bo2bck[.]tar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

bo2bck.tar
Size

373KB
MD5

8abd17bb45aaf7ded8caa930b60d38ef
SHA1

088e885d29c4ab954b98ee85c361dc4592416a01
SHA256

ced88a781a18875bea55ccbf9dcc043cb400bd2c3f35afed8b0a6a2f33290991
SHA512

5d6b41cd63b362dcec6b99426492b1b742e50c8544dae70a8088d5d36c9c33712e6404f674ed389dc4f8d8b3567b5913d08b55761456fbdbac4de7413e1b2759
SSDEEP

6144:bazDDMR7/G47LrVk7gGKLtfV55dg4jPdU1eSWbj8:biAR7/GkOnkttzdU1el8

Score

N/A

Malware Config

Signatures

Files

bo2bck.tar
.dll windows x86

5383492b5e907d0dc6a11002282063a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
CreateFileW
GetVolumeInformationW
GetSystemTime
OpenProcess
GetVersionExW
GetModuleHandleW
GetDateFormatW
LockResource
VirtualProtect
Sleep
GetCurrentDirectoryW
FindFirstChangeNotificationW
VirtualProtectEx
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
HeapSize
LoadLibraryA
CreateFileA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapFree
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
RtlUnwind
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

tapi32

lineAccept
lineClose
lineOpenW
lineTranslateAddressW
lineShutdown
lineInitializeExW
lineTranslateDialogW

Exports

Exports

Cutmass
Middlewall

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5383492b5e907d0dc6a11002282063a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

tapi32

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 372KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 372KB

.reloc
Size: 8KB - Virtual size: 7KB