iscsicli[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

iscsicli.exe
Size

43KB
MD5

85f071cfda86c07bc129a6f197cd128b
SHA1

d735aaf3b0e9e9dcfc3a0c6b20ff14bd86cc1ee4
SHA256

df7e885366bfac7958b4b08a003637111da03a58fcc79b64b964c77df1f7794f
SHA512

494d27149674365c551411fe1df12bca835fe797aefb8f0caad389af9a89954342e68035279e1780506493ef30e9491e803d6863f4f24c2cc9b6009a9163bd63
SSDEEP

768:mQgBpi1f/9NfcO5mu5gxRrR4VpAWdXrK+w:mQUcZfcO5mu5gHiwWdXrK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iscsicli.exe

Files

iscsicli.exe
.exe windows:10 windows x86

d52f09274bdf23c93710dedf1a9d242c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wtoi
vswprintf_s
fgetws
feof
_wcstoui64
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
__iob_func
_cexit
__p__fmode
__setusermatherr
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memcpy
_vsnwprintf
_wcsicmp
_initterm
memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ws2_32

WSAStringToAddressA
WSACleanup
WSAStartup

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Registry_PropertyW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

iscsidsc

AddIScsiSendTargetPortalW
GetIScsiSessionListW
ReportIScsiInitiatorListW
RemoveIScsiStaticTargetW
RefreshISNSServerW
RemoveIScsiConnection
ClearPersistentIScsiDevices
SetupPersistentIScsiVolumes
ReportIScsiPersistentLoginsW
SendScsiInquiry
AddISNSServerW
RemoveISNSServerW
RefreshIScsiSendTargetPortalW
SetIScsiIKEInfoW
LoginIScsiTargetW
SetIScsiInitiatorCHAPSharedSecret
GetDevicesForIScsiSessionW
AddIScsiStaticTargetW
RemoveIScsiPersistentTargetW
SendScsiReadCapacity
SetIScsiGroupPresharedKey
GetIScsiVersionInformation
ReportISNSServerListW
AddIScsiConnectionW
ReportIScsiSendTargetPortalsExW
RemovePersistentIScsiDeviceW
AddPersistentIScsiDeviceW
SetIScsiTunnelModeOuterAddressW
SendScsiReportLuns
ReportIScsiTargetsW
GetIScsiInitiatorNodeNameW
GetIScsiIKEInfoW
SetIScsiInitiatorNodeNameW
RemoveIScsiSendTargetPortalW
GetIScsiTargetInformationW
LogoutIScsiTarget
ReportPersistentIScsiDevicesW
ReportActiveIScsiTargetMappingsW

iscsium

DiscpEnumerateDeviceInterfaces
DiscpExecuteMethod
DiscpAllocMemory
DiscpSetRegistryValue
DiscpFreeDeviceInterfaceList
DiscpFreeMemory
DiscpTextAddrToBinary

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d52f09274bdf23c93710dedf1a9d242c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-commandlinetoargv-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

ws2_32

api-ms-win-core-handle-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

iscsidsc

iscsium

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 17KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 17KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB