tofsee | 36704ec52701920451437a870e7d538eb409f50a4ae2f8231869500d1d6de159_unpacked

Sharing

Copy URL

Twitter E-mail

General

Target

36704ec52701920451437a870e7d538eb409f50a4ae2f8231869500d1d6de159_unpacked
Size

58KB
MD5

bd1d886cc3611d617166ba34f87d851e
SHA1

9cb18b5aa8f48a5ed2b1f9f2b575bf73ca01dc71
SHA256

9c6957ce16f1900a003301d44083b880e5c81f2ffe26b79605572df958e511ab
SHA512

e25e06aff81ead635827af70673e81023c2c12daa7c63ae4cd3a5bb64f4406bc8a9e6079d1475fbaca9d2ef4c21092b74358dafa8b9bbb3c453ce7a566578323
SSDEEP

1536:BDXcT2ysVjjA99aSI7iACMcZDSyVdfh3Jqq8:BYhgA991I7iACpVdfhYq8

Score

10^/10

tofsee

Malware Config

Extracted

Family

tofsee

111.121.193.242

103.48.6.14

123.249.0.22

Signatures

Tofsee family
tofsee

Files

36704ec52701920451437a870e7d538eb409f50a4ae2f8231869500d1d6de159_unpacked
.exe windows x86

9f5fa506dfe9ee078c1f0825875a344b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
send
connect
setsockopt
bind
listen
__WSAFDIsSet
getpeername
getsockname
inet_addr
gethostname
closesocket
select
ioctlsocket
accept
recv
ntohs
htons
sendto
gethostbyaddr
inet_ntoa
gethostbyname
htonl
socket

dbghelp

StackWalk64

kernel32

IsBadCodePtr
SetThreadContext
GetSystemTimeAsFileTime
HeapSize
GetSystemDirectoryA
InterlockedDecrement
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeZoneInformation
GetLocalTime
InterlockedIncrement
SetErrorMode
SetUnhandledExceptionFilter
lstrcatA
GetDiskFreeSpaceA
GetDriveTypeA
GetCommandLineA
GetThreadContext
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
GetVolumeInformationA
GetComputerNameA
GetTickCount
GetVersionExA
lstrcmpiA
lstrlenA
Sleep
lstrcpynA
GetModuleHandleA
InterlockedExchange
GetCurrentThreadId
ExitProcess
GetOverlappedResult
WaitForSingleObject
GetLastError
WriteFile
ReadFile
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
CloseHandle
CreateFileA
CreateEventA
GetEnvironmentVariableA
DeleteFileA
IsBadWritePtr
ResumeThread
lstrcpyA
lstrcmpA
VirtualProtect
IsBadReadPtr
VirtualFree
WriteProcessMemory
VirtualAllocEx
VirtualAlloc
GetCurrentProcess
SetFilePointer
GetFileSize
SetFileAttributesA
CreateProcessA
SystemTimeToFileTime
GetSystemTime
DeviceIoControl
CreateFileW
ExitThread
VirtualFreeEx
WaitForMultipleObjects
CreateThread
GetModuleFileNameA
GetTempPathA
GetFileAttributesExA
TerminateProcess

user32

wsprintfA
CharToOemA

advapi32

RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9f5fa506dfe9ee078c1f0825875a344b

Headers

File Characteristics

Imports

ws2_32

dbghelp

kernel32

user32

advapi32

shell32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB