Static task
static1
Behavioral task
behavioral1
Sample
SSH Secure Shell.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SSH Secure Shell.exe
Resource
win10v2004-20230220-en
General
-
Target
SSH Secure Shell.exe
-
Size
5.3MB
-
MD5
5e105dbd37abcd4486ced0f3daf5b5e8
-
SHA1
ddbb5cb26d653192c141ff4d589a3ffd05c9d399
-
SHA256
8a5a076582904c56eccb41084b9bdfcf1587f0f9257fe51e3301bba6220c6d40
-
SHA512
7a22f732913802f6cd1606fc16093e7950d04cc0302e1c8c981ba71575b247713aec433a39b25bf8de801b9ecb3af965ec82804c1478a3bc84422afa493ca88d
-
SSDEEP
98304:nXBv3b0Lxr4MOpNar5dR9PL4ALCj47Xb7LyrcpMxRIiLsPBRXdd5:nXBvwOMOGAob7vMsiLsPH75
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource SSH Secure Shell.exe
Files
-
SSH Secure Shell.exe.exe windows x86
a7324e834ca65c1315df64dc80512e09
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindResourceA
GetModuleFileNameA
FreeResource
SizeofResource
LoadResource
WaitForSingleObject
CloseHandle
CreateProcessA
LockResource
GetFileAttributesA
GetTempPathA
WideCharToMultiByte
HeapDestroy
HeapCreate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
DeleteFileA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
FlushFileBuffers
SetStdHandle
VirtualFree
RtlUnwind
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
SetFilePointer
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
user32
MessageBoxA
advapi32
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
Sections
.text Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ