PortQry[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PortQry.exe
Size

140KB
MD5

c6ac67f4076ca431acc575912c194245
SHA1

6bc8bc559c80218055dcd58cc9376ea7d10babde
SHA256

fb6cebadd49d202c8c7b5cdd641bd16aac8258429e8face365a94bd32e253b00
SHA512

79dcbcad0c1253b49868b96b6628637bc6092a6293590df70d1e4ce2b26d070aaa5c962daf70f1d744dbef14a0cf2a5db16b4f913e6244fe48984a850d5bfd78
SSDEEP

3072:KA9ywoCP0BjhEzhNfAtaAkpP3rClce6v08kylrcWUd6t7P17:KwowehEzTYkpfGgkylrc6t7P17

Score

N/A

Malware Config

Signatures

Files

PortQry.exe
.exe windows x86

2faf3ec96381d74feaa1eb3851b607b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
LocalFree
LocalAlloc
HeapFree
GetProcessHeap
LoadLibraryA
OpenProcess
GetLastError
Sleep
CompareStringW
CompareStringA
GetProcAddress
GetModuleHandleA
CloseHandle
GetComputerNameA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
WriteConsoleA
CreateFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetCommandLineA
HeapAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
SetEnvironmentVariableA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetLocalTime
GetSystemTime
GetTimeZoneInformation

user32

GetAsyncKeyState

advapi32

EnumServicesStatusExA
CloseServiceHandle
OpenSCManagerA

ws2_32

inet_ntoa
ntohs
sendto
recvfrom
gethostbyname
inet_addr
gethostbyaddr
socket
bind
connect
closesocket
setsockopt
recv
send
WSACleanup
WSAStartup
htons
getservbyport
WSAGetLastError

wldap32

ord32
ord34
ord33
ord37
ord38
ord200
ord17
ord143
ord88
ord60
ord50
ord41
ord46
ord26
ord27

rpcrt4

RpcMgmtEpEltInqDone
RpcStringBindingComposeA
RpcBindingFree
RpcBindingFromStringBindingA
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqNextA
UuidToStringA
RpcBindingToStringBindingA
RpcStringFreeA

netapi32

Netbios

iphlpapi

GetUdpTable
GetTcpTable

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2faf3ec96381d74feaa1eb3851b607b9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wldap32

rpcrt4

netapi32

iphlpapi

psapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 38KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 38KB