File-Five[.]Nights[.]at[.]Freddys[.]Sister[.]Location[.]v1-881127[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

File-Five.Nights.at.Freddys.Sister.Location.v1-881127.zip
Size

20.3MB
MD5

b34dae0426524b12cf8c6d0553821526
SHA1

94dca198d0a9835415d54856212ff21be9484103
SHA256

84e0f7ebe710707d58b3463083b84305393ac5920678fc6dc492df7569857fb4
SHA512

7560d355501621a5ece05ac5c4c3a1aec93922ac053d55e36f79643cdff86163a002b523ba7994a7e725e8af07985c249c5a7741d7403b2eef85e92238cdbb50
SSDEEP

393216:Dh5tmUpexXS/u4cBIkxwXsZkwk7rE7u+GPgiyWVer0dRMfQ:XtwT1NwcZkr7rE7cPemdKY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup_100002.exe

Files

File-Five.Nights.at.Freddys.Sister.Location.v1-881127.zip
.zip
Setup_100002.exe
.exe windows:6 windows x86 arch:x86

9b8d6bd8ee9d7c480175f8244a86c7e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

LocalFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetStdHandle
TlsSetValue
GetProcAddress
WaitForSingleObjectEx
CreateDirectoryW
FindFirstFileW
FindFirstFileA
InitializeSListHead
GetModuleHandleW
GetCommandLineA
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThreadId
SetCurrentDirectoryW
HeapFree
CreateEventA
SetStdHandle
CreateThread
GetFileAttributesExW
FlushFileBuffers
FileTimeToSystemTime
SetUnhandledExceptionFilter
MoveFileExW
FormatMessageA
SetCurrentDirectoryA
GetACP
ReleaseSemaphore
CreateFileA
TlsFree
GetSystemDirectoryW
GetTimeZoneInformation
RaiseException
TerminateProcess
SetFileAttributesW
PeekNamedPipe
GetFileSize
GetFinalPathNameByHandleW
GlobalMemoryStatus
GetTimeFormatW
GetModuleHandleExW
GetTickCount
AcquireSRWLockExclusive
GetStringTypeW
RemoveDirectoryA
GetEnvironmentStringsW
FreeLibraryAndExitThread
GetModuleFileNameW
ResetEvent
FindFirstFileExA
GetTempPathA
TryAcquireSRWLockExclusive
GetCurrentDirectoryW
MultiByteToWideChar
FindClose
TlsGetValue
HeapReAlloc
GetCommandLineW
ReadConsoleW
GetLocaleInfoEx
FormatMessageW
FreeLibrary
WaitForMultipleObjects
WideCharToMultiByte
LoadLibraryExW
SetEndOfFile
GetLastError
GetCurrentProcess
InitializeCriticalSectionEx
SetFilePointerEx
CompareStringW
LoadLibraryA
WriteConsoleW
GetEnvironmentVariableA
GetCurrentDirectoryA
DeleteFileA
GetSystemInfo
VerSetConditionMask
GetFileAttributesW
UnhandledExceptionFilter
SetEvent
ReadFile
GetProcessHeap
GetVersionExA
ExitProcess
GetUserDefaultLCID
SetLastError
GetTickCount64
LoadLibraryW
IsProcessorFeaturePresent
QueryPerformanceFrequency
FreeEnvironmentStringsW
ReleaseSRWLockExclusive
CreateSemaphoreA
GetDriveTypeW
SetFileAttributesA
GetModuleHandleA
GetTempPathW
LCMapStringW
GetLocaleInfoW
GetDateFormatW
GetProcessAffinityMask
EnterCriticalSection
LCMapStringEx
GetConsoleMode
FindNextFileW
SetFileTime
SleepEx
EnumSystemLocalesW
CreateDirectoryA
VerifyVersionInfoW
GetModuleFileNameA
SetFilePointer
WakeAllConditionVariable
GetFileAttributesA
CreateFileW
RtlUnwind
SetEnvironmentVariableA
GetStartupInfoW
AreFileApisANSI
EncodePointer
GetFileSizeEx
TlsAlloc
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
DeleteCriticalSection
VirtualFree
VirtualAlloc
GetCPInfo
GetVersion
HeapSize
DecodePointer
InitializeCriticalSection
QueryPerformanceCounter
lstrcatA
DeleteFileW
HeapAlloc
ExitThread
IsDebuggerPresent
GetFileType
IsValidLocale
GetOEMCP
IsValidCodePage
CloseHandle
RemoveDirectoryW
FindNextFileA
lstrlenA
GetConsoleCP
WriteFile
GetSystemTimeAsFileTime
Sleep

user32

SendMessageA
GetDlgItem
GetWindowLongA
CharUpperW
SetTimer
LoadStringA
PostMessageA
SetWindowTextW
MessageBoxW
LoadStringW
SetWindowLongA
MessageBoxA
ShowWindow
EndDialog
wsprintfA
LoadIconA
KillTimer
DialogBoxParamW
DestroyWindow
SetWindowTextA
CharUpperA
DialogBoxParamA

shell32

ShellExecuteExA

oleaut32

VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

advapi32

CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptCreateHash
CryptAcquireContextW
CryptEncrypt
CryptDestroyHash

crypt32

CryptQueryObject
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertGetNameStringW
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFindExtension
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateChain
CertFindCertificateInStore
PFXImportCertStore
CertCreateCertificateChainEngine

wldap32

ord216
ord301
ord145
ord219
ord46
ord14
ord147
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133

ws2_32

gethostname
htons
getsockopt
send
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAResetEvent
getaddrinfo
WSACloseEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
ioctlsocket
setsockopt
freeaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
WSAEventSelect
WSACreateEvent
recvfrom
sendto
getpeername

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b8d6bd8ee9d7c480175f8244a86c7e3

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

oleaut32

bcrypt

advapi32

crypt32

wldap32

ws2_32

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 71KB - Virtual size: 71KB

.text
Size: 6.0MB - Virtual size: 6.0MB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 71KB - Virtual size: 71KB