FonyHack[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FonyHack.exe
Size

2.5MB
MD5

786ee43b1a7d5b910ef56107b2cf1b62
SHA1

c77e9f12481d752bf7db110b59f2e67903718704
SHA256

f5aaaa2f07462aa5396463f1b456932fe174f94c4c9ad629bdf733e07be4c380
SHA512

a55ef94ee62c45303a7375961b5cb28dc6a7b220a964bc2e417bad320046448498b68b0dc42bc4cfe8ccd1fdf156b57f5fc748e58134d18e328394d89341d171
SSDEEP

24576:PbIHXURSU2zN2I7wWfAaSCVtzsdqXNMTqd0r8lvH0ir6Uvm7nP2uGKF7eNL4HUmN:zI3l7YI7Xrtl2MC8l3r6UvGnPFccRPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FonyHack.exe

Files

FonyHack.exe
.exe windows:6 windows x64 arch:x64

71760e1d78a8a0eb6d544c02e7b2c1d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\pc\Desktop\vg\V G PRV\x64\Release\V G .pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenServiceA
StartServiceA
ControlService
ChangeServiceConfigA
DeleteService
OpenSCManagerA
CloseServiceHandle
CreateServiceA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

Process32FirstW
VirtualQueryEx
WakeAllConditionVariable
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
VirtualProtectEx
WriteProcessMemory
CreateToolhelp32Snapshot
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
VirtualFreeEx
ReadProcessMemory
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
GetModuleHandleA
SetLastError
FormatMessageA
EnterCriticalSection
VirtualAllocEx
SetConsoleTitleW
GetConsoleWindow
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
CreateThread
DeleteFileA
CreateFileA
OpenProcess
GetCurrentDirectoryA
GetStdHandle
SetConsoleTextAttribute
SleepConditionVariableSRW
GetConsoleScreenBufferInfo
QueryPerformanceCounter
WaitForMultipleObjects
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
Process32NextW
Sleep
FreeLibrary
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection

user32

CreateWindowExA
MoveWindow
ShowWindow
BringWindowToTop
LoadIconW
FindWindowExW
DefWindowProcW
FindWindowW
LoadCursorW
SetWindowLongW
UpdateWindow
GetAsyncKeyState
SetCursorPos
GetWindowRect
SendInput
RegisterClassExW
SetWindowDisplayAffinity
GetWindowLongW
MessageBoxW
GetSystemMetrics
GetClassNameA
DispatchMessageW
PeekMessageW
EnumWindows
TranslateMessage
SetForegroundWindow
IsIconic
GetWindowTextW
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Xtime_get_ticks
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Cnd_broadcast
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?iword@ios_base@std@@QEAAAEAJH@Z
?xalloc@ios_base@std@@SAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_counter
_Query_perf_frequency
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateFontW
D3DXCreateTextureFromFileInMemory

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
_purecall
strstr
strchr
_CxxThrowException
memchr
memcmp
memcpy
memmove
memset
__current_exception_context
__current_exception
__C_specific_handler
strrchr

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
realloc
calloc
malloc

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vsscanf
_lseeki64
__stdio_common_vsprintf
_open
fopen_s
_set_fmode
__stdio_common_vsprintf_s
fgets
fseek
_wfopen
_close
fopen
_write
fputc
ftell
fflush
fclose
__p__commode
fgetc
_read
_isatty
__stdio_common_vswprintf
__stdio_common_vfprintf
__acrt_iob_func
_get_stream_buffer_pointers
_fileno
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
feof

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlink
_fstat64
_unlock_file
_stat64
_lock_file
_access

api-ms-win-crt-runtime-l1-1-0

_getpid
_configure_narrow_argv
_initialize_narrow_environment
strerror
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_wassert
_beginthreadex
system
terminate
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
exit
_exit
__p___argc
__p___argv
_c_exit
__sys_nerr

api-ms-win-crt-time-l1-1-0

asctime
_time64
_gmtime64
_localtime64

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-string-l1-1-0

strpbrk
strcmp
strcpy_s
strcspn
tolower
_wcsicmp
isupper
strncpy
strspn
strncmp
_strdup

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtoul
strtol
atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

fmodf
__setusermatherr
sqrtf
cos
ceilf
atanf
atan2f
floorf
logf
pow
powf
sin
sinf
log
cosf
sqrt
acosf

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

normaliz

IdnToAscii

ws2_32

gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
ntohl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
WSAIoctl
closesocket

wldap32

ord41
ord50
ord45
ord60
ord211
ord46
ord22
ord143
ord32
ord33
ord35
ord79
ord30
ord301
ord26
ord217
ord200
ord27

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 605KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 451KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71760e1d78a8a0eb6d544c02e7b2c1d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcp140

dwmapi

d3d9

d3dx9_43

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

normaliz

ws2_32

wldap32

crypt32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 605KB - Virtual size: 604KB

.data Size: 451KB - Virtual size: 684KB

.pdata Size: 60KB - Virtual size: 60KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 605KB - Virtual size: 604KB

.data
Size: 451KB - Virtual size: 684KB

.pdata
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 2KB