FileZillaServer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FileZillaServer.exe
Size

617KB
MD5

7e76eed28b8b8696b7f7ed5f757aa304
SHA1

ad4e61e69915dd94afc9d334b1c98e5fb4ee2aa7
SHA256

4d42711b63f90ff9af3d6c8e4edb3ff08cab6fe5131d9a43f4d10d1ca51f7378
SHA512

6178d92c842f63dfcccd4f72125ac0d2682d042ab949b3429e6b5adce56182f5b43110e8673eeb35d8819e127af3d8b1d4da4b596603bd79266f876115a2c334
SSDEEP

12288:aMJoRRJVX/hS00PeMYPLCul+8dHqAQN3Zq70S4MStkUfj31iTrbzqE:Lm/VX/s0iezISTUfjoTrbzl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FileZillaServer.exe

Files

FileZillaServer.exe
.exe windows:5 windows x86

a6f3ce56ba26b16302ff4f1d2aed9fa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

setsockopt
getsockopt
ioctlsocket
accept
listen
shutdown
getsockname
getpeername
inet_ntoa
ntohs
connect
WSAAsyncGetHostByName
ntohl
recv
WSACancelAsyncRequest
closesocket
bind
inet_addr
WSAAsyncSelect
socket
htons
gethostbyname
gethostname
WSASetLastError
WSAGetLastError
WSAStartup
WSACleanup
send

kernel32

LoadLibraryA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetLocalTime
GetSystemTime
SystemTimeToFileTime
GetLastError
SizeofResource
FindResourceW
GetModuleHandleW
SetLastError
FreeLibrary
LoadLibraryW
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
DeleteFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
FileTimeToSystemTime
CreateFileW
SetFileTime
CloseHandle
WriteFile
InitializeCriticalSectionAndSpinCount
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
ReadFile
SetEndOfFile
CreateThread
WaitForSingleObject
Sleep
GetTimeZoneInformation
SetThreadPriority
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CreateEventW
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResumeThread
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeA
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
RaiseException
HeapAlloc
GetStartupInfoA
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
GetLocaleInfoW
SetStdHandle
CreateFileA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
HeapReAlloc

user32

PostThreadMessageW
SendMessageW
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
EnumWindows
GetWindowTextW
GetClassNameW
MessageBoxW
PostQuitMessage
LoadStringA
RegisterWindowMessageW
SetTimer
DefWindowProcW
KillTimer
GetWindowLongW
PostMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
RegisterClassExW
LoadStringW

advapi32

RegisterServiceCtrlHandlerW
ControlService
DeleteService
StartServiceW
CreateServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetServiceStatus

Sections

.text
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6f3ce56ba26b16302ff4f1d2aed9fa2

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 509KB - Virtual size: 509KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 509KB - Virtual size: 509KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 6KB - Virtual size: 6KB