shellter[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

shellter.exe
Size

675KB
MD5

94a67f5f8de2e724a4a5210a5dab9449
SHA1

7f64422ac5dbb2ea4743839e939a3e92a66a3431
SHA256

ea07a52eca82b6383c7aa224652e55e0d1701f0779def736977ecadff819049c
SHA512

806764629de3fc0e97f1dcc2f7de1fe2f455fefa998ce8fdc349b49c8b56949ee5a3d152a33a34be2d2ce35049be4591987894c5d666d073248529af4c65b3e6
SSDEEP

12288:cn7kiIv3EiMgXE0SCsCRA8H1fjZFfih7hVQVdxcrckNBo1kuioMBs0IdS0iZ+gMQ:e70vTMeH1fjZFfih7hVQVdxcrckNBo1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
shellter.exe

Files

shellter.exe
.exe windows x86

dd077a3211f595c1fa93bfea9d6ab028

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
GetProcAddress
LoadLibraryA
CloseHandle
DeleteFileA
GetTickCount
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
CreateFileMappingW
SetFilePointer
IsBadCodePtr
ReadFile
DebugActiveProcessStop
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
TerminateProcess
CreateDirectoryA
CopyFileA
SetConsoleTextAttribute
FormatMessageA
GetStdHandle
FreeLibrary
WriteFile
SetConsoleCtrlHandler
GetModuleHandleA
CreateThread
GetThreadContext
SetThreadContext
ContinueDebugEvent
WaitForDebugEvent
WriteProcessMemory
SuspendThread
ResumeThread
SetConsoleScreenBufferSize
GetConsoleWindow
SetConsoleTitleA
GetConsoleScreenBufferInfo
SetConsoleWindowInfo
GetVersion
Thread32First
Thread32Next
OpenThread
CreateToolhelp32Snapshot
OpenEventA
CreateFileW
OutputDebugStringW
ReadConsoleW
CreateFileA
GetLastError
Sleep
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
RtlUnwind
HeapReAlloc
LoadLibraryExW
GetModuleHandleW
TlsFree
TlsSetValue
EncodePointer
DecodePointer
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
RaiseException
HeapAlloc
SetLastError
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

user32

SetWindowPos
GetDesktopWindow
GetWindowRect

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

imagehlp

ImageRvaToSection
ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa
UnMapAndLoad
MapFileAndCheckSumA
MapAndLoad

shlwapi

PathFindFileNameA

wininet

InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile

ws2_32

inet_addr
WSAStartup
WSACleanup
htons

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd077a3211f595c1fa93bfea9d6ab028

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

imagehlp

shlwapi

wininet

ws2_32

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 260KB - Virtual size: 268KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 260KB - Virtual size: 268KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 19KB - Virtual size: 19KB