FGColor[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FGColor.exe
Size

23.1MB
MD5

114f9db010419597e152dbdad96c6b72
SHA1

4f7a08b31ae364137eaa89f6e95c5cf322e78966
SHA256

289a201c938fd4927b79023ec52c51775a3c61c01a0f7d9eced087bd6a838e27
SHA512

b028ec57bac42b804a7b0d5e7594d69b50a37c17ae76e0a7ff542db9038d1418272709f29fd4ec765faffb799fe70846b1c3f8d44f865ce1a7fa668473d9800e
SSDEEP

393216:O1ivdDCqATA3SocQUUuur71FfOPoOc7ImYPR1BwNczAohYQr49LVSO2naoy2KZ:O8MqARRc7rd1BQyNczvAOdaZt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FGColor.exe

Files

FGColor.exe
.exe windows:6 windows x64 arch:x64

7a0d9d184eae288b3c460e9f31052a35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueA

kernel32

GetModuleHandleA

shell32

SHGetDiskFreeSpaceExW

user32

TranslateMessage

Sections

Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE