masscan[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

masscan.exe
Size

394KB
MD5

f910747c5ec68a79512490348b576ccf
SHA1

9d33641b3695d98c024d70fd37c48dbe46f8916c
SHA256

a2f479067856b4e03cd8c1aba28da9d909ae3b70559f07df028594b227f0cb71
SHA512

f08d8d0faf03a677e1c43d0f63992f5c7b47e4dadd51fa33a994283935474c7aae5b2f2d89c762b0d92010d8a40b331bdb9dc8846b030fbd47085615a11e0dc9
SSDEEP

12288:buO5szbU2v6j8WshmAYxsetQuKN96KyjkhMahFxO2ruOQ8TuAJXPU99gweI:7g56KyjkhfxmWTumPU98

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
masscan.exe

Files

masscan.exe
.exe windows x86

f38b193cffb6857c488324b4545edef8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
CreateFileA
WaitForSingleObject
GetLastError
GetProcessAffinityMask
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcAddress
QueryPerformanceFrequency
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
HeapSize
GetStringTypeW
Sleep
GetCurrentProcess
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
DecodePointer
GetTimeFormatA
GetDateFormatA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapAlloc
GetDriveTypeW
GetFullPathNameA
EncodePointer
SetConsoleCtrlHandler
ReadFile
MoveFileA
GetFileAttributesA
ExitThread
CloseHandle
ResumeThread
CreateThread
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapReAlloc
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
SetHandleCount
GetStdHandle
GetStartupInfoW
DeleteCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
MultiByteToWideChar
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LoadLibraryW
GetModuleFileNameW
GetTimeZoneInformation
IsProcessorFeaturePresent
LCMapStringW
FlushFileBuffers
GetCurrentDirectoryW
SetFilePointer
GetFileInformationByHandle
PeekNamedPipe
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
WriteConsoleW
RaiseException

ws2_32

connect
htonl
socket
WSAStartup
htons
getservbyport
getprotobynumber
select
recv
send

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f38b193cffb6857c488324b4545edef8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 19KB - Virtual size: 541KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 19KB - Virtual size: 541KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 16KB - Virtual size: 16KB