bf87836c1b896d5402989ff3e1e6e50a45792942400808eec67ea3ccff74879f

Sharing

Copy URL Twitter E-mail

General

Target

bf87836c1b896d5402989ff3e1e6e50a45792942400808eec67ea3ccff74879f
Size

78KB
MD5

d440a1df93375c266d023b8f766b192d
SHA1

073386fe089ae35af4af6c22a63c18d759b4ef8b
SHA256

bf87836c1b896d5402989ff3e1e6e50a45792942400808eec67ea3ccff74879f
SHA512

f7a05c122d62d778a444cfb8640f3c5f2b5d91c3b307b54a7d5b471bcf2acf06314e2d7cc3fda01db0379c1b35e33d428b3b43d771ab8ef95f26b5a51e0057ed
SSDEEP

1536:jkyLkwZX0PxWJ2wmEwU0oI1L4bg5P6o/WbJUQPPvFfRRSoKclzxn1pObW:4lPEZY4GP6jhl7SkObW

Score

N/A

Malware Config

Signatures

Files

bf87836c1b896d5402989ff3e1e6e50a45792942400808eec67ea3ccff74879f
.zip
PuttyRider.dll
.dll windows x86

003a5998699f0f26d4d735aa553d765a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
EnumWindows
PostMessageA
GetClassNameA

shlwapi

StrStrIA

ws2_32

connect
ioctlsocket
htons
WSAGetLastError
closesocket
ntohs
send
inet_addr
socket
WSAStartup
inet_ntoa
inet_pton
recv

iphlpapi

GetExtendedTcpTable

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

HeapSize
SetEndOfFile
CreateFileW
GetStringTypeW
LCMapStringW
HeapReAlloc
LoadLibraryW
FlushFileBuffers
SetStdHandle
WriteConsoleW
IsValidCodePage
GetCurrentProcess
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
VirtualProtect
Sleep
CreateThread
CloseHandle
CreateFileA
GetCurrentProcessId
FreeLibraryAndExitThread
GetModuleHandleA
Module32First
CreateToolhelp32Snapshot
ReadFile
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
FormatMessageA
GetLastError
Process32Next
Process32First
SetLastError
OpenProcess
GetCurrentThreadId
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
SetFilePointer
MultiByteToWideChar
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

EjectDLL
SetConnectBackInfo
SetDefaultCmd
SetLogFileName

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PuttyRider.exe
.exe windows x86

a685dd3d604df559a42750fd43394939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
EnumWindows
PostMessageA
GetClassNameA

shlwapi

StrStrIA

ws2_32

inet_pton
inet_ntoa
ntohs

iphlpapi

GetExtendedTcpTable

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

CreateFileW
HeapSize
WriteConsoleW
GetStringTypeW
LCMapStringW
SetEndOfFile
SetUnhandledExceptionFilter
CreateFileA
SetStdHandle
FlushFileBuffers
CloseHandle
FormatMessageA
GetLastError
CreateRemoteThread
WriteProcessMemory
lstrlenA
VirtualAllocEx
GetProcAddress
GetModuleHandleA
OpenProcess
WaitForSingleObject
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryA
Sleep
CreateProcessA
FreeLibrary
DisconnectNamedPipe
CancelIo
GetOverlappedResult
ConnectNamedPipe
CreateEventA
CreateThread
CreateNamedPipeA
GetModuleFileNameA
GetStdHandle
GetCurrentDirectoryA
Module32First
GetCurrentProcessId
ReadFile
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleHandleW
ExitProcess
HeapCreate
GetModuleFileNameW
SetFilePointer
MultiByteToWideChar
RtlUnwind
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
HeapReAlloc
LoadLibraryW

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

003a5998699f0f26d4d735aa553d765a

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

ws2_32

iphlpapi

psapi

kernel32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 7KB - Virtual size: 16KB

.shared Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

a685dd3d604df559a42750fd43394939

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

ws2_32

iphlpapi

psapi

kernel32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 7KB - Virtual size: 16KB

.shared
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 3KB