Smbtouch-1[.]1[.]1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Smbtouch-1.1.1.exe
Size

140KB
MD5

b50fff074764b3a29a00b245e4d0c863
SHA1

da488c3c94f2171d5911ebb64951f94251cff914
SHA256

108243f61c53f00f8f1adcf67c387a8833f1a2149f063dd9ef29205c90a3c30a
SHA512

4920f93ac8c41578cbeb7e5f35977780f0dc30345f1d8b100ab19e29d9c8f59dd7a530f398bd088362613bf14edebb872c343008e802ce36dad14e93c9d0f600
SSDEEP

3072:GeTBEAxnLkl8OYLJsDWtuCzdFh43yI57Kac2jfPVG4Mw:R2ARLs8OY9Usq227VG4Mw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Smbtouch-1.1.1.exe

Files

Smbtouch-1.1.1.exe
.exe windows:5 windows x86 arch:x86

b9766464d73642777aca828daca14628

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetLastError
SystemTimeToFileTime
GetSystemTime
OutputDebugStringA
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime

trch-1

Parameter_U8_getValue
Parameter_String_setValue
Parameter_Buffer_setValue
Params_findParamchoice
Paramchoice_getValue
Parameter_S16_getValue
Parameter_Buffer_getValue
Parameter_String_getValue
Parameter_hasValue
Parameter_IPv4_getValue
Parameter_Port_getValue
Parameter_Boolean_getValue
Params_findParameter

tucl-1

TcLog

ws2_32

ntohs
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
getservbyport
WSASetLastError
htons
WSAStartup
listen
bind
closesocket
setsockopt
socket
select
connect
ioctlsocket
send
recv
getsockopt

coli-0

coli_delete
coli_setValidate
coli_setProcess
coli_setID
coli_setCleanup
coli_create
mainWrapper

msvcrt

strtoul
toupper
tolower
strstr
memchr
sprintf
malloc
realloc
memcpy
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
isleadbyte
_itoa
free
?terminate@@YAXXZ
_controlfp
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
memset
strlen
_iob
strchr
_errno
calloc
memcmp
_snprintf
wctomb
strcmp

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9766464d73642777aca828daca14628

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

trch-1

tucl-1

ws2_32

coli-0

msvcrt

Sections

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 10KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 10KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB