iscsicli[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

iscsicli.exe
Size

44KB
MD5

829ab7f317da6b7c8acaa538b73ee60b
SHA1

170c3c015a71eb0e60ab3681d17bb2045fa593ef
SHA256

9a38010de00fffdda33e00c90a264c3a560442d5d5769e0397406dd24aa5b88d
SHA512

a2b997521afc2f6e6c6e81cf4a190ac882a73a31726617aa86ca256770d46e061863ee88c5c14817b6ae2c409fd73321dd920423fd34f222c3785612e7f86eff
SSDEEP

768:+3C0EhOINviIwSbuOZiwhhk/qtNQZd/Mn84qHGlshaWB7wCIr4:+3C0EhOIJOSbswhhk/+uZd0n84q4nCIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iscsicli.exe

Files

iscsicli.exe
.exe windows:10 windows x86 arch:x86

848034c374af0c845cdcd484ac34cfd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iscsicli.pdb

Imports

msvcrt

fgetws
feof
_wcstoui64
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__iob_func
__set_app_type
vswprintf_s
_cexit
__p__fmode
__setusermatherr
_initterm
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memcpy
_vsnwprintf
_wtoi
exit
_wcsicmp
_exit
memset

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ws2_32

WSACleanup
WSAStringToAddressA
WSAStartup

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Registry_PropertyW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

iscsidsc

GetIScsiIKEInfoW
GetIScsiSessionListW
ReportIScsiInitiatorListW
RemoveIScsiStaticTargetW
RefreshISNSServerW
RemoveIScsiConnection
ClearPersistentIScsiDevices
SetupPersistentIScsiVolumes
ReportIScsiPersistentLoginsW
SendScsiInquiry
AddISNSServerW
RemoveISNSServerW
RefreshIScsiSendTargetPortalW
SetIScsiIKEInfoW
LoginIScsiTargetW
SetIScsiInitiatorCHAPSharedSecret
GetDevicesForIScsiSessionW
AddIScsiStaticTargetW
RemoveIScsiPersistentTargetW
SendScsiReadCapacity
SetIScsiGroupPresharedKey
GetIScsiVersionInformation
ReportISNSServerListW
AddIScsiConnectionW
ReportIScsiSendTargetPortalsExW
RemovePersistentIScsiDeviceW
AddPersistentIScsiDeviceW
SetIScsiTunnelModeOuterAddressW
SendScsiReportLuns
ReportIScsiTargetsW
GetIScsiInitiatorNodeNameW
SetIScsiInitiatorNodeNameW
RemoveIScsiSendTargetPortalW
GetIScsiTargetInformationW
AddIScsiSendTargetPortalW
LogoutIScsiTarget
ReportPersistentIScsiDevicesW
ReportActiveIScsiTargetMappingsW

iscsium

DiscpTextAddrToBinary
DiscpEnumerateDeviceInterfaces
DiscpExecuteMethod
DiscpAllocMemory
DiscpSetRegistryValue
DiscpFreeDeviceInterfaceList
DiscpFreeMemory

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

848034c374af0c845cdcd484ac34cfd6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

ws2_32

api-ms-win-core-handle-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

iscsidsc

iscsium

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB