pscp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pscp.exe
Size

538KB
MD5

32febd74ddeb4e94e449b30f01605e60
SHA1

0d1aa9ac0c8ef0d2ff6a3e1103be240a43fce8cb
SHA256

1fb533fe378004c82f3f84c43d54051ad4addcc1163662493f2226716cd78362
SHA512

7cd4b0a9d52026684c084b6b55f72dcb9db3405039dd6f4e660f37d284ef29d242d4e3281f8b7d4c9a444d1d53088c080eb5e425e223ae0f8549c3dc249ad9c9
SSDEEP

6144:F6kXXPfr7i/4Pnis7RDyYCgDmmuRyItuEN6Z6NEJwpjW6r8BTwomEn0s1LKTkP7t:EkH3C/4fisHmmuRyImFB0w7PQ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pscp.exe

Files

pscp.exe
.exe windows:5 windows x64

12cfe009cc13e2bef12c546d79ba9c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetUserNameA
EqualSid
CopySid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteValueA
RegSetValueExA

user32

GetActiveWindow
GetLastActivePopup
MessageBoxA
SendMessageA
FindWindowA
GetForegroundWindow
GetCapture
GetClipboardOwner
GetQueueStatus
GetCursorPos

kernel32

GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
HeapSize
GetStringTypeW
WriteConsoleW
GetTickCount
GetProcAddress
ReadFile
SetConsoleMode
GetConsoleMode
GetStdHandle
WriteFile
FreeLibrary
LoadLibraryExA
CloseHandle
SetEvent
GetOverlappedResult
WaitForSingleObject
GetLastError
CreateEventA
CreateThread
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
SetHandleInformation
GetSystemTimeAdjustment
GetSystemTime
GetProcessTimes
GetCurrentProcess
GetThreadTimes
GetCurrentThread
GlobalMemoryStatus
QueryPerformanceCounter
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
LocalFree
WaitNamedPipeA
CreateFileA
CreateNamedPipeA
ConnectNamedPipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LocalAlloc
GetCurrentThreadId
CreateProcessA
CreatePipe
OpenProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileTime
GetFileSize
SetFileTime
SetFilePointer
GetFileAttributesA
CreateDirectoryA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ExpandEnvironmentStringsA
GetModuleFileNameA
DeleteFileA
GetEnvironmentVariableA
GetLocalTime
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetDateFormatA
GetTimeFormatA
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
RtlUnwindEx
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetConsoleCP
FlushFileBuffers
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetTimeZoneInformation
LCMapStringW
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
CreateFileW

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12cfe009cc13e2bef12c546d79ba9c13

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 8KB - Virtual size: 23KB

.pdata Size: 21KB - Virtual size: 21KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 8KB - Virtual size: 23KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB