freearcsfx[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

freearcsfx.exe
Size

1.7MB
MD5

72220172e87a908ba436a66fe6d80081
SHA1

0b2c0f02399d8d8084a81b8c4d345a09fe1daaf8
SHA256

619c7de0e4c2de565745aaf607ee51e7f8d77cf7407068ccc34a8876a66a40d8
SHA512

4fab56a5981a205b4627715148c3a37eff6a465f423a9275c8045b885adb9821f9cfafaae708e7e5338e6d450fcfd2acd4fc0c4e48684a28abf90676f1f3c14f
SSDEEP

24576:8uUt5bhirlhWPZoTCspxSTE30J6OHRKnadO/cKOwMUXQn6521h94Tke5VX5nKFOL:IhiHi6CsEeY6F/5Pq/hNbMcqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
freearcsfx.exe

Files

freearcsfx.exe
.exe windows:6 windows x64 arch:x64

b7524b47e69f48f7c579de157673484e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

freearcsfx.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

SwitchToThread
InitializeSListHead
GetQueuedCompletionStatusEx
SetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
GetEnvironmentVariableA
CreateIoCompletionPort
SetFileCompletionNotificationModes
HeapReAlloc
HeapFree
GetDiskFreeSpaceExW
GetConsoleMode
GetStdHandle
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
CompareStringOrdinal
GetEnvironmentVariableW
CreateThread
SetThreadStackGuarantee
ReadFileEx
SleepEx
WriteFileEx
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetTempPathW
GetModuleFileNameW
SetWaitableTimer
GetFileInformationByHandle
GetFileInformationByHandleEx
GetModuleHandleA
RtlVirtualUnwind
GetFullPathNameW
CreateDirectoryW
GetModuleHandleW
FormatMessageW
Sleep
CreateWaitableTimerExW
IsDebuggerPresent
UnhandledExceptionFilter
GetFileAttributesW
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
GetCurrentProcess
DuplicateHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
GetExitCodeProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateEventW
GetOverlappedResult
ReadFile
CancelIo
ExitProcess
HeapAlloc
GetProcessHeap
PostQueuedCompletionStatus
RtlLookupFunctionEntry
SetUnhandledExceptionFilter
LoadLibraryExA
RtlCaptureContext
GetSystemTimePreciseAsFileTime
SetFileInformationByHandle
SetHandleInformation
CloseHandle
FindClose
FindFirstFileW
CopyFileExW
GetLastError
FindNextFileW
GetProcAddress
GetSystemInfo
CreateFileW
CreateProcessW
IsProcessorFeaturePresent

user32

MonitorFromPoint
GetCursorPos
GetMonitorInfoA

crypt32

CertFreeCertificateContext
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertOpenStore

iphlpapi

IcmpSendEcho
IcmpCreateFile

ws2_32

ioctlsocket
connect
getsockopt
freeaddrinfo
closesocket
setsockopt
bind
WSAStartup
WSAGetLastError
WSAIoctl
send
recv
getaddrinfo
WSASend
getsockname
getpeername
WSACleanup
WSASocketW
InetPtonW
shutdown

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtWriteFile
NtCancelIoFileEx
NtReadFile
NtCreateFile

bcrypt

BCryptGenRandom

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

secur32

EncryptMessage
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
AcquireCredentialsHandleA
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken

oleaut32

SysStringLen
SysFreeString

vcruntime140

memcmp
__current_exception_context
__current_exception
memmove
memset
memcpy
__C_specific_handler

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_configure_narrow_argv
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_register_onexit_function
_exit
exit
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 1018KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7524b47e69f48f7c579de157673484e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

user32

crypt32

iphlpapi

ws2_32

ntdll

bcrypt

advapi32

secur32

oleaut32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1018KB - Virtual size: 1017KB

.rdata Size: 685KB - Virtual size: 684KB

.data Size: 512B - Virtual size: 784B

.pdata Size: 30KB - Virtual size: 29KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 1018KB - Virtual size: 1017KB

.rdata
Size: 685KB - Virtual size: 684KB

.data
Size: 512B - Virtual size: 784B

.pdata
Size: 30KB - Virtual size: 29KB

.reloc
Size: 15KB - Virtual size: 14KB