spf[.]exe | Triage

Target

spf.exe
Size

74.3MB
MD5

080f818c1eee78a599b8402962ee5593
SHA1

e929908842d65b784a2b98041fd563447e085c94
SHA256

370abddcc90e3fe150dc4e57dcfc237a906cd328d209c9657fdd2db662285e28
SHA512

f6e2acdc25824381e4108ce5cf30360020f16f2d2810bc9d47bc83e02d80b090e0f5b1d3f5f0fbbf318bccf0850e967e98a1755b5a467b44c97d4bdbe7a8cc0a
SSDEEP

1572864:UCF/QoAcEwBtXTjLnyn7PmhM2QbnzdLaXqVa:s/uD/Ia0JLat

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spf.exe

Files

spf.exe
.exe windows:6 windows x64 arch:x64

8e92d95248c3211a089b8eed0376c097

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

DragQueryFileW

advapi32

LookupAccountNameW

ole32

CoCreateInstance

oleaut32

SysAllocString

comdlg32

GetSaveFileNameW

wininet

InternetReadFile

ws2_32

setsockopt

ntdll

RtlAdjustPrivilege

kernel32

GetVersionExW

user32

ReleaseDC

gdi32

EndDoc

winspool.drv

ord203

shlwapi

SHDeleteKeyW

iphlpapi

GetTcpTable

userenv

GetUserProfileDirectoryW

urlmon

URLDownloadToFileW

winmm

timeBeginPeriod

oleacc

LresultFromObject

comctl32

ImageList_DrawEx

imm32

ImmNotifyIME

usp10

ScriptItemize

bcrypt

BCryptOpenAlgorithmProvider

gdiplus

GdipCreatePathGradientFromPath

tbs

Tbsip_Context_Close

netapi32

NetUserAdd

rpcrt4

UuidFromStringA

setupapi

SetupDiGetDeviceRegistryPropertyA

slwga

SLIsGenuineLocal

secur32

LsaFreeReturnBuffer

crypt32

CryptQueryObject

version

GetFileVersionInfoSizeW

wldap32

ord200

Sections

.text
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sysc
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!kS
Size: - Virtual size: 40.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ms4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LAj
Size: 74.3MB - Virtual size: 74.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8e92d95248c3211a089b8eed0376c097

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

ole32

oleaut32

comdlg32

wininet

ws2_32

ntdll

kernel32

user32

gdi32

winspool.drv

shlwapi

iphlpapi

userenv

urlmon

winmm

oleacc

comctl32

imm32

usp10

bcrypt

gdiplus

tbs

netapi32

rpcrt4

setupapi

slwga

secur32

crypt32

version

wldap32

Sections

.text Size: - Virtual size: 10.8MB

.rdata Size: - Virtual size: 10.8MB

.data Size: - Virtual size: 12.5MB

.pdata Size: - Virtual size: 384KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.sysc Size: - Virtual size: 32B

.!kS Size: - Virtual size: 40.5MB

.ms4 Size: 2KB - Virtual size: 1KB

.LAj Size: 74.3MB - Virtual size: 74.3MB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: - Virtual size: 10.8MB

.rdata
Size: - Virtual size: 10.8MB

.data
Size: - Virtual size: 12.5MB

.pdata
Size: - Virtual size: 384KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.sysc
Size: - Virtual size: 32B

.!kS
Size: - Virtual size: 40.5MB

.ms4
Size: 2KB - Virtual size: 1KB

.LAj
Size: 74.3MB - Virtual size: 74.3MB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 268B