SSHub[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SSHub.exe
Size

454KB
MD5

9626f3a0ec8b903142c9747bcd03f037
SHA1

9b316ccd698337592573d3a0b1ac53d439fdae85
SHA256

591a3dd3e54213c1ca603200975e7bff0a3d93a5c1bf2a053283ed35930e6d44
SHA512

edead3d89e908385787c1270c36bc893faffb6dc4203bed63a78748f69cdc848b00967acb66eb23ef73fc2c7096a53d802426cbc0148cf234c560af09a5e455f
SSDEEP

12288:DlCi38uax8MVlsYcxvJ/qCX6qLnzwY0NvdYuiLt02oKF26Ay99:Dlfsuw8TxB/9cY0ga2ob6j9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SSHub.exe

Files

SSHub.exe
.exe windows x86

038e147b2ded55be760d6ec58e5c4763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleInformation
WriteFile
WideCharToMultiByte
Sleep
GetFileAttributesW
ReadFile
MultiByteToWideChar
GetStdHandle
GetLastError
SetLastError
FindClose
GetCurrentProcess
CreatePipe
FindNextFileW
DuplicateHandle
CloseHandle
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
GetModuleFileNameA
FindNextFileA
DeleteFileA
SystemTimeToFileTime
CreateProcessW
FindFirstFileW
GetLocalTime
GetFullPathNameW
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
LoadLibraryW
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetFullPathNameA
HeapSize
GetTimeZoneInformation
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
LCMapStringW
FlushFileBuffers
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExitThread
ResumeThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
GetTimeFormatA
GetDateFormatA
HeapReAlloc
EncodePointer
DecodePointer
CreateDirectoryA
GetDriveTypeA
FindFirstFileExA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
HeapCreate
ExitProcess
GetModuleFileNameW
SetFilePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
RaiseException
CreateFileA
CreateFileW
InitializeCriticalSection

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ws2_32

getpeername
ioctlsocket
connect
inet_ntoa
WSAStartup
recvfrom
ntohl
htonl
select
WSAGetLastError
ntohs
getsockname
shutdown
setsockopt
sendto
recv
bind
socket
__WSAFDIsSet
closesocket
send
getsockopt
listen
accept
htons

openthreadswin32

??0Mutex@OpenThreads@@QAE@XZ
??1Mutex@OpenThreads@@UAE@XZ
?lock@Mutex@OpenThreads@@UAEHXZ
?unlock@Mutex@OpenThreads@@UAEHXZ

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

038e147b2ded55be760d6ec58e5c4763

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

openthreadswin32

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 7KB - Virtual size: 419KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 7KB - Virtual size: 419KB

.reloc
Size: 23KB - Virtual size: 22KB