chinese_generic_botnet | 10000000[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

10000000.dll
Size

88KB
MD5

da3662d8691f4614bcbd167432d86d9d
SHA1

6f7d7d91487c19655416fe1c1439bf7543ab1532
SHA256

149a36db6fb24430e47be5f322c2bc5df212ce0dbf4a9232f97b0420fa0531c9
SHA512

248ba777d2a219d266d4ed0b153f51528bd796bd78df53b4e42e4f971b42cf03dd3cb5a67158f943670caaa40dc81c4a77ec598af453fd0bdae43b74f35d2eda
SSDEEP

1536:NUnHoChp3eiFgkrxWvaJPL/bh8+hVQDf/zvHns:NwICzPrxrt8smzvs

Score

10^/10

botnet chinese_generic_botnet

Malware Config

Signatures

Chinese Botnet payload 1 IoCs
botnet

Processes:

resource yara_rule

sample unk_chinese_botnet
Chinese_generic_botnet family
chinese_generic_botnet

resource	yara_rule
sample	unk_chinese_botnet

Files

10000000.dll
.dll windows x86

9cd279e1980096dceb8da85ebcf8ecd8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
lstrcpyA
lstrcatA
GetSystemDirectoryA
TerminateProcess
CreateProcessA
GetCurrentProcessId
lstrlenA
SetFilePointer
GetFileSize
GetLocalTime
ExpandEnvironmentStringsA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
GetVersionExA
OutputDebugStringA
LocalAlloc
ReadFile
HeapAlloc
GetProcessHeap
GetProcAddress
HeapFree
GetSystemInfo
lstrcmpiA
LoadLibraryW
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
WinExec
FindClose
RemoveDirectoryA
GetFileAttributesA
DuplicateHandle
OpenProcess
CreateDirectoryA
ReleaseMutex
CreateMutexA
MoveFileExA
MoveFileA
SetFileAttributesA
DefineDosDeviceA
ExitProcess
CopyFileA
GetCurrentThreadId
Process32Next
Process32First
FreeLibrary
CreateThread
ExitThread
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
VirtualFree
GetCurrentProcess
FindFirstFileA
FindNextFileA
GlobalLock
GlobalUnlock
VirtualAlloc
VirtualProtect

user32

GetLastInputInfo
EnumWindows
IsWindowVisible
GetMessageA
MessageBoxA
FindWindowA
GetClassNameA
GetWindow
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
wsprintfA
EmptyClipboard
PostThreadMessageA
GetInputState
SendMessageA
OpenClipboard
CloseClipboard
GetClipboardData
ExitWindowsEx
SetClipboardData

advapi32

OpenServiceA
CloseEventLog
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
DeleteService
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
ClearEventLogA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CoUninitialize
CoCreateGuid
CoInitialize

ws2_32

closesocket
getsockname
WSAGetLastError
gethostname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
send
inet_addr
sendto
htonl
WSASocketA
inet_ntoa

msvcrt

_strupr
strcat
_strcmpi
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
fopen
fprintf
fclose
_beginthreadex
_except_handler3
strncmp
_snprintf
_access
_mbscmp
_mbsicmp
strrchr
free
realloc
strcmp
malloc
time
srand
strchr
sprintf
strstr
strcspn
strncpy
atoi
rand
_CxxThrowException
memcmp
??2@YAPAXI@Z
memset
exit
strcpy
_stricmp
strlen
__CxxFrameHandler
_ftol
memcpy
??3@YAXPAX@Z

mfc42

ord540
ord941
ord940
ord800
ord860

setupapi

SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetIfTable

urlmon

URLDownloadToFileA

Exports

Exports

fuckyou
fuckyou1

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cd279e1980096dceb8da85ebcf8ecd8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

msvcrt

mfc42

setupapi

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 4KB