1ee951cae56d78b5fe5e2b401cda504bba5af5aa45504f47d05f7cae313b8a46

Sharing

Copy URL Twitter E-mail

General

Target

1ee951cae56d78b5fe5e2b401cda504bba5af5aa45504f47d05f7cae313b8a46
Size

95KB
MD5

58040b8882c56990232f33c6354f18a4
SHA1

3585c6cc685c7ac9d5a9b64eb45deb91b28661ff
SHA256

1ee951cae56d78b5fe5e2b401cda504bba5af5aa45504f47d05f7cae313b8a46
SHA512

584d24f011aac90c05db1e822ec554a57737b8b6d6da04937e2b2e143779f6c7715919d965a539c397874b33b2fab345ac292e648fae6a6388d40c86b7bb2672
SSDEEP

1536:oV7oE/lunVpo4GZYsg2gKATLBj4M2cJ4ioIdBD59JLrbfumqDROrZFkQzVz4OvvC:oSvg42BJgKAvBsM7oa57b2ErbkQzJ4Oy

Score

N/A

Malware Config

Signatures

Files

1ee951cae56d78b5fe5e2b401cda504bba5af5aa45504f47d05f7cae313b8a46
.zip
PortQry.exe
.exe windows x86

eaf3ccac8f9ce1c008fae9f3689f32a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
WSAGetLastError
WSAStartup
gethostbyname
inet_addr
gethostbyaddr
socket
bind
connect
WSACleanup
setsockopt
recv
send
inet_ntoa
ntohs
htons
getservbyport

wldap32

ord27
ord26
ord46
ord32
ord34
ord33
ord37
ord38
ord200
ord17
ord143
ord88
ord60
ord50
ord41

rpcrt4

RpcMgmtEpEltInqDone
UuidToStringA
RpcBindingFree
RpcStringFreeA
RpcBindingToStringBindingA
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqNextA

netapi32

Netbios

iphlpapi

GetUdpTable
GetTcpTable

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

kernel32

SetEndOfFile
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadCodePtr
SetUnhandledExceptionFilter
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
InterlockedExchange
SetFilePointer
GetCPInfo
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
GetTimeZoneInformation
FreeLibrary
ReadFile
GetModuleFileNameA
InterlockedIncrement
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
WriteConsoleA
CreateFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
Sleep
HeapFree
IsBadReadPtr
GetProcessHeap
GetModuleHandleA
GetProcAddress
LoadLibraryA
LocalAlloc
LocalFree
GetComputerNameA
GetLastError
CloseHandle
OpenProcess
GetCommandLineA
HeapValidate
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
TerminateProcess
GetCurrentProcess
ExitProcess
DebugBreak
RaiseException
GetVersionExA
GetSystemTimeAsFileTime
RtlUnwind
IsBadWritePtr

user32

GetAsyncKeyState

advapi32

OpenSCManagerA
EnumServicesStatusExA
CloseServiceHandle

Sections

.textbss
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PortQryCommand.ps1
.ps1
Test-Connect_v1.ps1
.ps1

Sharing

General

Malware Config

Signatures

Files

eaf3ccac8f9ce1c008fae9f3689f32a8

Headers

File Characteristics

Imports

ws2_32

wldap32

rpcrt4

netapi32

iphlpapi

psapi

kernel32

user32

advapi32

Sections

.textbss Size: - Virtual size: 111KB

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 8KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 111KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 8KB - Virtual size: 4KB