proxytunnel[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

proxytunnel.exe
Size

232KB
MD5

ae6678a2a451c7ab1d0dad6246543480
SHA1

73f948e0ebc54abb50b6ebdde96482a1f650f06a
SHA256

a89b170c6cab1fed54320513b0634e7f4e7f3243389ea8f95cbe07f90caa7021
SHA512

ea0fd7ac7902a6614e090916d79f46f27b652bfcd39716607326a9f1db9c412e917c8e99522aca693e16f3b5feb16fab88f832ad87fadf6b85da98a394989dc1
SSDEEP

3072:XLFZaaVg1Xco3POt7BOq+sHoNrQWSOiQ7EBSvpNOgVg0M5VwHo53Lxayen:XPaaVg1X33Gt7BOq+bJQ6Ayo53Lxayen

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
proxytunnel.exe

Files

proxytunnel.exe
.exe windows x64

65d8ec308bf47ae128333a30aabef4a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msys-crypto-1.1

ASN1_STRING_get0_data
MD4_Final
MD4_Init
MD4_Update
MD5_Final
MD5_Init
MD5_Update
OPENSSL_sk_num
OPENSSL_sk_value
X509_NAME_get_text_by_NID
X509_free
X509_get_ext_d2i
X509_get_subject_name
X509_verify_cert_error_string

msys-2.0

__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
__progname
_dll_crt0
_impure_ptr
abort
accept
atoi
bind
calloc
close
closelog
connect
cygwin_internal
dll_dllcrt0
environ
exit
fclose
fgets
fopen
fork
fprintf
fputs
free
freeaddrinfo
fwrite
gai_strerror
getaddrinfo
getenv
getopt_long
getpid
gettimeofday
inet_pton
kill
listen
malloc
memcpy
memset
msys_detach_dll
open
openlog
optarg
opterr
optind
optopt
perror
posix_memalign
printf
rand
read
realloc
select
setsockopt
sigaction
sigemptyset
signal
snprintf
socket
sprintf
sscanf
stat
strcmp
strdup
strerror
strlen
strncpy
strtok
syslog
tcgetattr
tcsetattr
tolower
toupper
vsnprintf
write

msys-ssl-1.1

OPENSSL_init_ssl
SSL_CTX_free
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_options
SSL_connect
SSL_ctrl
SSL_free
SSL_get_peer_certificate
SSL_get_rfd
SSL_get_verify_result
SSL_get_wfd
SSL_new
SSL_read
SSL_set_rfd
SSL_set_wfd
SSL_shutdown
SSL_write
TLS_client_method

kernel32

GetModuleHandleA
GetModuleHandleW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65d8ec308bf47ae128333a30aabef4a0

Headers

DLL Characteristics

File Characteristics

Imports

msys-crypto-1.1

msys-2.0

msys-ssl-1.1

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 9KB - Virtual size: 9KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 1024B - Virtual size: 756B

.xdata Size: 1024B - Virtual size: 872B

.bss Size: - Virtual size: 72KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 108B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 78KB - Virtual size: 77KB

/31 Size: 10KB - Virtual size: 9KB

/45 Size: 20KB - Virtual size: 20KB

/57 Size: 4KB - Virtual size: 4KB

/70 Size: 2KB - Virtual size: 1KB

/81 Size: 26KB - Virtual size: 25KB

/92 Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 9KB - Virtual size: 9KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 1024B - Virtual size: 756B

.xdata
Size: 1024B - Virtual size: 872B

.bss
Size: - Virtual size: 72KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 108B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 78KB - Virtual size: 77KB

/31
Size: 10KB - Virtual size: 9KB

/45
Size: 20KB - Virtual size: 20KB

/57
Size: 4KB - Virtual size: 4KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 26KB - Virtual size: 25KB

/92
Size: 2KB - Virtual size: 2KB