socat[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

socat.exe
Size

322KB
MD5

7926502f616b789b45a84ec5ac0b8e44
SHA1

8066eff4e8c2e33380ad940712bdb53ce78a49bb
SHA256

7bdd4680dd8f4ef2a4e7a2cc36cb6aae910528b239fc43c5ffa42bd41af4ebdd
SHA512

d65efa55d2fba25b33db32f4727cd0fc7d422d6b4dbe60c2da7475cb23eb55e1e61557d80a7bd751b07b88e066f07cf2a38163ead8f461fa9ca63344f45eb9d8
SSDEEP

6144:dPdElwaKOAXVTi6cuQSy19YQGQuWIS9cQmO:pdElwrY0+YQGQuWIa5mO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
socat.exe

Files

socat.exe
.exe windows x86

d5ef43c81f9937c87c853a7a6283a77b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypto-1.0.0

ASN1_STRING_data
ASN1_STRING_to_UTF8
BIO_ctrl
BIO_free
BIO_new
BIO_new_file
BIO_s_mem
BN_bin2bn
CRYPTO_free
DH_free
DH_new
ERR_error_string
ERR_error_string_n
ERR_func_error_string
ERR_get_error
ERR_lib_error_string
ERR_peek_error
ERR_reason_error_string
OBJ_nid2ln
OBJ_nid2sn
OBJ_obj2nid
OPENSSL_add_all_algorithms_noconf
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
PEM_read_bio_DHparams
RAND_egd
RAND_seed
RAND_status
X509V3_EXT_get
X509_EXTENSION_get_object
X509_NAME_ENTRY_get_data
X509_NAME_ENTRY_get_object
X509_NAME_entry_count
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_free
X509_get_ext
X509_get_ext_count
X509_get_ext_d2i
X509_get_issuer_name
X509_get_subject_name
sk_num
sk_value

cygwin1

__assert_func
__ctype_ptr__
__cxa_atexit
__errno
__getreent
__main
__res_init
__res_state
_chown32
_dll_crt0@0
_fchown32
_fcntl64
_fdopen64
_fopen64
_fstat64
_ftruncate64
_getegid32
_geteuid32
_getgid32
_getgrnam32
_getgroups32
_getpwuid32
_getuid32
_impure_ptr
_initgroups32
_lseek64
_lstat64
_mknod32
_open64
_setgid32
_setgroups32
_setuid32
_stat64
abort
accept
alarm
asctime
atoi
bind
calloc
cfmakeraw
chdir
chmod
chown
chroot
clock_gettime
close
connect
creat
cygwin_detach_dll
cygwin_internal
div
dll_dllcrt0
dup
dup2
execvp
exit
fchmod
fchown
fclose
fcntl
fdopen
fflush
fileno
flock
fopen
fork
fprintf
fputc
fputs
free
freeaddrinfo
fstat
ftruncate
fwrite
gai_strerror
getaddrinfo
getegid
getenv
geteuid
getgid
getgrnam
getgrouplist
getgroups
gethostbyname
gethostname
getpeername
getpgid
getpgrp
getpid
getppid
getpwnam
getpwuid
getservbyname
getsid
getsockname
getsockopt
gettimeofday
getuid
grantpt
h_errno
hstrerror
htonl
htons
if_indextoname
inet_ntop
initgroups
ioctl
isatty
kill
link
listen
localtime
localtime_r
lseek
lstat
malloc
memcmp
memcpy
memmove
memrchr
memset
mkfifo
mknod
mkstemp
nanosleep
ntohl
ntohs
open
openlog
openpty
pause
pipe
poll
posix_memalign
ptsname
putc
random
read
readlink
realloc
recv
recvfrom
recvmsg
regcomp
regerror
regexec
select
send
sendto
setenv
setgid
setgroups
setpgid
setsid
setsockopt
setuid
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srandom
stat
strcasecmp
strchr
strcmp
strcpy
strdup
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtod
strtol
strtoll
strtoul
symlink
syslog
system
tcgetattr
tcgetpgrp
tcsetattr
tcsetpgrp
toupper
ttyname
umask
uname
unlink
unlockpt
unsetenv
usleep
vsnprintf
waitpid
write

cygreadline7

add_history
append_history
read_history
readline
using_history
where_history
write_history

cygssl-1.0.0

DTLSv1_client_method
DTLSv1_server_method
SSL_CIPHER_get_name
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_default_verify_paths
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_accept
SSL_connect
SSL_free
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_error
SSL_get_peer_certificate
SSL_get_verify_result
SSL_library_init
SSL_load_error_strings
SSL_new
SSL_pending
SSL_read
SSL_set_cipher_list
SSL_set_fd
SSL_shutdown
SSL_write
SSLv23_client_method
SSLv23_server_method
SSLv2_client_method
SSLv2_server_method
SSLv3_client_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_server_method

cygwrap-0

hosts_access
hosts_access_verbose
hosts_allow_table
hosts_deny_table
request_init
sock_hostaddr
sock_hostname

cyggcc_s-1

__udivdi3
__umoddi3

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5ef43c81f9937c87c853a7a6283a77b

Headers

DLL Characteristics

File Characteristics

Imports

cygcrypto-1.0.0

cygwin1

cygreadline7

cygssl-1.0.0

cygwrap-0

cyggcc_s-1

kernel32

Sections

.text Size: 218KB - Virtual size: 218KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 75KB - Virtual size: 74KB

.buildid Size: 512B - Virtual size: 53B

/4 Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 218KB - Virtual size: 218KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 75KB - Virtual size: 74KB

.buildid
Size: 512B - Virtual size: 53B

/4
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB