI
GdipSetSolidFillColor
GdipCreateSolidFill
GdipCreateTexture
GdipCreateHatchBrush
GdipDeleteBrush
GdipCloneBrush
GdipIsVisibleRegionPointI
GdipGetRegionHRgn
GdipGetRegionBoundsI
GdipTranslateRegionI
GdipCombineRegionRegion
GdipSetEmpty
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipCreateRegion
GdipIsMatrixIdentity
GdipRotateMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipSetMatrixElements
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipTransformPath
GdipAddPathBezier
GdipAddPathPolygonI
GdipBitmapSetResolution

iphlpapi

GetAdaptersAddresses

ws2_32

socket
shutdown
setsockopt
sendto
send
recvfrom
recv
listen
getsockopt
getsockname
getpeername
ioctlsocket
connect
WSASetLastError
bind
accept
ntohl
inet_addr
WSAGetLastError
select
getnameinfo
freeaddrinfo
getaddrinfo
getservbyname
ntohs
htons
closesocket
WSACleanup
WSAStartup

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

160d9eef67397ef1e31d66d6d1c5b3bc

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

comctl32

gdiplus

iphlpapi

ws2_32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 993KB - Virtual size: 993KB

.data Size: 1.2MB - Virtual size: 3.5MB

.rsrc Size: 124KB - Virtual size: 123KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 993KB - Virtual size: 993KB

.data
Size: 1.2MB - Virtual size: 3.5MB

.rsrc
Size: 124KB - Virtual size: 123KB