rsync[.]exe | Triage

General

Target

rsync.exe
Size

254KB
MD5

606852391343a319746db8daa1a114c9
SHA1

03fb6f4418f9c7e145046f986d7d2febf9a31027
SHA256

36aadfa2686ee8227f92ca5530c59feb2d6a064397a5e9c0771a0a124e64b435
SHA512

9104fc6bff75717fad45b1d5bd40b2b1087c00240125169c1f9eb6e9de70fddd9214516a8e36c3096da63d166cadb7cec6033b0c193262e50b19e7e8724eb808
SSDEEP

6144:/UHNAtdMD78N3HcCtXgyW6h+mHHHTB05mhbMqrFTB8:6NAjq7c3HcgQytHrrFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rsync.exe

Files

rsync.exe
.exe windows:4 windows x86

c367f467c6ec28f5a3200e45ef070469

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_exit
_fcntl64
_fopen64
_fstat64
_ftruncate64
_getegid32
_geteuid32
_getgrgid32
_getgrnam32
_getgroups32
_getpwuid32
_getuid32
_impure_ptr
_lchown32
_lseek64
_lstat64
_mknod32
_open64
_setgid32
_setgroups32
_setuid32
_stat64
accept
access
asctime
asprintf
atof
atoi
bind
calloc
chdir
chmod
chroot
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
dup2
execvp
exit
fchmod
fclose
fflush
fork
fprintf
fputc
fread
free
fwrite
getc
getcwd
getenv
gethostbyaddr
gethostbyname
getpass
getpeername
getpgrp
getpid
getpwnam
getservbyname
getservbyport
getsockname
getsockopt
gettimeofday
glob
globfree
h_errno
inet_ntop
inet_pton
kill
link
listen
localtime
mallinfo
malloc
memcpy
memmove
memset
mkdir
mkstemp
opendir
openlog
qsort
read
readdir
readlink
realloc
rename
rmdir
select
setlocale
setmode
setsid
setsockopt
shutdown
signal
sleep
snprintf
socket
socketpair
sprintf
sscanf
strcasecmp
strchr
strcmp
strcpy
strdup
strerror
strftime
strlcat
strlcpy
strlen
strncasecmp
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
symlink
sysconf
syslog
system
tcgetpgrp
time
umask
unlink
utime
vsnprintf
waitpid
write
h_errno

kernel32

GetModuleHandleA

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c367f467c6ec28f5a3200e45ef070469

Headers

File Characteristics

Imports

cygwin1

kernel32

Sections

.text Size: 199KB - Virtual size: 199KB

.data Size: 5KB - Virtual size: 5KB

.rdata Size: 44KB - Virtual size: 44KB

.bss Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 199KB - Virtual size: 199KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 44KB - Virtual size: 44KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 3KB