ftpclient[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ftpclient.exe
Size

690KB
MD5

6993af44351ee82c42d77ccf5d550a29
SHA1

5e14f5084710c1856de15747f9abde647fd81d6a
SHA256

88d64f61c68cdb3a3a875a18393b23e32ed6deeb4c4071cb851b91e9b5b6a661
SHA512

2c585ab9d754d2466dd4e7180bf256142b2d6e3a0e4862d985bcaf7443106ea2c8c37290692a94f69d7766dc3d194b3137a02484d70e084250859d4c69986bab
SSDEEP

12288:ovHjaC8X3QI2u/t4UoaUPGE8cxgorFTtMwHhE9qZfdP1dr0jy5rlunptp4qm:aQA9u/t4ULcxgITK7qFdPbr0O5rlcH4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ftpclient.exe

Files

ftpclient.exe
.exe windows x86

e778e90c1d226f347533f734f8d81477

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose
LZOpenFileA
LZCopy

kernel32

GetVersionExA
WritePrivateProfileStringA
GetTempFileNameA
lstrcmpA
GetPrivateProfileStringA
GetSystemDirectoryA
lstrcpyA
LocalFree
LockResource
GlobalUnlock
lstrcatA
FormatMessageA
GetProfileIntA
GetProfileStringA
WriteProfileStringA
CreateDirectoryA
GetTempPathA
SizeofResource
lstrlenA
CreateFileA
WriteFile
CloseHandle
GetTickCount
GetLastError
FindResourceA
LoadResource
GlobalAlloc
GlobalLock
GlobalFree
FreeResource
LocalAlloc
GetSystemDefaultLangID
lstrcmpiA
GetCurrentProcess
GetVersion
GetStringTypeA
HeapReAlloc
SetEndOfFile
SetFilePointer
LoadLibraryA
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
HeapCreate
GetStdHandle
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
ReadFile
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
WideCharToMultiByte
TerminateProcess
ExitProcess
HeapFree
GetCommandLineA
SetCurrentDirectoryA
GetModuleHandleA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
MoveFileA
GetFileAttributesA
DeleteFileA
GetEnvironmentStrings
RemoveDirectoryA

user32

GetSystemMenu
UpdateWindow
GetDC
EndDialog
ReleaseDC
LoadStringA
wsprintfA
GetDlgItem
CheckRadioButton
IsDlgButtonChecked
DialogBoxParamA
ValidateRect
GetClientRect
InvalidateRect
CheckDlgButton
EndPaint
BeginPaint
DefWindowProcA
CreateWindowExA
MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
ShowWindow
GetWindowRect
GetDesktopWindow
RegisterClassA
LoadCursorA
LoadIconA
DestroyWindow
IsDialogMessageA
SetFocus
SendDlgItemMessageA
GetParent
DdeUnaccessData
SendMessageA
DdeUninitialize
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
MoveWindow
LoadBitmapA
PostQuitMessage
PostMessageA
GetMessageA
ExitWindowsEx
SetDlgItemTextA
GetDlgItemTextA
CreateDialogParamA
SetActiveWindow
SetWindowTextA
EnableWindow
DdeAccessData
IsWindow
EnableMenuItem

gdi32

RealizePalette
TextOutA
GetTextExtentPoint32A
SetBkMode
DeleteObject
SelectObject
CreateFontIndirectA
GetTextMetricsA
CreatePalette
GetStockObject
DeleteDC
BitBlt
GetObjectA
CreateCompatibleDC
SetBkColor
CreateSolidBrush
EndDoc
EndPage
StartPage
StartDocA
SetAbortProc
GetDeviceCaps
SelectPalette
StretchDIBits

comdlg32

PrintDlgA
GetOpenFileNameA

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 983B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e778e90c1d226f347533f734f8d81477

Headers

File Characteristics

Imports

lz32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 1024B - Virtual size: 983B

.data Size: 9KB - Virtual size: 19KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 611KB - Virtual size: 611KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 1024B - Virtual size: 983B

.data
Size: 9KB - Virtual size: 19KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 611KB - Virtual size: 611KB

.reloc
Size: 6KB - Virtual size: 6KB