sftp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sftp.exe
Size

365KB
MD5

72c41aa478ca868f95ad0936af65818a
SHA1

024b9df2efb0367cf200f34085f71871ed931249
SHA256

a354eb6416ab635ab8059fe07fb87488793eee30fab09429e00974dbf38f90c1
SHA512

6a96e0b394684c96bdc84d426befc9413d06bcbcec106fc237f0777a42f0d829c4ad1b14a962e6936178bd43fb1d67f3d62a21e66a32927efab3aa910a9b7c00
SSDEEP

6144:Vn7Km0i3oMHvsZxcjFSqnOafrdAcJOk0CohE+fCbGx9c94Qh62hj:Vn70i3oMHvs7iF7OafBAcrDozIGx+9L1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sftp.exe

Files

sftp.exe
.exe windows:6 windows x64

947638ab1946ade1d795a5c155171a04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcrypto

ERR_get_error
RAND_bytes
RAND_status
SSLeay

kernel32

SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerA
QueueUserAPC
CreateDirectoryW
GetCPInfo
WaitForSingleObject
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
CreateWaitableTimerW
FlushFileBuffers
OpenThread
SetFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
GetFileType
CreateProcessW
GetCurrentProcessId
SetFilePointerEx
GetProcessHeap
CloseHandle
GetProcAddress
LocalFree
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLastError
GetTickCount64
ExpandEnvironmentStringsW
DuplicateHandle
GetCurrentThreadId
GetSystemDirectoryW
GetWindowsDirectoryW
GetComputerNameW
SetEndOfFile
GetExitCodeProcess
MultiByteToWideChar
FillConsoleOutputCharacterA
GetOEMCP
SetConsoleTextAttribute
TerminateProcess
SetConsoleScreenBufferSize
ScrollConsoleScreenBufferA
GetConsoleCursorInfo
GetConsoleCP
SetConsoleWindowInfo
GetConsoleMode
SetConsoleCursorInfo
CreateFileA
WriteConsoleOutputA
GetACP
FillConsoleOutputAttribute
IsValidCodePage
WriteConsoleW
Beep
SetConsoleCursorPosition
ReadConsoleOutputA
CancelIo
CreateNamedPipeA
DeviceIoControl
WriteFileEx
GetFileInformationByHandle
GetFileAttributesExW
ReadFileEx
SleepEx
HeapReAlloc
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
SetEvent
ResetEvent
VerSetConditionMask
VerifyVersionInfoW
LCMapStringW
CompareStringW
CreateEventA
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetModuleFileNameW
GetFinalPathNameByHandleW
GetStdHandle
FreeLibraryAndExitThread
GetCurrentProcess
SetHandleInformation
GetFileSizeEx
SetConsoleOutputCP
SetConsoleMode
ExitThread
CreateThread
PeekNamedPipe
GetSystemDirectoryA
HeapSize
RaiseException
WaitForMultipleObjectsEx
WaitForSingleObjectEx
LoadLibraryExW
ReadFile
WriteFile
CancelSynchronousIo
CancelIoEx
ReadConsoleInputW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
GetLocalTime
FindFirstFileExW
FindClose
GetCurrentDirectoryW
SetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
SetStdHandle
SetFileAttributesW
GetFullPathNameW
SetEnvironmentVariableW

ws2_32

WSASend
WSAStartup
getsockname
socket
WSARecv
WSAGetOverlappedResult
setsockopt
getservbyname
ntohs
closesocket
WSADuplicateSocketW
WSASocketW
WSAGetLastError

advapi32

EventWrite
EventRegister
LookupAccountNameW
IsValidAcl
RegCloseKey
RegOpenKeyExW
GetTokenInformation
ConvertSidToStringSidW
LookupAccountSidW
RegQueryValueExW
GetAce
CopySid
GetNamedSecurityInfoW
IsWellKnownSid
IsValidSid
IsValidSecurityDescriptor
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

user32

ShowWindow
FindWindowA
GetWindowPlacement

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

947638ab1946ade1d795a5c155171a04

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto

kernel32

ws2_32

advapi32

crypt32

user32

Sections

.text Size: 261KB - Virtual size: 261KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 252KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 261KB - Virtual size: 261KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 252KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB