FoniHek[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FoniHek.exe
Size

2.1MB
MD5

508b7a180f00f26f38b1b4a3fbbc088a
SHA1

22332d8f94fcfadaa163e5ad53611f5cee36503f
SHA256

4b90300936afc6ecc07e2c3c5de01c918fd603daec5fc2aefe17b04188b30c68
SHA512

9fba5e47afe4498b087c7788d444913baeca92483430ee85031a4eb8e6254c5bc2f0a0b3309f2a3ca758d8a168211ce8b307891bab4993c445569fe0e9845605
SSDEEP

24576:xtYAIqystnPnUddW2BR9nE0AZSH6Uvm7n02uGKFCzf4Hh3SxxXJ12Oaj2QuITYc:xtVjysPUdVLtH6UvWn0I1cRTB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FoniHek.exe

Files

FoniHek.exe
.exe windows:6 windows x64 arch:x64

78d95432be7c35573d3b1c96c3189f89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\pc\Desktop\aa\vg\V G PRV\x64\Release\V G .pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenServiceA
StartServiceA
ControlService
ChangeServiceConfigA
DeleteService
OpenSCManagerA
CloseServiceHandle
CreateServiceA

kernel32

GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
WriteProcessMemory
VirtualProtectEx
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
GetCurrentDirectoryA
OpenProcess
GetLastError
DeleteFileA
CreateThread
GetConsoleWindow
SetConsoleTitleW
WriteFile
VirtualFreeEx
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualQueryEx
ReadProcessMemory
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
CreateFileW
CreateFileA
PeekNamedPipe
Sleep
ReadFile
VirtualAllocEx

user32

GetWindowLongW
MessageBoxW
GetSystemMetrics
GetClassNameA
DispatchMessageW
PeekMessageW
EnumWindows
TranslateMessage
SetForegroundWindow
IsIconic
GetWindowTextW
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
RegisterClassExW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetWindowDisplayAffinity
DefWindowProcW
FindWindowExW
GetWindowRect
SendInput
ShowWindow
MoveWindow
ReleaseCapture
GetCursorPos
CreateWindowExA
SetCursorPos
GetAsyncKeyState
UpdateWindow
SetWindowLongW
LoadCursorW
FindWindowW
LoadIconW
BringWindowToTop

msvcp140

?iword@ios_base@std@@QEAAAEAJH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xalloc@ios_base@std@@SAHXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_broadcast
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
_Query_perf_frequency
_Query_perf_counter
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Xtime_get_ticks
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory
D3DXCreateFontW

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
_CxxThrowException
memset
__C_specific_handler
memcpy
strstr
_purecall
__std_exception_copy
memmove
__std_exception_destroy
memcmp
memchr
__current_exception

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

_fileno
fputs
fclose
__p__commode
fgetc
fwrite
fgetpos
__stdio_common_vsprintf
setvbuf
ungetc
fsetpos
__stdio_common_vsprintf_s
fread
fopen_s
_isatty
fseek
_fseeki64
__stdio_common_vsscanf
_get_stream_buffer_pointers
ftell
fflush
_wfopen
fputc
_set_fmode
__stdio_common_vswprintf
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
_lock_file

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
system
exit
_wassert
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__p___argv
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
_beginthreadex

api-ms-win-crt-time-l1-1-0

asctime
_time64
_localtime64

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-string-l1-1-0

strncpy
_wcsicmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtol
atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

sinf
sin
ceilf
cos
pow
atanf
logf
log
sqrtf
fmodf
floorf
atan2f
cosf
__setusermatherr
sqrt
acosf
powf

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 451KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78d95432be7c35573d3b1c96c3189f89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcp140

dwmapi

d3d9

d3dx9_43

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 545KB - Virtual size: 545KB

.data Size: 451KB - Virtual size: 683KB

.pdata Size: 49KB - Virtual size: 48KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 545KB - Virtual size: 545KB

.data
Size: 451KB - Virtual size: 683KB

.pdata
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB