EZFN Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EZFN Launcher.exe
Size

54.9MB
MD5

d4232ef1a3d94f30d4491ca077eb1fbc
SHA1

0ccbba5c1e0bdfdde50828d32f0e2f4048839a18
SHA256

dc84d7ad182897836c2e6ef56d8f0919c7488ea3a6f2844e892835f4470a3a6f
SHA512

90bd335c4dec69e97b6f0abf6d92fe8936f990c22a668a442eba41e3ac839143fe15d3b32217a923f856ac037e4356c0fe95327b01285a21daeb41a3e2d17639
SSDEEP

1572864:Z4Rbi+wThZ9WutsLjh7+T+NaV1xQCVls+/yh3bi+HTes:9Zg/jhST+Notls+Kh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EZFN Launcher.exe

Files

EZFN Launcher.exe
.exe windows:6 windows x64 arch:x64

a37a90f94f175d56b5a1c17faf341b82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
SwitchToThread
GetCurrentThreadId
ConnectNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
CloseHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
ReleaseSRWLockExclusive
FindClose
CopyFileExW
RemoveDirectoryW
GetFileInformationByHandleEx
MultiByteToWideChar
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
GetUserDefaultLocaleName
GetProcessId
OpenProcess
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
CreateFileW
WaitNamedPipeW
GetNamedPipeServerProcessId
ReleaseSRWLockShared
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
TryAcquireSRWLockExclusive
GetProcAddress
lstrlenW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
WideCharToMultiByte
GetCurrentThread
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
FormatMessageW
GetComputerNameExW
CreateNamedPipeW
SetHandleInformation
SetFilePointerEx
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetSystemInfo
GetNativeSystemInfo
CreatePipe
SleepConditionVariableSRW
WakeConditionVariable
Sleep
UnregisterWait
PostQueuedCompletionStatus
GetModuleHandleW
RegisterWaitForSingleObject
WakeAllConditionVariable
LoadLibraryExW
VirtualQuery
FreeLibrary
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetCurrentDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
SetFileInformationByHandle
GetSystemTimes
GetProcessIoCounters
GetProcessTimes
ReadProcessMemory
LocalFree
VirtualQueryEx
GlobalMemoryStatusEx
K32GetPerformanceInfo
LoadLibraryW
WriteFile
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
TlsFree

ws2_32

WSACleanup
getpeername
getsockname
send
freeaddrinfo
getaddrinfo
setsockopt
WSASocketW
WSAStartup
shutdown
closesocket
recv
WSAGetLastError
WSARecv
WSASend
socket
bind
connect
listen
ioctlsocket
accept
getsockopt
WSAIoctl

dbghelp

MiniDumpWriteDump

advapi32

RegCreateKeyExW
SystemFunction036
RevertToSelf
RegQueryValueExW
IsValidSid
RegCloseKey
ImpersonateAnonymousToken
RegGetValueW
GetTokenInformation
EventUnregister
CopySid
EventRegister
RegSetValueExW
GetLengthSid
RegOpenKeyExW
OpenProcessToken
EventSetInformation
EventWriteTransfer

user32

GetMessageA
AppendMenuW
CreateMenu
EnumChildWindows
CreateIcon
SetCursor
LoadCursorW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
RedrawWindow
GetAsyncKeyState
FlashWindowEx
DispatchMessageA
IsIconic
CreateAcceleratorTableW
RegisterTouchWindow
IsWindow
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextW
GetClientRect
GetWindowTextLengthW
GetForegroundWindow
MonitorFromPoint
SetWindowTextW
IsWindowVisible
SetMenu
SetCursorPos
GetCursorPos
CheckMenuItem
RegisterHotKey
ShowCursor
ClipCursor
GetClipCursor
GetActiveWindow
ClientToScreen
SetForegroundWindow
MonitorFromRect
GetWindowLongPtrW
GetKeyState
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
GetKeyboardState
ReleaseCapture
SetCapture
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
GetMonitorInfoW
SetWindowPlacement
ChangeDisplaySettingsExW
IsProcessDPIAware
MonitorFromWindow
GetDC
PostThreadMessageW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
ShowWindow
PostQuitMessage
UnregisterHotKey
VkKeyScanW
DefWindowProcW
RegisterClassExW
RegisterRawInputDevices
DestroyIcon
DestroyAcceleratorTable
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
GetSystemMetrics
CloseClipboard
OpenClipboard
DestroyWindow
AllowSetForegroundWindow
SendInput
WaitForInputIdle
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowLongPtrW
CreateWindowExW
TranslateAcceleratorW
GetAncestor
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW

comctl32

TaskDialogIndirect
DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddEnglishCounterW
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter

shell32

SHGetKnownFolderPath
SHAppBarMessage
CommandLineToArgvW
SHCreateItemFromParsingName
DragQueryFileW
DragFinish
ShellExecuteW

ole32

OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoIncrementMTAUsage
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtSuspendProcess
NtReadFile
NtQueryInformationProcess
RtlGetVersion
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtQuerySystemInformation
NtCreateFile

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertFreeCertificateContext

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
QueryContextAttributesW
DecryptMessage
ApplyControlToken

psapi

GetModuleInformation
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
wcsncmp
wcslen
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
terminate
abort
_c_exit
_cexit
__p___argv
__p___argc
exit
_initterm_e
_configure_narrow_argv
strerror
signal
_set_invalid_parameter_handler
_initialize_narrow_environment
_get_initial_narrow_environment
_invoke_watson
_initterm
_exit

api-ms-win-crt-math-l1-1-0

trunc
round
__setusermatherr
ceil
pow
floor

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
_set_new_mode
malloc

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50.6MB - Virtual size: 50.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a37a90f94f175d56b5a1c17faf341b82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

dbghelp

advapi32

user32

comctl32

pdh

shell32

ole32

bcrypt

ntdll

crypt32

secur32

psapi

powrprof

uxtheme

gdi32

dwmapi

api-ms-win-core-winrt-l1-1-0

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 50.6MB - Virtual size: 50.6MB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 122KB - Virtual size: 122KB

.eh_fram Size: 512B - Virtual size: 88B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 50.6MB - Virtual size: 50.6MB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 122KB - Virtual size: 122KB

.eh_fram
Size: 512B - Virtual size: 88B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 45KB - Virtual size: 44KB