fsutil[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fsutil.exe
Size

133KB
MD5

7344d720c61bd5028b5c521b6acda95d
SHA1

c502e88751ce0554553f4969997fe2f5547faefa
SHA256

1a988d562a72325c0e97e4be05fb311e052e12a095387754fed02b446b032a1a
SHA512

6d4148b3e7079ddc57d3b2bd5e90c4d1326cc817ebc95ae7fddb446d2d28e011f78e62e1c1ec21d60c3984e6f041f16dac4f4720c2c2387f97bce1e074acb899
SSDEEP

3072:4Cyz+KlW+RInMlyfGt+1mlhHLYAHhAWqqkzL6ZqnEBcD3rYF4ZXTPou:4hW+RInMlyfGt+1mlRLYAHhAWqTzUBco

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fsutil.exe

Files

fsutil.exe
.exe windows:6 windows x64

99453c7f66c01631702c7009e070a3d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wcsicmp
_vsnwprintf
calloc
isalpha
setlocale
toupper
isdigit
wcscat_s
wcsrchr
_wtoi
towupper
realloc
wcscpy_s
wprintf
wcsncpy_s
_wcsdup
exit
_errno
iswctype
wcstoul
_wcstoui64
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
swprintf_s
free
malloc
memcpy_s
_wcsnicmp
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
memset
memcpy
wcschr
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlVerifyVersionInfo
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
NtSetInformationFile
RtlNtStatusToDosError
VerSetConditionMask
RtlTimeToTimeFields
RtlStringFromGUID
NtEnumerateTransactionObject
RtlGetOwnerSecurityDescriptor
RtlAllocateHeap
NtQuerySecurityObject
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlSetCurrentTransaction
RtlGetCurrentTransaction
NtSetQuotaInformationFile
NtQueryQuotaInformationFile
RtlLengthSid
NtSetVolumeInformationFile
NtOpenFile
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtQueryInformationFile
NtClose
RtlInitializeCriticalSection

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
SetConsoleCtrlHandler

api-ms-win-core-datetime-l1-1-1

GetTimeFormatW
GetDateFormatW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

CreateFileW
QueryDosDeviceW
SetFilePointerEx
SetEndOfFile
DeleteFileW
GetFinalPathNameByHandleW
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
FindClose
FindFirstFileW
GetFileAttributesW
GetFullPathNameW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
WriteFile
FindNextFileW
GetTempPathW
GetTempFileNameW
GetFileSizeEx
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceExW
CreateDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-2-0

GetCurrentDirectoryW
GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-2

CreateProcessW
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-sysinfo-l1-2-1

GetWindowsDirectoryW
GetSystemInfo
GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-2-0

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-security-lsalookup-l1-1-1

LookupAccountNameLocalW
LookupAccountSidLocalW

ktmw32

CommitTransaction
RollbackTransaction
OpenTransaction
GetTransactionInformation

ole32

CoTaskMemFree
StringFromIID
StringFromGUID2
IIDFromString

kernel32

GetComputerNameW
LocalFree
SystemTimeToTzSpecificLocalTime
HeapAlloc
HeapFree
GetProcessHeap
GetVolumePathNamesForVolumeNameW
WaitForSingleObject
DelayLoadFailureHook
ResolveDelayLoadedAPI
FileTimeToSystemTime
SetThreadUILanguage
HeapSetInformation
FindNextFileNameW
FindFirstFileNameW
CreateHardLinkW
FormatMessageW
OpenFileById
GetFileInformationByHandleEx
Sleep
LoadLibraryW

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99453c7f66c01631702c7009e070a3d6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-security-lsalookup-l1-1-1

ktmw32

ole32

kernel32

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 128B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 128B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 900B