exe_cgi_file_deliverer[.]cgi

Sharing

Copy URL Twitter E-mail

General

Target

exe_cgi_file_deliverer.cgi
Size

702KB
MD5

38b228a523702580fbc9a99a07d6ba0b
SHA1

7ab1d8e11641a32d2e3a0da6027d951e6a6803a1
SHA256

35999bcb11276f0d25b50e8bc1e647a2bdac0c034dee9e8bb04ef2b7d6b4df1a
SHA512

d9d014716f56ae453f10573a985544ddda2de9e5f8f26c8b913f316b9c321d4102deceb1485aa205f8f59eb8fe6f46fe0974b033b0b4b3cc6718444c7fc01c82
SSDEEP

12288:bsXpS94o8RNP5UV0RpF+PusYmtlqH6PP7OUg/:bsZv/Jo03Mmae6H7OUg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
exe_cgi_file_deliverer.cgi

Files

exe_cgi_file_deliverer.cgi
.exe windows x64

0bf1c62d98dec93039a35198e15fbb79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp100

?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@UEAA@XZ
_Strxfrm
_Strcoll
??0facet@locale@std@@IEAA@_K@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_BADOFF@std@@3_JB
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xmem@tr1@std@@YAXXZ
_Getcoll
?_Xfunc@tr1@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Incref@facet@locale@std@@QEAAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z

msvcr100

exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_cexit
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
sscanf_s
_vsnprintf_s
fprintf
fseek
__sys_nerr
strerror
_errno
strstr
strncpy
_gmtime64
_stat64
strtoul
calloc
isxdigit
isgraph
isprint
isdigit
isupper
isalnum
isalpha
islower
qsort
fopen
strrchr
strncmp
_strtoi64
malloc
sprintf
??8type_info@@QEBA_NAEBV0@@Z
strtol
strncpy_s
sprintf_s
fread
??_V@YAXPEAX@Z
_stat64i32
tolower
sscanf
??0exception@std@@QEAA@XZ
_beginthreadex
_time64
_vsnprintf
_ftime64_s
fclose
fsetpos
_fseeki64
fgetpos
fwrite
memcpy_s
setvbuf
fflush
_unlock_file
_lock_file
ungetc
fputc
fgetc
__iob_func
_fileno
_setmode
atoi
_atoi64
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??3@YAXPEAX@Z
memcpy
_dupenv_s
strchr
realloc
free
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
_purecall
memset
memchr
memcmp
__CxxFrameHandler3
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
__crt_debugger_hook
_strnicmp
_stricmp
_strdup
memmove
??2@YAPEAX_K@Z
isspace

kernel32

GetCurrentProcess
WaitForMultipleObjects
GetTickCount
FindClose
GetFileSize
FormatMessageA
CreateFileW
FindFirstFileW
FindNextFileW
LocalFree
Sleep
GetCurrentThreadId
QueryPerformanceCounter
SleepEx
InitializeCriticalSection
SetLastError
ReadFile
PeekNamedPipe
GetFileType
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
GetFullPathNameA
GetLastError
CreateMutexA
WaitForSingleObject
ReleaseMutex
LocalAlloc
RtlCaptureContext
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
CloseHandle

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ws2_32

recv
WSASetLastError
freeaddrinfo
getaddrinfo
gethostname
accept
listen
ioctlsocket
__WSAFDIsSet
getpeername
socket
recvfrom
WSAStartup
WSACleanup
ntohs
getsockopt
getsockname
WSAGetLastError
connect
send
closesocket
setsockopt
bind
sendto
htons
select

Sections

.text
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bf1c62d98dec93039a35198e15fbb79

Headers

DLL Characteristics

File Characteristics

Imports

msvcp100

msvcr100

kernel32

advapi32

ws2_32

Sections

.text Size: 427KB - Virtual size: 427KB

IPPCODE Size: 34KB - Virtual size: 33KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 18KB - Virtual size: 24KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 427KB - Virtual size: 427KB

IPPCODE
Size: 34KB - Virtual size: 33KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 18KB - Virtual size: 24KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 20KB - Virtual size: 20KB