FDinst[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FDinst.exe
Size

214KB
MD5

42922bcf30950c50f1aec1c7e1b3acf3
SHA1

4fe94817f1a758e164f7685c1f57420654431796
SHA256

e04b3ffd271a005e10a30e0744d1202e0a4910579975aad8128b53ae5b4e126a
SHA512

0e935a7ddc30d724612d5155ea10b79bcf068f7ddfdb78ca50abdd1f2f313203175589671abf882c40bf7db2e33fea565bedb68abe375ccd96f4fa3d95254d9e
SSDEEP

3072:saF6FISxuJ8JJU4CNKnJEv0OhUwoL7HmJZ6X5OOuuC7nOsGhv+UgECS6E5hyCGIp:VOMXdKJvwoL7GL6XiugG+mhXDyjkoqmi

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
FDinst.exe
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/FtpDrive.dll.new
unpack001/FtpDrive.exe.new
unpack001/Res/English.dll.new
unpack001/Res/Russian.dll.new
unpack001/killme.exe
unpack001/nvftpdrv.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/killme.exe	nsis_installer_1

Files

FDinst.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FTPDrive_eng.htm
.html
FTPDrive_rus.htm
.html
FtpDrive.dll.new
.dll windows:4 windows x86 arch:x86

af9772cedec20aaa436461024c2238d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwNotifyChangeDirectoryFile
ZwQueryVolumeInformationFile
ZwSetVolumeInformationFile
ZwDeleteFile
LdrLoadDll
wcsncpy
wcsstr
ZwClose
ZwSetEaFile
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwQueryInformationFile
ZwCancelIoFile
ZwLockFile
ZwUnlockFile
ZwQueryEaFile
ZwQueryFullAttributesFile
ZwQueryAttributesFile
ZwSetInformationFile
ZwQueryDirectoryFile
ZwCreateFile
ZwDuplicateObject
ZwFsControlFile
ZwDeviceIoControlFile
ZwSetEvent
wcscpy
strncpy
memmove
wcscat
wcslen
ZwQueryInformationProcess
ZwCreateEvent
ZwWaitForSingleObject
_allmul
ZwOpenMutant
towupper
_chkstk
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
RtlUnwind
ZwFlushBuffersFile
_itow
_wcsicmp
_memicmp
_wcslwr

kernel32

MapViewOfFile
VirtualProtect
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
OpenProcess
GetCurrentProcess
SetProcessWorkingSetSize
VirtualAlloc
VirtualFree
GetEnvironmentVariableW
SetEnvironmentVariableW
GetTickCount
GetCurrentThreadId
SuspendThread
ResumeThread
CreateProcessA
CreateProcessW
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetWindowsDirectoryW
GetCurrentDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
CreateFileW
GetFileSize
GetCurrentProcessId
GetModuleFileNameW
SetCurrentDirectoryW
SetErrorMode
LoadLibraryW
Sleep
InterlockedExchange
DeleteFileW
CopyFileExW
GetCurrentDirectoryW
MoveFileWithProgressW
InterlockedIncrement
TlsSetValue
TlsGetValue
InterlockedDecrement
SetLastError
GetLastError
GetModuleHandleW
GetProcAddress
TlsFree
TlsAlloc
CloseHandle
UnmapViewOfFile
CreateFileMappingW

user32

wsprintfW
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx

advapi32

RegSetValueExW
CreateProcessAsUserA
CreateProcessAsUserW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegCloseKey

msvcrt

_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc
free
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv

Exports

Exports

_CallMe@8

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 512B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FtpDrive.exe.new
.exe windows:4 windows x86 arch:x86

892037cbaa120485cb9f0fecbc522215

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
wcsrchr
_allshr
_chkstk
toupper
strstr
tolower
isspace
ZwSetInformationFile
_allmul
_alldiv
_allrem
wcsncpy
_atoi64
wcscmp
memchr
isdigit
atoi
_vsnprintf
sprintf
_aulldiv
wcscpy
wcscat
ZwOpenMutant
ZwCreateMutant
strncpy
memmove
_snwprintf
ZwWaitForSingleObject
ZwSetEvent
ZwClose
_stricmp
_wcsicmp
_strnicmp
ZwCreateEvent
wcslen

comctl32

ord17

kernel32

GetFileSize
GetWindowsDirectoryW
SetFilePointer
OpenEventW
GetCurrentProcess
GetModuleHandleA
ReleaseMutex
CreateMutexW
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
GlobalFree
GlobalAlloc
CreateFileW
GetSystemTime
GetEnvironmentVariableW
GetLongPathNameW
CreateDirectoryW
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
DefineDosDeviceW
GetStartupInfoA
CloseHandle
GetProcAddress
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
Sleep
InterlockedExchange
GetCurrentProcessId
GetVersion
ExitProcess
TerminateThread
GetCommandLineW
GetModuleFileNameW
WriteFile
ReadFile
LoadLibraryW
GetTickCount
WaitForSingleObject
OpenProcess
SetThreadPriority
GetCurrentThread
DisconnectNamedPipe
FlushFileBuffers
GetLastError
ConnectNamedPipe
CreateNamedPipeW
LoadLibraryExW
FreeLibrary
GetLocalTime
SystemTimeToFileTime
LocalFree
FormatMessageA
CreateEventW
SetEvent
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
RemoveDirectoryW
GetFileAttributesW

user32

SetWindowLongW
GetDlgItemTextW
IsDlgButtonChecked
EndDialog
GetWindowLongW
EnableWindow
ShowWindow
SetWindowPos
CreateDialogParamW
DialogBoxParamW
GetScrollInfo
SetDlgItemInt
GetThreadDesktop
SetWindowTextW
GetDlgItemInt
LoadIconW
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
CloseDesktop
EnumDesktopWindows
OpenDesktopW
GetProcessWindowStation
EnumDesktopsW
DestroyMenu
PostThreadMessageW
TrackPopupMenu
CheckDlgButton
SetForegroundWindow
SetMenuDefaultItem
EnableMenuItem
GetSubMenu
LoadMenuW
EnumWindows
GetForegroundWindow
OpenInputDesktop
DefWindowProcW
UnregisterHotKey
RegisterHotKey
DestroyWindow
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
MsgWaitForMultipleObjects
PeekMessageW
GetUserObjectInformationW
RegisterClassW
CharLowerW
LoadStringW
MessageBoxW
FindWindowW
PostMessageW
wsprintfW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
GetCursorPos
SendMessageW
SetThreadDesktop

advapi32

AdjustTokenPrivileges
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegSetValueExW

shell32

Shell_NotifyIconW

ws2_32

select
connect
htons
ioctlsocket
WSAGetLastError
socket
closesocket
shutdown
setsockopt
listen
bind
ntohs
accept
recv
send
getsockname
getpeername
inet_addr
WSAStartup
inet_ntoa
gethostbyname
getsockopt

msvcrt

??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_CxxThrowException
??1exception@@UAE@XZ
_purecall
_beginthread
_beginthreadex
free
malloc
_itow
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__CxxFrameHandler

shlwapi

SHDeleteKeyW
PathMatchSpecW

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FtpServList.txt
History_ENG.txt
History_RUS.txt
License.txt
Res/English.dll.new
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Res/Russian.dll.new
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
killme.exe
.exe windows:4 windows x86 arch:x86

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

kernel32

ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
WaitForSingleObject
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
GlobalFree
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
SetFilePointer
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
lstrcpynA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nvftpdrv.dll
.dll windows:4 windows x86 arch:x86

3e1e64098483d74764d27f0e66343278

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
DeleteFileA
CloseHandle
WaitForSingleObject
CreateProcessA
Sleep
InterlockedExchange
WriteFile
CreateFileA
GetFileSize
ReadFile
GetCurrentThreadId

user32

MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
DestroyIcon

shlwapi

SHGetValueA

msvcrt

??2@YAPAXI@Z
__CxxFrameHandler
_EH_prolog
sprintf
free
strlen
realloc
strcpy
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strncpy
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy
memmove
memset
_purecall
malloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

Exports

Exports

NVPluginConfig
NVPluginGetInfo
NVPluginGo

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cf4252ebbb4f173d97a6ef4f79a60b5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 20KB

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

af9772cedec20aaa436461024c2238d3

Headers

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 1KB - Virtual size: 2KB

.share Size: 512B - Virtual size: 14B

.reloc Size: 6KB - Virtual size: 6KB

892037cbaa120485cb9f0fecbc522215

Headers

File Characteristics

Imports

ntdll

comctl32

kernel32

user32

advapi32

shell32

ws2_32

msvcrt

shlwapi

Sections

.text Size: 237KB - Virtual size: 236KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 11KB - Virtual size: 12KB

.rsrc Size: 11KB - Virtual size: 10KB

Headers

File Characteristics

Sections

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 1KB - Virtual size: 2KB

.share
Size: 512B - Virtual size: 14B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 237KB - Virtual size: 236KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 910B