8d39de84d5b2c28fb05459eab03a6ca792fe116a96d521b4e1ed9c964996d502N

Sharing

Copy URL Twitter E-mail

General

Target

8d39de84d5b2c28fb05459eab03a6ca792fe116a96d521b4e1ed9c964996d502N
Size

697KB
MD5

dbbbd29789e5638a79c6e4bbdde2c590
SHA1

5efcfa1f97d4daa895fc33eed19495ff3e6e1c91
SHA256

8d39de84d5b2c28fb05459eab03a6ca792fe116a96d521b4e1ed9c964996d502
SHA512

3cc6951d880b6990e814bddd1be8e4ebea1c81836798ca974dad25785d5022b1eab4348203df4ab84476ae7f90f4b0ba92d1492ba55f20b3532a456e91c80ce4
SSDEEP

12288:3O1ifp1mqVD74lXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:3O1ifp1mqVD74lsqjnhMgeiCl7G0nehk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d39de84d5b2c28fb05459eab03a6ca792fe116a96d521b4e1ed9c964996d502N

Files

8d39de84d5b2c28fb05459eab03a6ca792fe116a96d521b4e1ed9c964996d502N
.exe windows:4 windows x86 arch:x86

675b482124aeb583bf4a3aea531609ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

cygopenssh

a2port
addargs
argv_free
argv_split
asmprintf
atomicio
atomicio6
atomiciov6
bandwidth_limit
bandwidth_limit_init
binary_open
cleanhostname
freeargs
log_init
monotime_double
mprintf
msetlocale
parse_uri
parse_user_host_path
parse_user_host_port
path_absolute
put_u32
replacearg
sanitise_stdfd
ssh_err
ssh_signal
sshbuf_free
sshbuf_froms
sshbuf_get_cstring
sshbuf_get_string
sshbuf_get_u32
sshbuf_get_u64
sshbuf_get_u8
sshbuf_len
sshbuf_new
sshbuf_ptr
sshbuf_put_cstring
sshbuf_put_string
sshbuf_put_stringb
sshbuf_put_u32
sshbuf_put_u64
sshbuf_put_u8
sshbuf_reserve
sshbuf_reset
sshfatal
sshlog
strtonum
tilde_expand_filename
xcalloc
xextendf
xmalloc
xreallocarray
xrecallocarray
xstrdup

cygwin1

__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
__progname
__stack_chk_fail
__stack_chk_guard
_dll_crt0@0
_exit
_fopen64
_fstat64
_ftruncate64
_geteuid32
_getgrgid32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_lstat64
_stat64
alarm
basename
calloc
chdir
chmod
close
closedir
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
dup2
execl
execvp
exit
fchmod
fclose
fgets
fileno
fopen
fork
fprintf
free
fstat
fsync
ftruncate
fwrite
getcwd
getenv
geteuid
getgrgid
getopt
getpgrp
getpid
getpwnam
getpwuid
getuid
ioctl
isalnum
isalpha
isatty
isblank
iscntrl
isdigit
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
kill
localtime
lseek
lstat
malloc
memcpy
memset
mkdir
opendir
optarg
opterr
optind
optopt
optreset
perror
pipe
poll
posix_memalign
printf
putchar
puts
qsort
read
readdir
realloc
reallocarray
setpassent
setvbuf
sigaction
snprintf
stat
strcasecmp
strchr
strcmp
strcspn
strdup
strerror
strftime
strlcat
strlcpy
strlen
strncmp
strnlen
strpbrk
strrchr
strsignal
strspn
strtol
strtoll
tcgetpgrp
time
tolower
umask
utimes
vsnprintf
waitpid
write
writev

cyggcc_s-1

__addvdi3
__addvsi3
__divdi3
__moddi3
__mulvdi3
__mulvsi3
__negvdi2
__negvsi2
__subvdi3
__subvsi3
__udivdi3
__umoddi3

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

675b482124aeb583bf4a3aea531609ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygopenssh

cygwin1

cyggcc_s-1

kernel32

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 18KB - Virtual size: 17KB

.buildid Size: 512B - Virtual size: 53B

/4 Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 14KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 18KB - Virtual size: 17KB

.buildid
Size: 512B - Virtual size: 53B

/4
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 14KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB