Robocopy[.]exe

Resubmissions

08/07/2024, 15:53

240708-tb4easwfmn 3

08/07/2024, 15:51

240708-taj92ayfkg 3

Sharing

Copy URL Twitter E-mail

General

Target

Robocopy.exe
Size

176KB
MD5

24e6020a29642730af4c19d5b16b7ea1
SHA1

191b5e61f97c7bffa398d99adb25852bfdc81536
SHA256

dfe03a9f05ea79d82e264a861f296051707478dfe82c142644dfb48d303e3cea
SHA512

4c0ca7e5a721c6001ad77054dbe7747c2c346abebda7c879af0adcd96690d9ad5f892550266dcbe394a1875e7da202c960f8ac7eb17deb03f0b61a1401aea1b6
SSDEEP

3072:svpNpU555RWc51J+ND8RuLIhobmOxJbPPfr38o95WW0znpAtXwdX7g:0pNpUD5Rz+MuQoiMJbPfr3ZbGpAtXw7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Robocopy.exe

Files

Robocopy.exe
.exe windows:10 windows x64 arch:x64

fd7565eca3274aa505e2b7b750db8dce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

robocopy.pdb

Imports

msvcrt

__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
__C_specific_handler
_wcsnicmp
_wcsicmp
malloc
__set_app_type
wcsstr
clock
ctime
time
_lock
_unlock
exit
_exit
_cexit
??1type_info@@UEAA@XZ
__setusermatherr
_initterm
_fmode
__dllonexit
_onexit
_commode
free
memset
?terminate@@YAXXZ
memcpy
memcmp
_CxxThrowException
wcstok_s
wcscat_s
wcscpy_s
fwprintf_s
fflush
wcstol
_wsetlocale
swprintf_s
fwprintf
memmove_s
printf
fgetws
_wcsupr_s
_wfopen
_vsnprintf_s
_fileno
_setmode
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__iob_func
_errno
_get_osfhandle
fprintf
_purecall
fputws
fclose
memcpy_s
_vsnwprintf
wprintf
__CxxFrameHandler4
wcscmp

kernel32

lstrlenW
WriteConsoleW
GetStdHandle
HeapValidate
GetConsoleMode
GetFileType
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
ExitProcess
OpenThread
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateThread
GetExitCodeThread
ExitThread
GetModuleFileNameA
SizeofResource
CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetFullPathNameW
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetVersion
FormatMessageW
LocalFileTimeToFileTime
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
FileTimeToSystemTime
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
LockResource
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
FindResourceExW
LoadResource
HeapAlloc
GetLocalTime
GetProcAddress
CreateMutexExW
GetTimeFormatW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
GetSystemTime
DebugBreak
GetDateFormatW
IsDebuggerPresent
InitializeSRWLock
CloseThreadpoolWork
CreateThreadpool
SetWaitableTimer
TlsSetValue
GetConsoleOutputCP
CreateWaitableTimerW
SetFileTime
WaitForMultipleObjects
SetThreadUILanguage
InitializeCriticalSection
SetErrorMode
CreateFileW
GetFileAttributesW
FindFirstChangeNotificationW
OpenProcess
CreateEventW
CloseThreadpoolCleanupGroupMembers
Sleep
SetThreadpoolThreadMaximum
SetEvent
FindCloseChangeNotification
TlsAlloc
QueryPerformanceFrequency
CreateThreadpoolCleanupGroup
HeapSetInformation
ResetEvent
FindNextChangeNotification
SubmitThreadpoolWork
SleepEx
TlsGetValue
QueryPerformanceCounter
ResumeThread
CreateThreadpoolWork
GetLocaleInfoEx
LocalAlloc
GetNumberFormatEx
LocalFree
WideCharToMultiByte
CreateDirectoryW
GetVolumeInformationW
CompareFileTime
FindFirstFileW
DeviceIoControl
RemoveDirectoryW
FindClose
SetFileAttributesW
GetFileInformationByHandle
GlobalFree
CopyFile2
lstrcmpW
RtlCompareMemory
BackupWrite
CompareStringOrdinal
DeleteFileW
BackupRead
GetTickCount
SetThreadPriority

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorControl
EncryptFileW
ReadEncryptedFileRaw
DecryptFileW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
WriteEncryptedFileRaw
OpenEncryptedFileRawW
CloseEncryptedFileRaw
OpenProcessToken

user32

UnregisterClassA
LoadStringW

ws2_32

WSACleanup

ntdll

NtSetInformationProcess
NtOpenFile
RtlGetDaclSecurityDescriptor
NtQuerySecurityObject
NtQueryDirectoryFile
RtlFreeHeap
NtQueryInformationFile
RtlSetControlSecurityDescriptor
NtClose
NtSetSecurityObject
NtSetEaFile
NtSetInformationFile
RtlInitUnicodeString
RtlGetSaclSecurityDescriptor
RtlDosPathNameToRelativeNtPathName_U
RtlGetControlSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtQueryEaFile

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fd7565eca3274aa505e2b7b750db8dce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

ws2_32

ntdll

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 208B

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 208B