Robocopy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Robocopy.exe
Size

104KB
MD5

a9fe3a5d771b9eab7c971915997bbe5a
SHA1

c9495f0ba6abe6caf06687e75562657b473b22b2
SHA256

7cff03f890334150ce3f369c395781e0809911623543150b418357724d2cc459
SHA512

e15b334a41cef31c06df89baf673726d11fea355aad14f0171ad227699cd2d704532f503110818289e96a1a4ae389de12ea34df2b94a973f121a308021636eb7
SSDEEP

3072:7npwwnzfTkNa5LTERtJF4qr8Q7SiStmZ/4Pd3RJudKDm:zpwqBTEz0PtGC3i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Robocopy.exe

Files

Robocopy.exe
.exe windows x86

d39cf4a3c93bff6f150f2f9b078312e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorControl
ReadEncryptedFileRaw
DecryptFileW
EncryptFileW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW

kernel32

GetFullPathNameW
GetDateFormatW
SystemTimeToFileTime
GetTimeFormatW
FileTimeToSystemTime
CompareStringW
lstrlenW
GetLastError
GetLocalTime
GetVersion
GetSystemTime
ExpandEnvironmentStringsW
LocalFileTimeToFileTime
CloseThreadpoolWork
FindFirstChangeNotificationW
TlsGetValue
SetErrorMode
CreateThreadpoolWork
SetWaitableTimer
QueryPerformanceCounter
FindCloseChangeNotification
SetEvent
ReleaseSRWLockExclusive
SleepEx
WaitForSingleObjectEx
GetModuleHandleW
SetThreadUILanguage
SetFileTime
AcquireSRWLockExclusive
InitializeCriticalSection
TlsSetValue
OpenProcess
CreateThreadpool
Sleep
SetThreadpoolThreadMaximum
LeaveCriticalSection
GetFileAttributesW
GetConsoleOutputCP
SetLastError
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
EnterCriticalSection
InitializeSRWLock
OpenThread
CreateEventW
FindNextChangeNotification
WaitForMultipleObjects
SubmitThreadpoolWork
CreateWaitableTimerW
HeapSetInformation
QueryPerformanceFrequency
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
CloseHandle
GetCurrentProcessId
WideCharToMultiByte
FormatMessageW
LocalAlloc
LocalFree
FindFirstFileW
CompareFileTime
CreateDirectoryW
CreateFileW
lstrcmpW
GlobalFree
FindClose
RemoveDirectoryW
DeviceIoControl
GetFileInformationByHandle
SetFileAttributesW
GetVolumeInformationW
CopyFileExW
WaitForSingleObject
CompareStringOrdinal
BackupRead
BackupWrite
DeleteFileW
ExitThread
SetThreadPriority
GetExitCodeThread
ResumeThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
GetFileType
GetConsoleMode
GetStdHandle
WriteConsoleW
ExitProcess
GetProcessHeap
HeapFree
HeapValidate
HeapAlloc
HeapSize
PrivCopyFileExW

mfc42u

ord922
ord925
ord927
ord5601
ord3971
ord539
ord2606
ord2756
ord3658
ord1863
ord535
ord415
ord715
ord823
ord6928
ord1184
ord825
ord5616
ord1081
ord538
ord540
ord861
ord858
ord942
ord4124
ord5706
ord4199
ord2910
ord5568
ord800
ord996

msvcrt

_onexit
??1type_info@@UAE@XZ
_controlfp
_except_handler4_common
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsnicmp
_wcsicmp
malloc
free
clock
time
ctime
_lock
fwprintf_s
__dllonexit
??_V@YAXPAX@Z
??_U@YAPAXI@Z
swprintf_s
fclose
_setmode
fputws
_fileno
_vsnwprintf
printf
fgetws
wprintf
_wfopen
__iob_func
fwprintf
__set_app_type
?terminate@@YAXXZ
_initterm
__setusermatherr
_wsetlocale
_unlock
__p__fmode
_cexit
_exit
exit
fflush
memcpy
_ftol2_sse
_ftol2
__CxxFrameHandler3
fprintf
_get_osfhandle
_errno
memset

user32

LoadStringW

ws2_32

WSACleanup

ntdll

RtlCompareMemory
NtSetSecurityObject
NtOpenFile
NtSetInformationProcess
NtClose
RtlNtStatusToDosError
RtlGetControlSecurityDescriptor
NtQueryDirectoryFile
RtlDosPathNameToRelativeNtPathName_U
NtQueryInformationFile
RtlGetSaclSecurityDescriptor
NtSetInformationFile
RtlInitUnicodeString
RtlFreeHeap
NtQuerySecurityObject
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d39cf4a3c93bff6f150f2f9b078312e8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mfc42u

msvcrt

user32

ws2_32

ntdll

Sections

.text Size: 87KB - Virtual size: 86KB

.data Size: 1024B - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 87KB - Virtual size: 86KB

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB