5cf58b6ed6e87112efd05b3040b4b7e2322f11e4f0d64f2119681f68db60b38a

Sharing

Copy URL Twitter E-mail

General

Target

5cf58b6ed6e87112efd05b3040b4b7e2322f11e4f0d64f2119681f68db60b38a
Size

140KB
MD5

6600b99cd1237862e5e3af21ca11ca5c
SHA1

9688ff055f5216ca50f8bc37c02f9830f461991a
SHA256

5cf58b6ed6e87112efd05b3040b4b7e2322f11e4f0d64f2119681f68db60b38a
SHA512

71c14c9a44b534051a66d0ce4d8a6656520f9262984bcd213b104e13d2f50510457242c173155b996fb788bd7d099839e0f3eb2d19f79a1ed19e00a17ba46b3c
SSDEEP

3072:7qKB2Vqfxikyi85m/Cmwi5jFO18Oe/RlRVdJSct3H8ARdUs:7qc2VqS0/CmwwUyVact38AR

Score

N/A

Malware Config

Signatures

Files

5cf58b6ed6e87112efd05b3040b4b7e2322f11e4f0d64f2119681f68db60b38a
.dll windows x86

39720fc026d4f0799783c656f6f43bc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

udp_p2p

initWSAFuncTable
WYWSACleanup
WYWSAStartup
WYbind
WYclosesocket
WYrecvfrom
WYsendto

mfc42

ord825
ord3663
ord5440
ord6383
ord5450
ord6394
ord535
ord800
ord858
ord4129
ord5683
ord2818
ord540
ord924
ord860
ord5710
ord537
ord922
ord2820
ord3811
ord2764
ord823

msvcrt

strncpy
sprintf
longjmp
_setjmp3
_adjust_fdiv
strchr
__CxxFrameHandler
_strnicmp
memmove
time
malloc
_initterm
free
_onexit
__dllonexit
_mbsnbcat
_mbsnbcpy
_mbsupr
_mbscmp
printf
strstr
strrchr
fclose
_mbsinc
atoi
_ismbcdigit
_mbsnbcmp
wcslen
_mbclen
vsprintf
fopen
strncmp
fprintf
_stricmp
_beginthread

kernel32

GetProcAddress
IsBadWritePtr
OpenMutexA
OpenEventA
CreateMutexA
CreateEventA
ReleaseMutex
SetEvent
GetCurrentThreadId
UnmapViewOfFile
CloseHandle
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetCurrentProcess
GetCommandLineA
ExitProcess
WaitForSingleObject
CopyFileA
VirtualProtectEx
WriteProcessMemory
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetModuleFileNameA
GetLastError
VirtualProtect
GetTickCount
LeaveCriticalSection
EnterCriticalSection
Sleep
LoadLibraryA
GetModuleHandleA
IsBadReadPtr

user32

wsprintfA

wsock32

recv
getpeername
ioctlsocket
htonl
inet_ntoa
listen
select
__WSAFDIsSet
accept
closesocket
send
socket
WSAGetLastError
getsockname
getsockopt
inet_addr
htons
bind

vsipc

getRoomUserByIP
IPCUN6
IPCUN36
IPCUN12
IPCUN26
IPCUN30
IPCUN20
IPCUN15
IPCUN38

vsmsghelper

VSMsgHelperFn1

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39720fc026d4f0799783c656f6f43bc3

Headers

File Characteristics

Imports

udp_p2p

mfc42

msvcrt

kernel32

user32

wsock32

vsipc

vsmsghelper

version

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 12KB - Virtual size: 11KB