2ccf78a81bac1b7d7058af9b27cf5bba724d5ffa0c04981d0a6786eb44a159d1

Sharing

Copy URL

Twitter E-mail

General

Target

2ccf78a81bac1b7d7058af9b27cf5bba724d5ffa0c04981d0a6786eb44a159d1
Size

156KB
MD5

397e075f311c064ae11d94f4ac7316de
SHA1

929a51dc7c4cdaa21483b0fb63bf9a031166436a
SHA256

2ccf78a81bac1b7d7058af9b27cf5bba724d5ffa0c04981d0a6786eb44a159d1
SHA512

a2615710cb5fc1f3f4cfd347175e2651b36b0147a5fe95fb2fcb1d54ee20600457cc2c5e85eb28ead6f51860b3d0cd7e81f046ce86f615516c1c45c24cf65e20

Score

N/A

Malware Config

Signatures

Files

2ccf78a81bac1b7d7058af9b27cf5bba724d5ffa0c04981d0a6786eb44a159d1
.dll regsvr32 windows x86

47e1c1b9f766bd2a1279bcba5bfde867

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
CreateProcessW
GetTickCount
LoadLibraryW
Sleep
GetStartupInfoW
GetProcAddress
VirtualProtectEx
CloseHandle
GetWindowsDirectoryW
DeleteFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
ReadFile
SetEndOfFile
SetFilePointer
GetConsoleMode
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetFileType
CreateFileA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStartupInfoA
SetStdHandle
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
GetConsoleCP

ws2_32

WSACloseEvent
connect
WSAStartup
WSASocketW
WSACleanup
bind
socket
closesocket
WSAWaitForMultipleEvents
accept
WSAConnect

mswsock

EnumProtocolsW

Exports

Exports

Bottomyour
DllRegisterServer

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47e1c1b9f766bd2a1279bcba5bfde867

Code Sign

Headers

File Characteristics

Imports

kernel32

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 41KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 41KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB