sendsafe | 53c56b5341d932ec07f6ed5de3f5ba82f8fc58c76847c17809d8a00ac82d8132

Sharing

Copy URL

Twitter E-mail

General

Target

53c56b5341d932ec07f6ed5de3f5ba82f8fc58c76847c17809d8a00ac82d8132
Size

1.6MB
MD5

5fecbbdcaae6952a1a747089f50962a5
SHA1

002a9076becf917066d988bc9d14c1c636fb79dc
SHA256

53c56b5341d932ec07f6ed5de3f5ba82f8fc58c76847c17809d8a00ac82d8132
SHA512

62abf9a76bc3dd875ac032f52b4a6af9d28fe452c1771ac710fbafda93af820a43a562505089688aaeacad080140b103d81c930281e04d8ec2870e1bec888ee1
SSDEEP

24576:9+KpP8uA9G9esaFVV+Dq3tZzoCh0uxvBLyx9J5MjRF9vfYCWGa1ZS/DaM2fuqNLJ:N25LDVnOuPBYCLAPBqtAz

Score

10^/10

botnet unregistered sendsafe

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

91.220.131.63:50001

91.220.131.63:50002

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe payload 1 IoCs
botnet

Processes:

resource yara_rule

sample sendsafe
Sendsafe family
sendsafe

resource	yara_rule
sample	sendsafe

Files

53c56b5341d932ec07f6ed5de3f5ba82f8fc58c76847c17809d8a00ac82d8132
.exe windows x86

1b51865cf58b4b4c3b86d75fb87e3353

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
setsockopt
sendto
recvfrom
inet_addr
htons
htonl
recv
send
WSASetLastError
WSACleanup
WSAStartup
WSASocketA
WSASend
WSAResetEvent
WSARecv
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
select
connect
bind
ntohl
getsockname
ntohs
socket
closesocket

wininet

InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA

iphlpapi

GetNetworkParams
GetIpAddrTable

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

dnsapi

DnsQuery_A
DnsFree

kernel32

GetOEMCP
GetCPInfo
ReadConsoleW
SetFilePointerEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
SetConsoleMode
GetStringTypeW
GetLocaleInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
GetModuleFileNameA
GetLastError
Sleep
CreateThread
GetCurrentThreadId
HeapAlloc
HeapFree
GetProcessHeap
TryEnterCriticalSection
SystemTimeToFileTime
GetTimeZoneInformation
GetLocaleInfoA
CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetCurrentProcess
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
IsValidLocale
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpiA
FindResourceA
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
LockResource
ReadFile
SetFilePointer
WriteFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetLastError
GetSystemTime
GetStdHandle
GetFileType
FindClose
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetTempPathA
HeapReAlloc
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineA
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
LCMapStringW
CompareStringW
GetConsoleCP
DeleteFileW
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
LoadLibraryExW
SetStdHandle
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
FreeLibrary
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
GetACP
GetSystemTimeAsFileTime
RtlUnwind
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
OutputDebugStringW
EncodePointer
IsProcessorFeaturePresent

user32

GetProcessWindowStation
CharNextA
GetUserObjectInformationW
TranslateMessage
PostThreadMessageA
DispatchMessageA
GetMessageA
IsCharUpperA
MessageBoxA
PeekMessageA
DestroyWindow

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetTokenInformation
OpenProcessToken
RegQueryInfoKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1b51865cf58b4b4c3b86d75fb87e3353

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

iphlpapi

rpcrt4

dnsapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 257KB - Virtual size: 257KB

.data Size: 23KB - Virtual size: 104KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 257KB - Virtual size: 257KB

.data
Size: 23KB - Virtual size: 104KB

.rsrc
Size: 2KB - Virtual size: 2KB