ftp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ftp.exe
Size

52KB
MD5

bffd361f6129f4273f9b16f3d4d5d119
SHA1

9358dd9ddcdeb86d9a4c2ee4ae978467f309d3d8
SHA256

094228979e766e41961e4296b0fe3f5d43f28e61a47c03e17c18c07a58008050
SHA512

c4c5d8e4adbc4051bc43bfac0b1a8ab821ac12a6236c658246eb5f9d742cb57b41347e7fcfc63be7b50a1f8c75a545219ac652266f6a6c230124157f0f9c3518
SSDEEP

768:X+lMWvnNSDzGeJ47xjBoziZTz2lo6nkPk/RrK3PBCW2ldFKJOdgExueP52eablE4:cMKx7hCo6CmWUdeixue8lcu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ftp.exe

Files

ftp.exe
.exe windows:6 windows x64

278f287d4013fc0d71d1c2843c6500ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlink
longjmp
fflush
_setmode
_wfopen
iswlower
_wgetcwd
_errno
clearerr
memmove_s
_wtmpnam
_fileno
_isatty
feof
calloc
_fstat
_wfsopen
_wchdir
exit
_wunlink
_wgetenv
?terminate@@YAXXZ
_commode
fclose
_fmode
__C_specific_handler
free
_initterm
_wtoi
__setusermatherr
_cexit
towlower
_iob
_exit
__set_app_type
__wgetmainargs
_amsg_exit
wcschr
_XcptFilter
iswdigit
wcscat_s
_write
wcscpy_s
memcpy_s
towupper
_chdrive
_vsnwprintf
clock
_wtempnam
_wcsicmp
_vscwprintf
fwprintf
fgetpos
vswprintf_s
fread
_get_osfhandle
malloc
_read
_setjmp
memcpy
memset
wcscmp

sspicli

GetUserNameExW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

ws2_32

ntohs
setsockopt
WSARecv
GetNameInfoW
send
listen
accept
select
WSASetLastError
connect
WSAStartup
htonl
WSAGetLastError
getsockname
shutdown
bind
socket
getservbyname
FreeAddrInfoW
GetHostNameW
htons
recv
closesocket
GetAddrInfoW
__WSAFDIsSet

api-ms-win-core-localization-l1-2-1

SetThreadUILanguage
FormatMessageW

api-ms-win-core-file-l1-2-1

FindFirstFileW
FindClose
GetTempFileNameW
GetFileSizeEx
GetFileType
ReadFile
GetTempPathW
FindNextFileW
SetFilePointerEx
CreateFileW
GetFileAttributesW

mswsock

TransmitFile
s_perror

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
CreateEventW
InitializeCriticalSection
Sleep
EnterCriticalSection
WaitForSingleObject
WaitForMultipleObjectsEx
ResetEvent

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableW
GetCurrentDirectoryW

api-ms-win-core-console-l1-1-0

GetConsoleMode
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateProcessW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-io-l1-1-1

GetOverlappedResult

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

278f287d4013fc0d71d1c2843c6500ea

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

sspicli

api-ms-win-core-heap-l1-2-0

ws2_32

api-ms-win-core-localization-l1-2-1

api-ms-win-core-file-l1-2-1

mswsock

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 41KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 41KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 232B