spf[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

spf.exe
Size

92.8MB
MD5

90b6f7548041c7bc7544cb8639beecb5
SHA1

a31fff67409ee1babe4876f77a17c866762a7fbc
SHA256

ed9a7ff6e6bc2cc42bd856a288c04b2e353e5f0542f6d6389097afb4fcaca9e6
SHA512

56e8d9ad782733277a0c2564cab40f830245cce69dc751e8f53399fc41ecfe5423a1f054aef223758da967b126241e634ea8af6fbe2cb160ca27c51d6a924f47
SSDEEP

1572864:n5fI9tOXCWdgpb17D+SUCnpZIRxupEfi/+AbjCrzvJwQipn4avCiXk:5fIDCq7SSUCnpZISplvbjUipXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spf.exe

Files

spf.exe
.exe windows:6 windows x64 arch:x64

59a1e6e766ff32de58837287f2d3ff39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetFileInfoW

advapi32

LookupAccountNameW

ole32

CoInitializeSecurity

oleaut32

SafeArrayGetLBound

comdlg32

GetSaveFileNameW

wininet

InternetConnectA

ws2_32

WSAResetEvent

ntdll

RtlLookupFunctionEntry

kernel32

GetVersionExW

user32

GetScrollInfo

gdi32

GetStockObject

winspool.drv

ord203

shlwapi

PathIsRelativeW

iphlpapi

GetTcpTable

userenv

GetUserProfileDirectoryW

winmm

timeKillEvent

oleacc

AccessibleObjectFromWindow

comctl32

ImageList_DrawEx

imm32

ImmNotifyIME

usp10

ScriptFreeCache

bcrypt

BCryptOpenAlgorithmProvider

gdiplus

GdipGetImageWidth

tbs

Tbsip_Context_Close

netapi32

NetUserAdd

rpcrt4

UuidFromStringA

setupapi

SetupDiDestroyDeviceInfoList

slwga

SLIsGenuineLocal

secur32

LsaFreeReturnBuffer

crypt32

CryptQueryObject

version

GetFileVersionInfoW

wldap32

ord200

Sections

.text
Size: - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sysc
Size: - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QPm
Size: - Virtual size: 51.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.D/d
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bma
Size: 92.8MB - Virtual size: 92.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a1e6e766ff32de58837287f2d3ff39

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

ole32

oleaut32

comdlg32

wininet

ws2_32

ntdll

kernel32

user32

gdi32

winspool.drv

shlwapi

iphlpapi

userenv

winmm

oleacc

comctl32

imm32

usp10

bcrypt

gdiplus

tbs

netapi32

rpcrt4

setupapi

slwga

secur32

crypt32

version

wldap32

Sections

.text Size: - Virtual size: 10.9MB

.rdata Size: - Virtual size: 10.7MB

.data Size: - Virtual size: 12.5MB

.pdata Size: - Virtual size: 389KB

_RDATA Size: - Virtual size: 348B

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.sysc Size: - Virtual size: 104B

.QPm Size: - Virtual size: 51.5MB

.D/d Size: 2KB - Virtual size: 1KB

.bma Size: 92.8MB - Virtual size: 92.8MB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: - Virtual size: 10.9MB

.rdata
Size: - Virtual size: 10.7MB

.data
Size: - Virtual size: 12.5MB

.pdata
Size: - Virtual size: 389KB

_RDATA
Size: - Virtual size: 348B

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.sysc
Size: - Virtual size: 104B

.QPm
Size: - Virtual size: 51.5MB

.D/d
Size: 2KB - Virtual size: 1KB

.bma
Size: 92.8MB - Virtual size: 92.8MB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 292B