2c59c805d6c169cc378fac9117fba6f2895cd0a1e76bb06be59960cf567adb0d

Sharing

Copy URL Twitter E-mail

General

Target

2c59c805d6c169cc378fac9117fba6f2895cd0a1e76bb06be59960cf567adb0d
Size

164KB
MD5

3158bb3dfb6b44b8446fb946ab766a90
SHA1

ccec5d0fbf794e65e5cd36d94a45deedd6017503
SHA256

2c59c805d6c169cc378fac9117fba6f2895cd0a1e76bb06be59960cf567adb0d
SHA512

1e92fecdad196ccbd52b0b586f64e9dfe3aeb77ce1ac009ed9f13a9e81455a1b95f4d78a6020d5e31f17041827e2bab02fb81d407c14c6fe74e3c6c37a197195
SSDEEP

3072:mvQaRFkygbfWUgWNOQyKhir8UCiouon+LEbjiXJopHYL1eq:m4aIbfWQOQyK48V+oUop4

Score

N/A

Malware Config

Signatures

Files

2c59c805d6c169cc378fac9117fba6f2895cd0a1e76bb06be59960cf567adb0d
.dll windows x86

50f1d4ce6872d1a6a55284fc1bd29a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcr80

_crt_debugger_hook
_time32
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
srand
rand
calloc
strncpy
_snprintf
free
strspn
atoi
strchr
memchr
strstr
malloc
strncpy_s
_wassert
memset
_except_handler4_common
__clean_type_info_names_internal

kernel32

SleepEx
TlsGetValue
VirtualQuery
GetModuleFileNameW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
HeapFree
HeapAlloc
GetProcessHeap

ws2_32

recv
send
closesocket
connect
ioctlsocket
socket
WSACleanup
WSAStartup
WSAGetLastError
htons
__WSAFDIsSet
select
inet_addr
gethostbyname

Exports

Exports

AddIntValue
AddStringValue
InitTQOS
ReportLoginTimeToTQOS
ReportToTQOS
SetQosID
SetReportIPFlag
UninitTQOS

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50f1d4ce6872d1a6a55284fc1bd29a2c

Headers

File Characteristics

Imports

msvcp80

msvcr80

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 44KB - Virtual size: 50KB

.rsrc Size: 4KB - Virtual size: 432B

.reloc Size: 8KB - Virtual size: 4KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 44KB - Virtual size: 50KB

.rsrc
Size: 4KB - Virtual size: 432B

.reloc
Size: 8KB - Virtual size: 4KB

.rmnet
Size: 60KB - Virtual size: 60KB