ftpdmin-0[.]96[.]exe

General

Target

ftpdmin-0.96.exe
Size

64KB
MD5

0bce68395362f0452f875d0805c6e480
SHA1

6503e90f6d8a0ba43207d5ed40fa58142ef2fea7
SHA256

4f03bb5e05e64b3c7af4ea5141079b0758cf04db1170ec59b690c6c13a1669c9
SHA512

080ecdeb12240d3b112481c7b3de9d4942ebd0e9d7f10b2d58976aaa70d802d06dfd156e45150638dc22807e465a6c80e02c7c130f41d44bf88bd66799ad38b9
SSDEEP

1536:qR/EOeEoUTHsNI/e2jEUcY/0rPZsFooHI:I/teOWq9P/0bZsFooHI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ftpdmin-0.96.exe

Files

ftpdmin-0.96.exe
.exe windows:4 windows x86 arch:x86

c3df79fdd3e382c2062ceff7cc9deb81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
connect
send
htons
closesocket
socket
ntohs
bind
getsockname
gethostbyname
WSAStartup
gethostname
accept
inet_ntoa
listen

kernel32

DeleteCriticalSection
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileA
RemoveDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
CreateDirectoryA
CompareStringA
CompareStringW
ReadFile
LoadLibraryA
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
MoveFileA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
GetTimeZoneInformation
SetEndOfFile
VirtualAlloc
HeapReAlloc
SetStdHandle
GetFileType
WriteFile
SetHandleCount
GetStdHandle
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
FlushFileBuffers
GetCPInfo
CreateFileA
GetACP
GetOEMCP
GetProcAddress

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3df79fdd3e382c2062ceff7cc9deb81

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 13KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 13KB