SocksOverRDP-Server[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SocksOverRDP-Server.exe
Size

30KB
MD5

caf3898d0cfa91ca3acc43b620bb0ed2
SHA1

b9cd9c0543aa87bbab058fd2e43517aa979c5667
SHA256

b79ddc740305a1b41657cc51bc47895a3849cbe5ae127ed6785883de23177760
SHA512

e2fade0d742860ee07f83411d5ec4197eee3efcb9ab106c25cca98d60832385218f9da66d47872abc56e3abf0ef91649d0836af87599d224c4dde89cca29347d
SSDEEP

384:4H6RfgUrAum6Bgcr0gLQMf65QlTKr9L9TbFzwPjogpFZJcvLkNSkqvcSdxciTi82:4kIzudBgqQv8Or9LVbFzwhMQxqvMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SocksOverRDP-Server.exe

Files

SocksOverRDP-Server.exe
.exe windows x64

ba3a57e37c51f0afeba5616a739467a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
WriteFile
WaitForMultipleObjects
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
GetLastError
CloseHandle
GetOverlappedResult
SetConsoleCtrlHandler
GetCurrentProcess
CreateMutexW
DuplicateHandle
CreateFileA
SetEvent
CreateThread
CreateMailslotA
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcessId
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ws2_32

WSAResetEvent
getaddrinfo
WSACreateEvent
WSACloseEvent
shutdown
WSAStartup
WSASend
socket
connect
WSAWaitForMultipleEvents
recv
inet_ntop
WSAEnumNetworkEvents
htons
WSAGetOverlappedResult
WSAGetLastError
WSAEventSelect

wtsapi32

WTSFreeMemory
WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSVirtualChannelOpenEx

vcruntime140

memset
__C_specific_handler
memmove
memcpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vfwprintf
_set_fmode
__stdio_common_vfprintf
__p__commode

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_cexit
__p___wargv
_invalid_parameter_noinfo
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_errno
__p___argc
_seh_filter_exe
exit
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcsncmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba3a57e37c51f0afeba5616a739467a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

wtsapi32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 804B

.gfids Size: 512B - Virtual size: 28B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 40B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 804B

.gfids
Size: 512B - Virtual size: 28B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 40B