ipmitool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ipmitool.exe
Size

1.0MB
MD5

8cd19cb012034bc97aa79b32e8bb2d2f
SHA1

cecbcff48efe9b2d4c6e6058e3c9bd9e7f5a67dd
SHA256

e8686c6bd11be3546aeececd41ddca1f8ef9d48407e8dce4e45609606be67015
SHA512

1b195a7874fe5946938a272bb18d47622364823974411cf56d9d4965bac2674daa81178c6af15e0225ceea02bfe2051edc0758e314cadd1961ccc29629a7b0ca
SSDEEP

12288:3sMTNbkFjvnV8SL7ZBzuDEiGqXTmT24gXr9sAX5RCm8UlT:DTNwFjvmSpuEiGqVXr9sAX5gm8UJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ipmitool.exe

Files

ipmitool.exe
.exe windows:4 windows x86

a7804885246aafe256dff696108080fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cygcrypto-0.9.8

ERR_error_string
ERR_get_error
EVP_CIPHER_CTX_cleanup
EVP_CIPHER_CTX_init
EVP_CIPHER_CTX_set_padding
EVP_DecryptFinal_ex
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_EncryptFinal_ex
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_aes_128_cbc
EVP_sha1
HMAC
MD2_Final
MD2_Init
MD2_Update
MD5_Final
MD5_Init
MD5_Update
RAND_bytes
RAND_load_file

cygwin1

__assert
__errno
__getreent
__main
__mb_cur_max
_ctype_
_fcntl64
_fopen64
_fstat64
_getegid32
_geteuid32
_getgid32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_lstat64
_open64
_stat64
abort
access
alarm
atof
atoi
atol
bcopy
bind
calloc
cbrt
ceil
chdir
close
closedir
closelog
connect
cygwin_internal
dll_crt0__FP11per_process
dup
endpwent
exit
exp
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getenv
gethostbyname
getopt
getpass
getpid
getppid
getpwent
getpwnam
getsockname
gettimeofday
inet_ntoa
inet_ntop
inet_pton
ioctl
iswalnum
iswlower
iswupper
kill
localtime
log
log10
longjmp
malloc
mbrlen
mbrtowc
memcpy
memmove
memset
mktime
opendir
openlog
optarg
optind
perror
poll
pow
printf
putc
putchar
puts
qsort
rand
read
readdir
realloc
recv
recvfrom
rewind
select
send
sendto
setenv
setjmp
setlocale
setpgrp
setpwent
sigaction
sigaddset
sigdelset
sigemptyset
signal
sigprocmask
sleep
snprintf
socket
sprintf
sqrt
srand
sscanf
strcasecmp
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strdup
strerror
strftime
strlen
strncasecmp
strncmp
strncpy
strpbrk
strptime
strrchr
strsep
strtod
strtok
strtol
strtoul
syslog
tcflow
tcgetattr
tcsetattr
time
towlower
towupper
umask
usleep
vsnprintf
wcrtomb
wcwidth
write

kernel32

GetModuleHandleA

user32

CloseClipboard
GetClipboardData
OpenClipboard

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 541KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_MEM_DISCARDABLE

.stabstr
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

a7804885246aafe256dff696108080fd

Headers

File Characteristics

Imports

cygcrypto-0.9.8

cygwin1

kernel32

user32

Sections

.text Size: 299KB - Virtual size: 299KB

.data Size: 51KB - Virtual size: 51KB

.rdata Size: 124KB - Virtual size: 123KB

.bss Size: - Virtual size: 541KB

.idata Size: 5KB - Virtual size: 4KB

.stab Size: 321KB - Virtual size: 320KB

.stabstr Size: 152KB - Virtual size: 151KB

.text
Size: 299KB - Virtual size: 299KB

.data
Size: 51KB - Virtual size: 51KB

.rdata
Size: 124KB - Virtual size: 123KB

.bss
Size: - Virtual size: 541KB

.idata
Size: 5KB - Virtual size: 4KB

.stab
Size: 321KB - Virtual size: 320KB

.stabstr
Size: 152KB - Virtual size: 151KB