undertow[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

undertow.exe
Size

203KB
MD5

2ae795a2cfb22a87bebd713bef1ae78d
SHA1

52e9a119987808da541fefadad34fa25c1fc78f6
SHA256

7634559c1f31d02170001101a08597f37d49f99dbb6a9846739b8c50d12d6553
SHA512

59677b242d6d0a2f7b61f5c4ae0bdd563ff629abd3bded0c3055471e1baf88ae3faef4b54fc3ceaa8b85df6a22dadd4ac9d5f102560ae0538aeb4a5b9556a75d
SSDEEP

3072:ZAh4Zz+c4JDP9QqM1r+DF2onZyGHN8lM30sbrslHfL6Uc1lcB06UoL6R:zz+ccP8EpZLHNeM/nsFL6UX06Uo6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
undertow.exe

Files

undertow.exe
.exe windows x86

7c79a6c939917f4d3e5e71240b362de3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError
CreateThread
GetModuleFileNameA
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocalTime
GetSystemDirectoryA
GetWindowsDirectoryA
DeleteFileA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
CreateProcessA
WriteFile
FindClose
FindNextFileA
FindFirstFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
GetTempPathA
MultiByteToWideChar
WideCharToMultiByte
GetComputerNameA
CopyFileA
CreateDirectoryA
GetCurrentProcess
TerminateProcess
lstrcmpiA
OpenProcess
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
GetLocaleInfoA
GetVersionExA
GetLogicalDrives
TerminateThread
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
MoveFileA
GetCurrentProcessId
WaitForSingleObject
CreateMutexA
TransactNamedPipe
SetEndOfFile
InterlockedExchange
GetCurrentThreadId
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW

user32

GetClassNameA
EnumChildWindows
EnumWindows
SendMessageA

ws2_32

__WSAFDIsSet
accept
recv
send
WSAStartup
select
inet_addr
htons
connect
closesocket
WSACleanup
listen
bind
ioctlsocket
setsockopt
socket

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c79a6c939917f4d3e5e71240b362de3

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 26KB - Virtual size: 347KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 26KB - Virtual size: 347KB