7zFM[.]exe | Triage

Resubmissions

02-10-2024 16:33

241002-t2z5kawekn 3

02-10-2024 15:57

241002-tdw31aybrg 3

Sharing

Copy URL

Twitter E-mail

General

Target

7zFM.exe
Size

960KB
MD5

b161d842906239bf2f32ad158bea57f1
SHA1

4a125d6cbeae9658e862c637aba8f8b9f3bf5cf7
SHA256

3345c48505e0906f1352499ba7cbd439ac0c509a33f04c7d678e2c960c8b9f03
SHA512

0d14c75c8e80af8246ddf122052190f5ffb1f81ffd5b752990747b7efcb566b49842219d9b26df9dbe267c9a3876d7b60158c9f08d295d0926b60dbbebc1fa3c
SSDEEP

12288:gZlWykcluMc8zJBiYW8MU6QhHGeeNROheN4rQXJaDwiEuRZYgD+qQj6air/:g3nkc/riYW8MUL0NUcWzQkr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7zFM.exe

Files

7zFM.exe
.exe windows:4 windows x64 arch:x64

c8af20cb4a0bf0547ae95ec92395be6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
PropertySheetW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

gdi32

DeleteObject

oleaut32

SysStringByteLen
SysAllocString
VariantCopy
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString

ole32

CoUninitialize
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize
DoDragDrop
CoCreateInstance
CoInitialize

user32

SetDlgItemTextW
CharUpperW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetMenuItemInfoW
SetMenuItemInfoW
InsertMenuItemW
LoadStringW
RegisterClipboardFormatW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetParent
GetWindowRect
ScreenToClient
MoveWindow
ShowWindow
SetWindowLongPtrW
GetWindowLongPtrW
GetDlgItem
MapDialogRect
SystemParametersInfoW
GetMonitorInfoA
MonitorFromWindow
GetDialogBaseUnits
DestroyIcon
KillTimer
GetMenuItemCount
GetCursorPos
ChildWindowFromPointEx
WindowFromPoint
IsWindowEnabled
MapVirtualKeyW
SetTimer
UpdateWindow
GetMenu
LoadMenuW
SetMenu
DrawMenuBar
EnableMenuItem
CheckMenuItem
CheckMenuRadioItem
RemoveMenu
GetSubMenu
SendDlgItemMessageW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
ReleaseCapture
SetCapture
GetCapture
GetClientRect
PostQuitMessage
GetWindowPlacement
SetWindowPlacement
SetCursor
ClientToScreen
TrackPopupMenuEx
AppendMenuW
GetFocus
IsZoomed
GetKeyState
PostMessageW
InvalidateRect
EndDialog
EnableWindow
SetFocus
DestroyWindow
SetWindowTextW
LoadBitmapW
DestroyMenu
CreatePopupMenu
MessageBoxW
GetClassInfoW
LoadCursorW
RegisterClassW
DefWindowProcW
CallWindowProcW
CreateWindowExW
DialogBoxParamW

advapi32

LsaAddAccountRights
LookupAccountNameW
LsaOpenPolicy
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyExW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
LsaClose

shell32

ExtractIconExW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW
SHFileOperationW
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_purecall
memcmp
strlen
wcslen
memset
srand
free
_XcptFilter
malloc
memcpy
_CxxThrowException
__CxxFrameHandler
memmove
strcmp
wcscmp
wcsstr
rand

kernel32

ExpandEnvironmentStringsW
SetPriorityClass
Sleep
OpenProcess
GetModuleHandleA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDefaultLangID
GetUserDefaultLangID
MoveFileWithProgressW
CopyFileExW
GetCompressedFileSizeW
FindNextChangeNotification
GetCommandLineW
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatusEx
GlobalSize
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateProcessW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetLargePageMinimum
GlobalFree
GlobalAlloc
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileAttributesW
FindNextStreamW
VirtualAlloc
FindNextFileW
FindFirstFileW
FindClose
GetStdHandle
GetFileInformationByHandle
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetTempPathW
GetCurrentDirectoryW
DeleteFileW
CreateDirectoryW
CreateHardLinkW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
GetWindowsDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
GlobalUnlock
GlobalLock
GetProcessHeap
HeapAlloc
HeapFree
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
WideCharToMultiByte
MultiByteToWideChar
SetEvent
InitializeCriticalSection
LoadLibraryA
LocalAlloc
RaiseException
GetStartupInfoA
QueryPerformanceCounter
TerminateProcess
FindFirstStreamW
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetLastError
GetTickCount
RtlCaptureContext

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c8af20cb4a0bf0547ae95ec92395be6e

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

gdi32

oleaut32

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 620KB - Virtual size: 619KB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 56KB - Virtual size: 55KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 620KB - Virtual size: 619KB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 6KB - Virtual size: 5KB