Static task
static1
General
-
Target
imapsync_2.264.zip
-
Size
14.4MB
-
MD5
7d74a8bc99dd04779f89c54a85f3defd
-
SHA1
b06c34f41f32f3aadab9ec12764a10cfeb01149f
-
SHA256
1b9d5ca5d6279deab1a713dbd483a721ed70d24763051228538f7b88c7b0fc2b
-
SHA512
a5c5e265cb5b3603d5d44e9fe9fba207213b8c00cecbe88240dcedede2c8b9189cd6c08f9b1fac5b7778151d36938b4eac665ac3d30dee587d93ae885cde54d3
-
SSDEEP
393216:QViTTa/SoXGbZ128I036fa7yCgiTTaQUwpRIcNNWchkqw:QViOnXGbZ1o03Ya7yHiwYPNYf
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/imapsync_2.264/imapsync.exe unpack001/imapsync_2.264/oauth2_office365/oauth2_office365_with_imap.exe
Files
-
imapsync_2.264.zip.zip
-
imapsync_2.264/Cook/build_exe.bat
-
imapsync_2.264/Cook/imapsync.sh linux
-
imapsync_2.264/Cook/install_modules.bat
-
imapsync_2.264/Cook/test_cook_exe.bat
-
imapsync_2.264/Cook/test_cook_src.bat
-
imapsync_2.264/FAQ.d/FAQ.APPEND_errors.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Admin_Authentication.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Archiving.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Authentication_failure.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Bandwidth.txt
-
imapsync_2.264/FAQ.d/FAQ.Big_Mailbox.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Business.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Capacity_Planning.txt
-
imapsync_2.264/FAQ.d/FAQ.Contacts_Calendars.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Cyrus.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.DBmail.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Dates.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.David_Tobit.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Docker.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Domino.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Dovecot.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Duplicates.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Emptying.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Exchange.txt
-
imapsync_2.264/FAQ.d/FAQ.FirstClass.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Flags.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Folders_Mapping.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Folders_Selection.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Folders_Sizes.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Fun_Things.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.GDPR.txt
-
imapsync_2.264/FAQ.d/FAQ.General.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Gmail.txt.sh .ps1 linux polyglot
-
imapsync_2.264/FAQ.d/FAQ.GoDaddy.txt
-
imapsync_2.264/FAQ.d/FAQ.ISP.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.IceWarp.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.James.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Kerio.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Logfile.txt
-
imapsync_2.264/FAQ.d/FAQ.MDaemon.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.MailEnable.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Massive.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Memory.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Messages_Selection.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Messages_Too_Big.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Migration_Plan.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Office365.txt
-
imapsync_2.264/FAQ.d/FAQ.Old_Style_Web_Design.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.OnlineUI.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.POP3.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Passwords_on_Mac.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Passwords_on_Unix.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Passwords_on_Windows.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Principles.txt
-
imapsync_2.264/FAQ.d/FAQ.Release_Checklist.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Reporting_Bugs.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.SSL_errors.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Security.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Signals.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.SmarterMail.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.TTL.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Two_Ways_Sync.txt
-
imapsync_2.264/FAQ.d/FAQ.UCS.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Use_addheader.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Use_cache.txt
-
imapsync_2.264/FAQ.d/FAQ.Use_regexmess.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.User_Concurrent_Access.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Various_Software_Servers.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Virus.txt
-
imapsync_2.264/FAQ.d/FAQ.XOAUTH2.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Yahoo.txt
-
imapsync_2.264/FAQ.d/FAQ.Yandex.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.Zimbra.txt.sh linux
-
imapsync_2.264/FAQ.d/FAQ.iCloud.txt.sh linux
-
imapsync_2.264/FAQ.d/htaccess.txt
-
imapsync_2.264/LOG_imapsync/2023_11_22_20_24_45_859_warren_warrenheld_com_warren_warrenheld_com.txt
-
imapsync_2.264/LOG_imapsync/2023_11_22_20_28_15_516_warren_warrenheld_com_warren_warrenheld_com.txt
-
imapsync_2.264/LOG_imapsync/2023_11_22_20_29_27_082_warren_warrenheld_com_warren_warrenheld_com.txt
-
imapsync_2.264/LOG_imapsync/2023_11_22_20_34_00_942_warren_warrenheld_com_warren_warrenheld_com.txt
-
imapsync_2.264/README.txt
-
imapsync_2.264/README_Windows.txt
-
imapsync_2.264/file.txt
-
imapsync_2.264/imapsync.exe.exe windows:4 windows x64 arch:x64
ce7645a241f75c404315b10af89e107b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_chmod
_close
_environ
_errno
_findclose
_findfirst64
_findnext64
_fmode
_getpid
_initterm
_lock
_lseek
_mkdir
_onexit
_open
_putenv
_read
_rmdir
_spawnvp
_stat64
_strdup
_stricmp
_strnicmp
_unlink
_unlink
_unlock
_write
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
memcpy
rename
signal
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
vfprintf
wcslen
advapi32
GetUserNameA
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
imapsync_2.264/imapsync_example.bat
-
imapsync_2.264/imapsync_example_oauth2.bat
-
imapsync_2.264/oauth2_office365/README.txt
-
imapsync_2.264/oauth2_office365/example.bat
-
imapsync_2.264/oauth2_office365/infinite_loop_example.bat
-
imapsync_2.264/oauth2_office365/oauth2_office365_with_imap.exe.exe windows:4 windows x64 arch:x64
ce7645a241f75c404315b10af89e107b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_chmod
_close
_environ
_errno
_findclose
_findfirst64
_findnext64
_fmode
_getpid
_initterm
_lock
_lseek
_mkdir
_onexit
_open
_putenv
_read
_rmdir
_spawnvp
_stat64
_strdup
_stricmp
_strnicmp
_unlink
_unlink
_unlock
_write
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
memcpy
rename
signal
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
vfprintf
wcslen
advapi32
GetUserNameA
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
imapsync_2.264/sync_loop_windows.bat