47764adb30d2320d23a580db6df36616dd681c397a3d1eec813e3e0d1b747a71

Sharing

Copy URL

Twitter E-mail

General

Target

47764adb30d2320d23a580db6df36616dd681c397a3d1eec813e3e0d1b747a71
Size

140KB
MD5

7207fb6a74a29d6ac07b92a5fe7d4eb6
SHA1

9d0863c5a98b6a40ebb7bdf8b8751049c5a84e18
SHA256

47764adb30d2320d23a580db6df36616dd681c397a3d1eec813e3e0d1b747a71
SHA512

840f603c631d8246ded1cc036bf41c3ca63a68216f3fda5a4052d0a425a721dde0254e1727daf63b2fe7b85aef24e6e18403db624dfe542ed0f8521712a67f98
SSDEEP

3072:aWw5FYqGDG/EPnRt2LVJUWITe5jezz6NeZJdLIG3xn:aWgvGDGEPR0LVJUBT3zHZMG5

Score

N/A

Malware Config

Signatures

Files

47764adb30d2320d23a580db6df36616dd681c397a3d1eec813e3e0d1b747a71
.dll windows x86

2a4c5f9faf3b1b90b4389497c3561e85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

udp_p2p

WYsendto
WYrecvfrom
WYclosesocket
WYbind
WYWSAStartup
WYWSACleanup
initWSAFuncTable

vsipc

IPCUN26
IPCUN30
IPCUN14
IPCUN20
IPCUN15
IPCUN34
IPCUN38
getRoomUserByIP
IPCUN12
IPCUN6

mfc42

ord2764
ord800
ord924
ord535
ord858
ord3811
ord4129
ord5683
ord2818
ord540
ord823
ord3663
ord5440
ord6383
ord5450
ord6394
ord860
ord5710
ord537
ord922
ord2820
ord825

msvcrt

_onexit
free
__dllonexit
malloc
_adjust_fdiv
_strnicmp
_mbsnbcat
_mbsnbcpy
_mbsupr
_mbscmp
printf
strstr
strrchr
_beginthread
strncpy
time
sprintf
longjmp
_setjmp3
strncmp
strchr
fprintf
fclose
__CxxFrameHandler
memmove
_initterm
_stricmp
fopen

kernel32

LoadLibraryA
OpenMutexA
OpenEventA
CreateMutexA
CreateEventA
ReleaseMutex
IsBadReadPtr
IsBadWritePtr
SetEvent
GetCurrentThreadId
UnmapViewOfFile
CloseHandle
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetCurrentProcess
GetCommandLineA
ExitProcess
WaitForSingleObject
CopyFileA
VirtualProtectEx
WriteProcessMemory
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetProcAddress
VirtualProtect
GetTickCount
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
Sleep

user32

wsprintfA

wsock32

send
closesocket
accept
__WSAFDIsSet
select
socket
bind
htonl
getpeername
inet_addr
listen
ioctlsocket
inet_ntoa
WSAGetLastError
getsockname
getsockopt
htons
recv

vsmsghelper

VSMsgHelperFn1

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a4c5f9faf3b1b90b4389497c3561e85

Headers

File Characteristics

Imports

udp_p2p

vsipc

mfc42

msvcrt

kernel32

user32

wsock32

vsmsghelper

version

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 12KB - Virtual size: 11KB