spf[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spf.exe
Size

75.2MB
MD5

45a8c6fbb0713fe68b9ff3be74b3f4a4
SHA1

5b9bf83fb7a1efb10f9d40a0a1a576790f6db9d1
SHA256

a637bb291dadd5042cab87499720f343e4be50e7c8816d90933f8a12455192a4
SHA512

40abfae527c4e7e9f962b86e6ed408b7bfbb7757930cda55d3e9c61dbf28e921824f57dac731c80ae14ec3341e44548533d3ddd48b8501899dda3bb72aa632e8
SSDEEP

1572864:zd4aMxNvUD+2hmpauxUlfeKJVOz7bR7t+aB4drq3BXyJpl:Gz1eOagUlfe0Ozr1GRl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spf.exe

Files

spf.exe
.exe windows:6 windows x64 arch:x64

fa82d1a0e8830a824e13405ebd4c205e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

DragQueryFileW

advapi32

LookupAccountNameW

ole32

CoTaskMemFree

oleaut32

VariantClear

comdlg32

GetSaveFileNameW

wininet

InternetErrorDlg

ws2_32

WSACreateEvent

ntdll

RtlVirtualUnwind

kernel32

GetVersionExW

user32

GetSysColor

gdi32

GetStockObject

winspool.drv

ord203

shlwapi

PathIsRelativeW

iphlpapi

GetTcpTable

userenv

GetUserProfileDirectoryW

urlmon

URLDownloadToFileW

winmm

timeEndPeriod

oleacc

AccessibleObjectFromWindow

comctl32

ImageList_GetIconSize

imm32

ImmNotifyIME

usp10

ScriptItemize

bcrypt

BCryptCloseAlgorithmProvider

gdiplus

GdipSetPathGradientPresetBlend

tbs

Tbsip_Context_Close

netapi32

NetUserAdd

rpcrt4

UuidFromStringA

setupapi

SetupDiEnumDeviceInterfaces

slwga

SLIsGenuineLocal

secur32

LsaGetLogonSessionData

crypt32

CertGetNameStringA

version

GetFileVersionInfoSizeW

wldap32

ord217

Sections

.text
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sysc
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.|)^
Size: - Virtual size: 41.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KZj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T3V
Size: 75.2MB - Virtual size: 75.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa82d1a0e8830a824e13405ebd4c205e

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

ole32

oleaut32

comdlg32

wininet

ws2_32

ntdll

kernel32

user32

gdi32

winspool.drv

shlwapi

iphlpapi

userenv

urlmon

winmm

oleacc

comctl32

imm32

usp10

bcrypt

gdiplus

tbs

netapi32

rpcrt4

setupapi

slwga

secur32

crypt32

version

wldap32

Sections

.text Size: - Virtual size: 10.8MB

.rdata Size: - Virtual size: 10.7MB

.data Size: - Virtual size: 12.5MB

.pdata Size: - Virtual size: 384KB

_RDATA Size: - Virtual size: 348B

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.sysc Size: - Virtual size: 32B

.|)^ Size: - Virtual size: 41.1MB

.KZj Size: 2KB - Virtual size: 1KB

.T3V Size: 75.2MB - Virtual size: 75.2MB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: - Virtual size: 10.8MB

.rdata
Size: - Virtual size: 10.7MB

.data
Size: - Virtual size: 12.5MB

.pdata
Size: - Virtual size: 384KB

_RDATA
Size: - Virtual size: 348B

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.sysc
Size: - Virtual size: 32B

.|)^
Size: - Virtual size: 41.1MB

.KZj
Size: 2KB - Virtual size: 1KB

.T3V
Size: 75.2MB - Virtual size: 75.2MB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 268B