nmap[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nmap.exe
Size

2.4MB
MD5

9014293e782b3fe46ef5f9c3bed34065
SHA1

51c050aef6ebf01ab80f28367bd0aea98560eb47
SHA256

3030a300e4e7ccb7af1f4832bd7aa544f94a164c0617a0f99f536b1f75934d15
SHA512

15ad454989913a4cc9269610e26c186dd6e18310ea0a03a69e5c16cc8d15909390b8f1e2064d85ebb35cdecd022c4fed728d738d9c6f15ac2bc6161006d5c5fe
SSDEEP

24576:XW1yadwqiEyGPQwwihIfrA0B+4j80lW0ar/H9hhhhhhzhhhhhhQhhhhhhzhhhhh9:XtXq7jO5Lj80lW0a8u38

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nmap.exe

Files

nmap.exe
.exe windows x86

3ae0633e65d526f9410b9270a96e0232

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
ioctlsocket
sendto
recvfrom
WSACleanup
WSAStartup
recv
setsockopt
select
getsockopt
getsockname
bind
__WSAFDIsSet
socket
send
connect
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_addr
htons
htonl
gethostname
gethostbyname
ntohl
inet_ntoa
ntohs
closesocket

advapi32

CryptReleaseContext
CryptAcquireContextA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
CryptGenRandom

libeay32

ord117
ord1001
ord809
ord227
ord231
ord225
ord253
ord246
ord2743
ord3899
ord1002
ord2821
ord3109
ord269
ord2936
ord2894
ord276
ord2660
ord3067
ord266
ord2656
ord961
ord256
ord2399
ord3019
ord3212
ord315
ord316
ord962
ord2433
ord339
ord464
ord2206
ord478
ord479
ord477
ord1045
ord501
ord78
ord2334
ord52
ord95
ord361
ord364
ord1870
ord286
ord1010
ord281
ord639
ord641
ord754
ord653
ord657
ord654
ord576
ord578
ord567
ord566
ord421
ord223
ord2201
ord2254
ord119
ord122
ord160
ord140
ord134
ord115
ord120
ord118
ord123
ord150
ord151
ord2239
ord156
ord110
ord111
ord181
ord2630

ssleay32

ord157
ord183
ord110
ord6
ord21
ord74
ord70
ord178
ord12
ord15
ord242
ord154
ord96
ord48
ord8
ord58
ord45
ord108
ord78
ord43
ord75
ord90
ord87
ord42
ord61
ord31

shell32

ShellExecuteA
SHGetFolderPathA

msvcr120

sscanf
exit
atoi
strtod
islower
isdigit
_stricmp
_strnicmp
strftime
_ctime64
_localtime64
_time64
_stat64i32
sprintf_s
sprintf
calloc
strcpy_s
strcat_s
strncpy_s
strtok
strncmp
strrchr
perror
_getch
_read
memchr
_errno
_findclose
_findfirst64i32
_findnext64i32
_mkdir
isalpha
isupper
ispunct
isalnum
isprint
isgraph
iscntrl
srand
_CIfmod
ceil
malloc
setlocale
strpbrk
realloc
_snprintf
_libm_sse2_log_precise
fwrite
vfprintf
strncat
_libm_sse2_log10_precise
floor
fgetc
fprintf
ungetc
tolower
__RTDynamicCast
_difftime64
feof
ferror
fread
freopen
getc
longjmp
abort
_setjmp3
ldexp
_libm_sse2_pow_precise
frexp
strcoll
localeconv
toupper
strspn
clearerr
fscanf
_fseeki64
_ftelli64
_pclose
_popen
setvbuf
tmpfile
system
clock
_gmtime64
_mktime64
remove
rename
tmpnam
rand
modf
_CIatan2
_CIcosh
_CIsinh
_CItanh
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_tan_precise
_HUGE
_access
_ftime64
_dup2
_setmode
_open_osfhandle
fputs
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except1
_except_handler4_common
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_vsnprintf
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
fflush
getenv
isspace
isxdigit
strtol
fopen
fclose
strtoul
strstr
strcspn
strchr
_libm_sse2_sqrt_precise
_libm_sse2_exp_precise
_wassert
??_U@YAPAXI@Z
??_V@YAXPAX@Z
qsort
strncpy
strerror
_strdup
printf
__iob_func
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
free
_rmdir
fgets
_kbhit

msvcp120

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

kernel32

CreateMutexW
SetLastError
CreateMutexA
WaitForSingleObject
ReleaseMutex
CreateThread
PeekNamedPipe
CreatePipe
WriteFile
RaiseException
SetStdHandle
Sleep
GetCurrentProcess
DuplicateHandle
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
SetCurrentDirectoryA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetSystemDirectoryA
ReadFile
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
HeapFree
GetProcessHeap
GetStdHandle
FlushConsoleInputBuffer
GetVersion
CreateFileA
GetFileSize
CloseHandle
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ae0633e65d526f9410b9270a96e0232

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

libeay32

ssleay32

shell32

msvcr120

msvcp120

kernel32

Sections

.text Size: 744KB - Virtual size: 744KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 1.5MB - Virtual size: 1.6MB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 744KB - Virtual size: 744KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 1.5MB - Virtual size: 1.6MB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 41KB - Virtual size: 41KB