anchordns | c489a2b966c615504a618c46ab8dbbe94d5f11cec2219113c2d0b62e4bb497d2

Sharing

Copy URL

Twitter E-mail

General

Target

c489a2b966c615504a618c46ab8dbbe94d5f11cec2219113c2d0b62e4bb497d2
Size

305KB
MD5

a3c8febccc2edd615ff98e78b8ebf6c2
SHA1

071f15d61322c0480bb71690ed114f3736f7844c
SHA256

c489a2b966c615504a618c46ab8dbbe94d5f11cec2219113c2d0b62e4bb497d2
SHA512

6c15e95112868969184d511f5cc35bddd868e8e2a4c61b4c12bff45383e62a0a90fe1fde4bd56fa0dca1523ebf90c05e8a5e08966d3b6f85517156fd5d38d28b
SSDEEP

6144:1TAstnaza+n4KNLJ5kqJnzW+2yNmBdD1fbjSVhqAiFePD:JA0naz9n4K75nxz6yNmBdD1zuVvOeP

Score

10^/10

backdoor anchordns

Malware Config

Signatures

Anchordns family
anchordns

Detected AnchorDNS Backdoor 1 IoCs

Sample triggered yara rules associated with the AnchorDNS malware family.

backdoor

resource	yara_rule
sample	family_anchor_dns

Files

c489a2b966c615504a618c46ab8dbbe94d5f11cec2219113c2d0b62e4bb497d2
.dll windows x86

bda6cb91b2b34a23afb9a091770d342d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
closesocket
shutdown
WSAStartup
socket
ntohs
recvfrom
sendto

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus

kernel32

WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
GetEnvironmentStringsW
IsDebuggerPresent
GetComputerNameExW
GetLastError
LoadLibraryA
WideCharToMultiByte
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
ReadFile
WriteFile
GetSystemWindowsDirectoryA
CreateProcessW
GetSystemWindowsDirectoryW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CreateFileW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
LCMapStringW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bda6cb91b2b34a23afb9a091770d342d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winhttp

advapi32

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 284B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 284B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 5KB - Virtual size: 5KB