esfilter[.]exe

General

Target

esfilter.exe
Size

228KB
MD5

10a2c77beb96047787186c578d5176be
SHA1

711e40997be731d7718372e7752006ec7f7d2056
SHA256

a2a907dea44787df0a04bbbb34b35a9613ab7363f26deca0e1fe089337a6f110
SHA512

de15cb17abe70a32726500313e8784937a2f71fd1a2425fc5c90559c06576e45950d276f78ea434cf649f560f764eb9f78a4ca12367cf3f9cbbee1330a468796
SSDEEP

3072:n8MdKl+vdtTx47hXsWexkmpA7/+fxa30xoifk0zrUDfHrTMxOtMrAx/Ag0FuSJt:nHtYKq2fxIIfdrUDfLTMzUZAO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
esfilter.exe

Files

esfilter.exe
.exe windows:4 windows x86

fd1abe8edccee6b66f6cecb2f3d44647

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
socket
ioctlsocket
gethostbyname
htons
ntohl
setsockopt
connect
WSAStartup
WSACleanup
select
__WSAFDIsSet
recv
send
WSAGetLastError

kernel32

TlsFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
RaiseException
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
Sleep
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
MultiByteToWideChar
ReadFile
HeapReAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
CloseHandle
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
RtlUnwind
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
LoadLibraryA
CreateFileA
WriteConsoleA

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd1abe8edccee6b66f6cecb2f3d44647

Headers

File Characteristics

Imports

wsock32

kernel32

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 1.1MB

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 1.1MB