fasmw17332[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

fasmw17332.zip
Size

1.0MB
MD5

1a0ddaab2a21e8bd4a2ad13cd9229bec
SHA1

1d4c6f52ea13e99e6e365a3992e92ba67debfbe7
SHA256

eac24ab98abac142f75dd497561a952a0b528d5d73e43fb82bfd7edc3dfd1ab5
SHA512

81e032c38928cf53f4d9a154806893b5f1a3c2588b2007192d707927abc6e6e7257779992dc33af62b00e88c7385cb797e53c8ee1116d894e3619e5586c4ae76
SSDEEP

24576:wH6U3SlWjyvj0wFjrSmaLi6x5NcWrIcjnHfKv:Q6kIWYj0wFjrNoi45Ncwbj/W

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FASM.EXE
unpack001/FASMW.EXE

Files

fasmw17332.zip
.zip
EXAMPLES/DDRAW/DDRAW.ASM
EXAMPLES/DDRAW/DDRAW.GIF
EXAMPLES/DDRAW/DDRAW.INC
EXAMPLES/DDRAW/GIF87A.INC
EXAMPLES/DIALOG/DIALOG.ASM
EXAMPLES/DLL/ERRORMSG.ASM
EXAMPLES/DLL/LASTERR.ASM
EXAMPLES/HELLO/HELLO.ASM
EXAMPLES/MINIPAD/MINIPAD.ASM
EXAMPLES/MINIPAD/MINIPAD.ICO
EXAMPLES/MSCOFF/MSCOFF.ASM
EXAMPLES/OPENGL/OPENGL.ASM
EXAMPLES/OPENGL/OPENGL.INC
EXAMPLES/PEDEMO/PEDEMO.ASM
EXAMPLES/TEMPLATE/TEMPLATE.ASM
EXAMPLES/USECOM/USECOM.ASM
EXAMPLES/WIN64/DLL/MSGDEMO.ASM
EXAMPLES/WIN64/DLL/WRITEMSG.ASM
.vbs
EXAMPLES/WIN64/MANDEL/DDRAW64.INC
EXAMPLES/WIN64/MANDEL/MANDEL.ASM
EXAMPLES/WIN64/OPENGL/OPENGL.ASM
EXAMPLES/WIN64/PE64DEMO/PE64DEMO.ASM
EXAMPLES/WIN64/TEMPLATE/TEMPLATE.ASM
EXAMPLES/WIN64/USECOM/USECOM.ASM
EXAMPLES/WIN64/WIN64AVX/WIN64AVX.ASM
FASM.EXE
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 335B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FASM.pdf
.pdf
- http://014leswin32ax.inc
- http://014leswin32axp.inc
- http://015ags.Rulesfortheoperandsarethesameasfortheaddinstruction.bt
- http://015oatingpointvalues.pf
- http://110CHAPTER3.WINDOWSPROGRAMMING3.1BasicheadersThebasicheaderswin32a.inc
- http://134kernel32.inc
- http://134user32.inc
- http://134win1250.inc
- http://debug.inc
- http://first.inc
- http://macros.inc
- http://onlylowwordsofeachdoublewordinsourceoperandareused.pf
- http://second.inc
- http://start.inc
- http://thenumbershouldbeinrangefrom0to255.Theinterruptserviceroutineterminateswithaniretinstructionthatreturnscontroltotheinstructionthatfollowsint.int
- http://theoperandshouldbegeneralregisterormemory.Seealso1.2.5forsomemoredetails.jmp
- http://win32a.inc
- http://win32w.inc
- http://win32wx.inc
- http://win32wxp.inc
- Show all
FASMW.EXE
.exe windows:1 windows x86 arch:x86

74911ad33bf9beea87dedda80b3b9225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CloseHandle
lstrcmpiA
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
VirtualAlloc
VirtualFree
CreateThread
SetThreadPriority
TerminateThread
ExitThread
GetExitCodeThread
WaitForSingleObject
CreateMutexA
ReleaseMutex
CreateProcessA
GetEnvironmentVariableA
GetSystemTime
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
ExitProcess

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

RegisterClassA
CreateCaret
ShowCaret
SetCaretPos
DestroyCaret
BeginPaint
EndPaint
GetDC
GetUpdateRect
ReleaseDC
DrawTextA
FillRect
InvalidateRect
GetKeyboardState
ToAscii
GetScrollInfo
SetScrollInfo
SetCapture
ReleaseCapture
GetCursorPos
ClientToScreen
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
LoadCursorA
LoadIconA
LoadBitmapA
LoadMenuA
EnableMenuItem
CheckMenuItem
GetSubMenu
TrackPopupMenu
LoadAcceleratorsA
IsClipboardFormatAvailable
CharUpperA
wsprintfA
wvsprintfA
MessageBoxA
WinHelpA
DialogBoxParamA
GetDlgItem
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageA
EndDialog
FindWindowA
SetForegroundWindow
CreateWindowExA
DestroyWindow
GetWindowLongA
SetWindowLongA
DefWindowProcA
GetClientRect
GetWindowRect
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
ShowWindow
EnableWindow
UpdateWindow
SetFocus
GetSystemMetrics
GetSysColor
SendMessageA
GetMessageA
TranslateAccelerator
TranslateMessage
DispatchMessageA
PostMessageA
PostQuitMessage

gdi32

SetBkColor
SetTextColor
CreateSolidBrush
CreateFontA
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
GetObjectA
DeleteObject

comctl32

CreateStatusWindowA
ImageList_Create
ImageList_Add
ImageList_Destroy

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseFontA
ChooseColorA

shell32

DragAcceptFiles
DragQueryFile
DragFinish
ShellExecuteA

Sections

.data
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INCLUDE/API/ADVAPI32.INC
INCLUDE/API/COMCTL32.INC
INCLUDE/API/COMDLG32.INC
INCLUDE/API/GDI32.INC
INCLUDE/API/KERNEL32.INC
.vbs
INCLUDE/API/SHELL32.INC
INCLUDE/API/USER32.INC
INCLUDE/API/WSOCK32.INC
INCLUDE/ENCODING/UTF8.INC
.vbs
INCLUDE/ENCODING/WIN1250.INC
INCLUDE/ENCODING/WIN1251.INC
INCLUDE/ENCODING/WIN1252.INC
INCLUDE/ENCODING/WIN1253.INC
INCLUDE/ENCODING/WIN1254.INC
INCLUDE/ENCODING/WIN1255.INC
INCLUDE/ENCODING/WIN1256.INC
INCLUDE/ENCODING/WIN1257.INC
INCLUDE/ENCODING/WIN1258.INC
INCLUDE/ENCODING/WIN874.INC
INCLUDE/EQUATES/COMCTL32.INC
INCLUDE/EQUATES/COMCTL64.INC
INCLUDE/EQUATES/COMDLG32.INC
INCLUDE/EQUATES/COMDLG64.INC
INCLUDE/EQUATES/GDI32.INC
INCLUDE/EQUATES/GDI64.INC
INCLUDE/EQUATES/KERNEL32.INC
INCLUDE/EQUATES/KERNEL64.INC
INCLUDE/EQUATES/SHELL32.INC
INCLUDE/EQUATES/SHELL64.INC
INCLUDE/EQUATES/USER32.INC
INCLUDE/EQUATES/USER64.INC
INCLUDE/EQUATES/WSOCK32.INC
INCLUDE/MACRO/COM32.INC
.vbs
INCLUDE/MACRO/COM64.INC
INCLUDE/MACRO/EXPORT.INC
.vbs
INCLUDE/MACRO/IF.INC
.vbs
INCLUDE/MACRO/IMPORT32.INC
.vbs
INCLUDE/MACRO/IMPORT64.INC
.vbs
INCLUDE/MACRO/MASM.INC
INCLUDE/MACRO/PROC32.INC
.vbs
INCLUDE/MACRO/PROC64.INC
.vbs
INCLUDE/MACRO/RESOURCE.INC
.vbs
INCLUDE/MACRO/STRUCT.INC
.vbs
INCLUDE/PCOUNT/ADVAPI32.INC
INCLUDE/PCOUNT/COMCTL32.INC
INCLUDE/PCOUNT/COMDLG32.INC
INCLUDE/PCOUNT/GDI32.INC
INCLUDE/PCOUNT/KERNEL32.INC
INCLUDE/PCOUNT/SHELL32.INC
INCLUDE/PCOUNT/USER32.INC
INCLUDE/PCOUNT/WSOCK32.INC
INCLUDE/WIN32A.INC
INCLUDE/WIN32AX.INC
.vbs
INCLUDE/WIN32AXP.INC
.vbs
INCLUDE/WIN32W.INC
INCLUDE/WIN32WX.INC
.vbs
INCLUDE/WIN32WXP.INC
.vbs
INCLUDE/WIN64A.INC
INCLUDE/WIN64AX.INC
.vbs
INCLUDE/WIN64AXP.INC
.vbs
INCLUDE/WIN64W.INC
INCLUDE/WIN64WX.INC
.vbs
INCLUDE/WIN64WXP.INC
.vbs
LICENSE.TXT
SOURCE/ASSEMBLE.INC
SOURCE/AVX.INC
SOURCE/DOS/DPMI.INC
SOURCE/DOS/FASM.ASM
.vbs
SOURCE/DOS/MODES.INC
.vbs
SOURCE/DOS/SYSTEM.INC
.vbs
SOURCE/ERRORS.INC
SOURCE/EXPRCALC.INC
SOURCE/EXPRPARS.INC
SOURCE/FORMATS.INC
SOURCE/IDE/BLOCKS.INC
SOURCE/IDE/EDIT.INC
SOURCE/IDE/FASMD/FASMD.ASM
SOURCE/IDE/FASMW/FASM.INC
SOURCE/IDE/FASMW/FASMW.ASM
SOURCE/IDE/FASMW/FEDIT.ASH
SOURCE/IDE/FASMW/FEDIT.INC
.vbs
SOURCE/IDE/FASMW/RESOURCE/ASSIGN.BMP
SOURCE/IDE/FASMW/RESOURCE/FASMW.ICO
SOURCE/IDE/MEMORY.INC
SOURCE/IDE/NAVIGATE.INC
SOURCE/IDE/SEARCH.INC
SOURCE/IDE/UNDO.INC
SOURCE/IDE/VARIABLE.INC
SOURCE/IDE/VERSION.INC
SOURCE/LIBC/FASM.ASM
.vbs
SOURCE/LIBC/SYSTEM.INC
SOURCE/LINUX/FASM.ASM
SOURCE/LINUX/SYSTEM.INC
SOURCE/LINUX/X64/FASM.ASM
SOURCE/LINUX/X64/MODES.INC
.vbs
SOURCE/LINUX/X64/SYSTEM.INC
SOURCE/MESSAGES.INC
SOURCE/PARSER.INC
SOURCE/PREPROCE.INC
SOURCE/SYMBDUMP.INC
SOURCE/TABLES.INC
SOURCE/VARIABLE.INC
SOURCE/VERSION.INC
SOURCE/WIN32/FASM.ASM
SOURCE/WIN32/SYSTEM.INC
SOURCE/X86_64.INC
TOOLS/DOS/LISTING.ASM
TOOLS/DOS/LOADER.INC
TOOLS/DOS/PREPSRC.ASM
TOOLS/DOS/SYMBOLS.ASM
TOOLS/DOS/SYSTEM.INC
TOOLS/FAS.TXT
TOOLS/LIBC/CCALL.INC
.vbs
TOOLS/LIBC/LISTING.ASM
TOOLS/LIBC/PREPSRC.ASM
TOOLS/LIBC/SYMBOLS.ASM
TOOLS/LIBC/SYSTEM.INC
TOOLS/LISTING.INC
TOOLS/PREPSRC.INC
TOOLS/README.TXT
TOOLS/SYMBOLS.INC
TOOLS/WIN32/LISTING.ASM
TOOLS/WIN32/PREPSRC.ASM
TOOLS/WIN32/SYMBOLS.ASM
TOOLS/WIN32/SYSTEM.INC
WHATSNEW.TXT
.vbs

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 104KB - Virtual size: 104KB

.data Size: 512B - Virtual size: 29KB

.idata Size: 512B - Virtual size: 335B

.reloc Size: 8KB - Virtual size: 7KB

74911ad33bf9beea87dedda80b3b9225

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

comctl32

comdlg32

shell32

Sections

.data Size: 1KB - Virtual size: 46KB

.text Size: 141KB - Virtual size: 140KB

.bss Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 104KB

.data
Size: 512B - Virtual size: 29KB

.idata
Size: 512B - Virtual size: 335B

.reloc
Size: 8KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 46KB

.text
Size: 141KB - Virtual size: 140KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 8KB