FileZilla server[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FileZilla server.exe
Size

712KB
MD5

3c24199432b59e5ebe8b2abe40d85556
SHA1

bbfbbeaaa1dd7e10c88650d9454ffd97be12b3c2
SHA256

e9dace6d300c2afd7be6cc790e42c5f6c640c95131fd48978ab91d346fd0912b
SHA512

2d540650130d1e70048c176678395b4ee50d4e7a7653771995c1fc12e8f9ed0e6e2ec780ffc1aab0362914d5285e7f18a02d95a7817482d1299cb1efae762170
SSDEEP

12288:m5CZF8ifvmO5MrsXF6k3PXMSk5ostHJARHN2/1zQN3f4XrxEj0I5nZN7hZkvTrPU:mSfvmOWrsXF6WPXmbXajprxaTrPnvM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FileZilla server.exe

Files

FileZilla server.exe
.exe windows:5 windows x86 arch:x86

08e9ee4f413b0e0d9584d18a3980baf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dev\svn\FileZilla Server\trunk\FileZilla Server\source\Release\FileZilla server.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

ntohl
ntohs
setsockopt
getsockopt
ioctlsocket
accept
listen
shutdown
getsockname
getpeername
connect
WSAAsyncGetHostByName
send
gethostbyaddr
WSACancelAsyncRequest
closesocket
bind
inet_addr
WSAAsyncSelect
socket
htons
gethostbyname
gethostname
WSASetLastError
WSAGetLastError
inet_ntoa
htonl
WSAStartup
WSACleanup
recv

kernel32

GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
HeapReAlloc
GetLocalTime
GetLastError
SizeofResource
FindResourceW
GetModuleHandleW
GetSystemTime
SystemTimeToFileTime
SetLastError
FreeLibrary
LoadLibraryW
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
FileTimeToSystemTime
CreateFileW
SetFileTime
CloseHandle
GetSystemInfo
GlobalMemoryStatus
GetProcessWorkingSetSize
GetCurrentProcess
GetVersionExW
lstrcmpiW
SetUnhandledExceptionFilter
LoadLibraryA
FormatMessageW
GetCurrentThread
GetCurrentProcessId
SuspendThread
WriteFile
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
ReadFile
SetEndOfFile
GetTimeZoneInformation
GetFileAttributesW
SetThreadPriority
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
CreateEventW
CreateThread
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResumeThread
Sleep
FlushFileBuffers
VirtualFree
HeapCreate
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
RaiseException
HeapAlloc
GetStartupInfoA
GetCommandLineA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetLocaleInfoW
CreateFileA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GetStringTypeExA
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCPInfo
HeapFree
VirtualAlloc

user32

PostThreadMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
PostQuitMessage
RegisterWindowMessageW
MessageBoxW
SetTimer
DefWindowProcW
KillTimer
GetWindowLongW
PostMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
RegisterClassExW
LoadStringW
LoadStringA

advapi32

RegisterServiceCtrlHandlerW
ControlService
DeleteService
StartServiceW
CreateServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus

Sections

.text
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08e9ee4f413b0e0d9584d18a3980baf3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 591KB - Virtual size: 590KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 591KB - Virtual size: 590KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 6KB - Virtual size: 6KB