ws_ftp95[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ws_ftp95.exe
Size

424KB
MD5

8ce640cd8dad0750de689d71a48c138c
SHA1

2fc1b52097104b3bcaf11190182f4e4f1864f044
SHA256

5f37bbaff8318c17b0416e997a96c17e34432f554646ec95f281b922ffe683e9
SHA512

624f412dacc281ef4f0fc0e8b8d130c99756e1ceaeb88ecf2507016e345c9c57ec40a3f242751f8f4870a4207fb432d75c06965348ccc84406d6472fb636c083
SSDEEP

6144:uzY9F9M3ovSV/sGq+eMW/XV2GVTlef1IF5g:J96+SVFe1lpVTle0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ws_ftp95.exe

Files

ws_ftp95.exe
.exe windows x86

d8aae04188b5479b8cfdeb1124f07016

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

connect
htons
socket
ntohs
WSAGetLastError
accept
WSACleanup
WSAStartup
WSACancelBlockingCall
WSAIsBlocking
closesocket
send
inet_addr
setsockopt
recv
ioctlsocket
gethostbyname
select
getsockname
bind
listen
shutdown
WSASetBlockingHook
WSASetLastError

winmm

sndPlaySoundA

comctl32

PropertySheetA

kernel32

WinExec
RemoveDirectoryA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFree
lstrcpyA
LocalAlloc
SetFilePointer
CloseHandle
Sleep
GetFileSize
CreateFileA
lstrcatA
FreeEnvironmentStringsW
DeleteFileA
GetPrivateProfileIntA
GetWindowsDirectoryA
GetModuleFileNameA
GetFullPathNameA
GetLastError
InitializeCriticalSection
GetVersion
TerminateThread
DeleteCriticalSection
GetTempFileNameA
GetTempPathA
_lclose
GetTickCount
_lread
lstrcpynA
GetEnvironmentStringsW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FlushFileBuffers
LeaveCriticalSection
EnterCriticalSection
GetProfileStringA
GlobalFree
GlobalUnlock
WaitForSingleObject
CreateProcessA
GlobalLock
GlobalAlloc
HeapAlloc
WriteProfileStringA
lstrcmpA
LocalUnlock
LocalLock
GetProfileIntA
CreateThread
GetVolumeInformationA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpiA
MulDiv
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
SetStdHandle
GetStringTypeA
GetStringTypeW
ReadFile
LoadLibraryA
SetEndOfFile
GetLocaleInfoA
GetLocaleInfoW
CompareStringA
CompareStringW
HeapReAlloc
GetFileAttributesA
WriteFile
_lopen
LCMapStringA
HeapCreate
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
CreateDirectoryA
MoveFileA
ExitThread
MultiByteToWideChar
TlsSetValue
ResumeThread
GetDriveTypeA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
WideCharToMultiByte
LCMapStringW
GetProcAddress
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
RtlUnwind
TerminateProcess
GetEnvironmentStrings
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

ReleaseCapture
InvertRect
GetAsyncKeyState
ScreenToClient
GetCursorPos
SetCapture
GetSystemMetrics
GetScrollPos
IsWindowEnabled
MessageBeep
DestroyCursor
ReleaseDC
GetWindowDC
GetDlgItemInt
SendDlgItemMessageA
RedrawWindow
GetWindow
GetClassNameA
IsWindow
SetForegroundWindow
AppendMenuA
GetSystemMenu
GetDC
WindowFromPoint
SetDlgItemInt
SetTimer
GetDlgItemTextA
CreateWindowExA
GetWindowLongA
ShowWindow
BringWindowToTop
SetFocus
CallWindowProcA
GetClientRect
MoveWindow
IsZoomed
IsIconic
GetWindowRect
SetWindowLongA
DestroyWindow
SetCursor
DefWindowProcA
ClientToScreen
TrackPopupMenu
UpdateWindow
InvalidateRect
SetWindowTextA
MessageBoxA
KillTimer
SendMessageA
wsprintfA
LoadStringA
UnregisterClassA
CreatePopupMenu
WinHelpA
IsWindowVisible
GetClassInfoA
DeleteMenu
DestroyMenu
PostQuitMessage
GetKeyState
GetWindowTextA
GetSysColor
GetDialogBaseUnits
LoadAcceleratorsA
TranslateAcceleratorA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassA
GetDesktopWindow
LoadBitmapA
PeekMessageA
DialogBoxParamA
PostMessageA
CheckRadioButton
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItem
GetParent
EnableWindow
BeginPaint
DrawTextA
EndPaint
GetActiveWindow
CreateDialogParamA
SetActiveWindow
GetCursor
TabbedTextOutA
EndDialog
GetFocus

gdi32

SetBkMode
Rectangle
GetStockObject
SelectObject
TextOutA
GetTextExtentPoint32A
DeleteDC
BitBlt
CreateCompatibleDC
GetObjectA
DeleteObject
CreateSolidBrush
SetBkColor
SetTextColor
CreatePen
ExtFloodFill
GetBkColor
CreateCompatibleBitmap
SetTextAlign
LineTo
MoveToEx
GetTextMetricsA
CreateFontIndirectA
GetDeviceCaps

comdlg32

ChooseFontA
GetOpenFileNameA

shell32

DragQueryPoint
DragFinish
ShellExecuteA
DragAcceptFiles
FindExecutableA
DragQueryFileA

wsftp32

ord950
ord940
ord922
ord500
ord920
ord930
ord583
ord910

Exports

Exports

PreInitCINFO
WndProc

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8aae04188b5479b8cfdeb1124f07016

Headers

File Characteristics

Imports

wsock32

winmm

comctl32

kernel32

user32

gdi32

comdlg32

shell32

wsftp32

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 18KB - Virtual size: 56KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 199KB - Virtual size: 198KB

.reloc Size: 20KB - Virtual size: 92KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 18KB - Virtual size: 56KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 199KB - Virtual size: 198KB

.reloc
Size: 20KB - Virtual size: 92KB