ftp[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ftp.exe
Size

2.1MB
MD5

0191e5d87933d972051bbfa5347e59bf
SHA1

1d613ff1aea9e53ec3f3077927b9a4c962902860
SHA256

1df64ec5bbeba1ee497c328f7dc16d05a4b93a6fa3b7a26dda249221585ee6ab
SHA512

c1b168471339204db725ac7901a9571e743f102697cb15f599e7e5ca97bf1f9e3073612be134498e27434867203c35b9e1443b54812b76cd72fd9f6b1a8a6f9e
SSDEEP

49152:SKiSrRX6fzbwH9CPKp6bgsxbH8/IDH3id2sJjj6bJd69w1ns2GyAN0HdP:SKi46fvwH9Cm6bgsxbc/Ire6bJd69and

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ftp.exe

Files

ftp.exe
.exe windows x86

58b33d9f4cb2426ce317c9027911ac2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileExW
GetDriveTypeW
ReadConsoleW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
IsValidCodePage
GetFileType
SetStdHandle
HeapQueryInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
FindNextFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceFrequency
CreateFileW
GetCurrentDirectoryW
WriteConsoleW
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
SetEnvironmentVariableW
UnhandledExceptionFilter
CreateEventW
GetUserDefaultLCID
GetTempFileNameA
SearchPathA
GetProfileIntA
GetTickCount64
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
FindNextFileA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentProcessId
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
SetErrorMode
MulDiv
GlobalFree
GlobalUnlock
GlobalSize
SystemTimeToTzSpecificLocalTime
FormatMessageA
LocalFree
LocalAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThread
SetLastError
OutputDebugStringA
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
CreateEventA
SetEvent
CloseHandle
GetFileTime
GetPrivateProfileStringA
WideCharToMultiByte
SizeofResource
GetProcessHeap
DeleteCriticalSection
DecodePointer
GetLocalTime
FileTimeToLocalFileTime
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
FileTimeToSystemTime
CreateFileA
GetLastError
CopyFileA
Sleep
MultiByteToWideChar
GetCommandLineA
HeapSize
GetModuleHandleA
GetCurrentDirectoryA
WaitForSingleObject
InitializeCriticalSectionEx
HeapFree
GetFullPathNameW

user32

GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
IntersectRect
DestroyIcon
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
OffsetRect
SetRectEmpty
InflateRect
GetMenuItemInfoA
DestroyMenu
LoadCursorA
GetSysColorBrush
GetSystemMetrics
CharUpperA
FillRect
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
ClientToScreen
DeleteMenu
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
SystemParametersInfoA
CopyImage
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
MessageBeep
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxA
BringWindowToTop
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
GetMessageA
TranslateMessage
TrackPopupMenu
SetMenu
GetMenu
EnableWindow
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
EnableScrollBar
HideCaret
InvertRect
LoadCursorW
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyA
GetKeyNameTextA
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
WinHelpA
DispatchMessageA
PeekMessageA
SendMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostMessageA
PostQuitMessage
GetDesktopWindow
GetMenuStringA
ReuseDDElParam
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
LoadBitmapW
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
IsChild
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsA
TranslateAcceleratorA
GetSystemMenu
LoadMenuA
InsertMenuItemA
UnpackDDElParam
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetComboBoxInfo
AdjustWindowRectEx

gdi32

CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
GetDeviceCaps
CreateDCA
GetWindowExtEx
CopyMetaFileA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFileInfoA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHAppBarMessage
SHBrowseForFolderA

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
PathIsUNCA

uxtheme

DrawThemeText
GetThemeColor
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
OleLockRunning
CoCreateInstance

oleaut32

VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocStringLen
VariantInit
VarUI8FromStr
SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipSetInterpolationMode
GdipGetImageWidth

wininet

FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
FtpPutFileA
FtpFindFirstFileA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetFindNextFileA
InternetConnectA
InternetCloseHandle
InternetOpenA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58b33d9f4cb2426ce317c9027911ac2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 347KB - Virtual size: 347KB

.data Size: 25KB - Virtual size: 42KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 142KB - Virtual size: 141KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 347KB - Virtual size: 347KB

.data
Size: 25KB - Virtual size: 42KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 142KB - Virtual size: 141KB