9d91d4a65306ed66bad08c69ed050bb6f8270ad5334cd713048e23898d3a25e7

Sharing

Copy URL Twitter E-mail

General

Target

9d91d4a65306ed66bad08c69ed050bb6f8270ad5334cd713048e23898d3a25e7
Size

164KB
MD5

1d8c11cf373f4f30602a0d6d64bed0a0
SHA1

657619c9e57eb48aa7371dda1ac032fcf3496a53
SHA256

9d91d4a65306ed66bad08c69ed050bb6f8270ad5334cd713048e23898d3a25e7
SHA512

d0e69230700ad8381117eeff39e5b3665cb36e8ed293bb499de21cc5b9c7ea25d563fe0d326de087d97aa6c2eff8b23f214816f28489f3d2d300867db6caaf36
SSDEEP

3072:pvQaRFkygbfWUgWNOQyKhiTeFud6gtnMzTRKbxFu4s:p4aIbfWQOQyKv+LtnQRyxs

Score

N/A

Malware Config

Signatures

Files

9d91d4a65306ed66bad08c69ed050bb6f8270ad5334cd713048e23898d3a25e7
.dll windows x86

50f1d4ce6872d1a6a55284fc1bd29a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcr80

_crt_debugger_hook
_time32
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
srand
rand
calloc
strncpy
_snprintf
free
strspn
atoi
strchr
memchr
strstr
malloc
strncpy_s
_wassert
memset
_except_handler4_common
__clean_type_info_names_internal

kernel32

SleepEx
TlsGetValue
VirtualQuery
GetModuleFileNameW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
HeapFree
HeapAlloc
GetProcessHeap

ws2_32

recv
send
closesocket
connect
ioctlsocket
socket
WSACleanup
WSAStartup
WSAGetLastError
htons
__WSAFDIsSet
select
inet_addr
gethostbyname

Exports

Exports

AddIntValue
AddStringValue
InitTQOS
ReportLoginTimeToTQOS
ReportToTQOS
SetQosID
SetReportIPFlag
UninitTQOS

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50f1d4ce6872d1a6a55284fc1bd29a2c

Headers

File Characteristics

Imports

msvcp80

msvcr80

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 44KB - Virtual size: 50KB

.rsrc Size: 4KB - Virtual size: 432B

.reloc Size: 8KB - Virtual size: 4KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 44KB - Virtual size: 50KB

.rsrc
Size: 4KB - Virtual size: 432B

.reloc
Size: 8KB - Virtual size: 4KB

.rmnet
Size: 60KB - Virtual size: 60KB