5005[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5005.exe
Size

126KB
MD5

ed6893c6181dbc4333ec097de55ed89d
SHA1

b332b33a65279267809975022f568bda07db461b
SHA256

cd31eb383f289f594a2407ce751dee5228ef3644092890828613c9c2ce4c1178
SHA512

6f29473795b366d9e93b3027b875597f930226848dd27f643abaf7a48cea3db2170af82bcd75933491a86110f1fa106bc2664345d0138064b7467811e05226dd
SSDEEP

3072:1Ci7wlfERTOjt9TfojGEifT3wu+4oQw19356t4yqR:D7wfQTO5pAEfTg4oQQ59

Score

N/A

Malware Config

Signatures

Files

5005.exe
.exe windows x64

290c34126dd11a8e3e789b3c1f495d29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostbyname
htonl
select
__WSAFDIsSet
ntohl
socket
accept
bind
listen
connect
getpeername
getsockname
getsockopt
setsockopt
send
sendto
recv
recvfrom
shutdown
closesocket
WSAStartup
htons
ioctlsocket
ntohs
WSAGetLastError

kernel32

TerminateProcess
CompareStringW
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileW
HeapSize
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetStringTypeW
LCMapStringW
CreateFileA
MultiByteToWideChar
WriteConsoleW
HeapReAlloc
LoadLibraryW
GetTickCount
QueryPerformanceCounter
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
lstrcatA
lstrcpyA
GetProcAddress
GetModuleHandleA
HeapAlloc
GetSystemTimeAsFileTime
GetLastError
HeapFree
ExitThread
CreateThread
GetTimeZoneInformation
GetCommandLineA
GetStartupInfoW
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
EncodePointer
SetEnvironmentVariableA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
SetHandleCount
GetFileAttributesA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

290c34126dd11a8e3e789b3c1f495d29

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 7KB - Virtual size: 23KB

.pdata Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 7KB - Virtual size: 23KB

.pdata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB