snmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

snmp.exe
Size

54KB
MD5

2c1cae6a2f42f3dca7723f6612e01a3d
SHA1

38a8847e8eace2b1a0147c92f1621678eacea6c4
SHA256

7547bbc248c894a1a235f6740d041cdd68d77f4830ca064661799c9de0d876da
SHA512

99e77d67e5c4ac260fe56699bf5ecd19200c9d188951deb7007125c0acb86d987f761c02043f8caf2ad1f5fcfed8f555e963d9c5ac2c7741e1243864608ec602
SSDEEP

768:oMbON0Af0EplaaJ33+AaeAyAL+b8qu1RXkKrET1GxgUwpjK+l2ix8RqtCGH+hUN5:u2+VZjaeVe1RxaUmjxNx8ItT+UNDl

Score

1^/10

Malware Config

Signatures

Files

snmp.exe
.exe windows x64

0eaa83cc23dc3e3c02b39bed12be6a97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

atoi
_stricmp
toupper
_XcptFilter
_amsg_exit
__getmainargs
memcpy
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_fmode
_commode
?terminate@@YAXXZ
memmove
__C_specific_handler
_strnicmp
memset

advapi32

RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeNameW
OpenProcessToken
GetTokenInformation
DeregisterEventSource
ReportEventA
RegisterEventSourceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegNotifyChangeKeyValue
RegQueryValueExA
RegCreateKeyExA
RegEnumValueA
RegCloseKey
RegSetValueExW
RegOpenKeyExA
RegDeleteValueW
RegEnumValueW

kernel32

GetSystemDirectoryA
LoadLibraryW
GetSystemWow64DirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DelayLoadFailureHook
ResolveDelayLoadedAPI
FreeLibrary
HeapCreate
HeapFree
HeapAlloc
HeapDestroy
WaitForMultipleObjects
CompareStringA
CloseHandle
CreateEventA
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsA
Sleep
GetLastError
SetEvent
SetConsoleCtrlHandler
GetCommandLineW
ResumeThread
HeapSetInformation
GetTickCount
MultiByteToWideChar
WaitForSingleObjectEx
GetCurrentProcess
InitializeCriticalSection
WaitForSingleObject
CreateThread
DeleteCriticalSection
lstrcmpiW
LoadLibraryExA
GetProcAddress

snmpapi

SnmpSvcGetUptime
SnmpUtilUnicodeToUTF8
SnmpSvcInitUptime
SnmpUtilMemReAlloc
SnmpSvcAddrToSocket
SnmpSvcGetEnterpriseOID
SnmpUtilMemFree
SnmpUtilOidNCmp
SnmpUtilAsnAnyCpy
SnmpUtilOidCpy
SnmpUtilOidCmp
SnmpUtilVarBindCpy
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpUtilMemAlloc
SnmpUtilOctetsCmp
SnmpUtilOctetsFree
SnmpSvcSetLogType
SnmpSvcSetLogLevel
SnmpUtilVarBindFree

ws2_32

bind
getservbyname
ntohl
WSAGetLastError
closesocket
WSASendMsg
WSAIoctl
WSAStartup
WSACleanup
WSASendTo
setsockopt
freeaddrinfo
htons
WSASocketA
getaddrinfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0eaa83cc23dc3e3c02b39bed12be6a97

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

snmpapi

ws2_32

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 68B