shellter[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

shellter.exe
Size

728KB
MD5

c9263ac3ca9cac2944c905337a8611c0
SHA1

3d7ce2e4c493306e0c95893e4684203567e3dd66
SHA256

ad27f128e1f8f63ed9faf807334b5184099a1f8cb5c8354c29b6ed00a2c0f484
SHA512

71b21d4ca819e3d745fcf3a7fc685fa6461505c88aece61a6a685b4a7e9b036c8e09a338af77860bdf69d63d9eaa3df84e1984886822e1656902f61a7bd6939f
SSDEEP

12288:IWgzgpIKwZbfuu+rfH1fjZFfih7hVQVdxcrckNBo1kuioMBs0IdS0iZ+gMpkVC7U:IWgRKwZobH1fjZFfih7hVQVdxcrckNBF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
shellter.exe

Files

shellter.exe
.exe windows x86

a2914e661a1b8b385edf14c3d563354b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
ReadProcessMemory
GetProcAddress
LoadLibraryA
CloseHandle
GetTickCount
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
SetFilePointer
WaitForSingleObject
IsBadCodePtr
ReadFile
DeleteFileA
DebugActiveProcessStop
OpenProcess
GetExitCodeProcess
CreateProcessA
TerminateProcess
CopyFileA
SetConsoleTextAttribute
GetStdHandle
GetLastError
FreeLibrary
Sleep
SetConsoleCtrlHandler
GetModuleHandleA
CreateThread
GetThreadContext
SetThreadContext
OpenThread
ContinueDebugEvent
WaitForDebugEvent
WriteProcessMemory
SuspendThread
ResumeThread
SetConsoleScreenBufferSize
GetConsoleWindow
SetConsoleTitleA
GetConsoleScreenBufferInfo
SetConsoleWindowInfo
GetVersion
Thread32First
Thread32Next
CreateToolhelp32Snapshot
OpenEventA
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetConsoleMode
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
HeapAlloc
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetModuleFileNameW
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
FlushFileBuffers
GetConsoleCP

user32

GetWindowRect
GetDesktopWindow
SetWindowPos

imagehlp

ImageRvaToSection
ImageNtHeader
ImageRvaToVa
UnMapAndLoad
MapFileAndCheckSumA
ImageDirectoryEntryToData
MapAndLoad

ws2_32

inet_addr
WSAStartup
htons
WSACleanup

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2914e661a1b8b385edf14c3d563354b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imagehlp

ws2_32

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 260KB - Virtual size: 268KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 260KB - Virtual size: 268KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 48KB - Virtual size: 47KB