mylobot | a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560

Sharing

Copy URL

Twitter E-mail

General

Target

a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
Size

36KB
MD5

5f2aff67459bfdb75f1dd51f3a2b380f
SHA1

9939563ac43b09fbcca6ca32630084df55e07746
SHA256

a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
SHA512

6e2acb78db850ba82b0e37f4d70196c908316b28f6bda565ae086292b48bab513860fffc2f1970fbf1575c6bb0a665b09d96733833c5f2cec18c0deac96345c4
SSDEEP

768:zOEMiDQsGijtlhlgJTRDrfYLfGPwbuUT:aRV2t/S7Dr0yUT

Score

10^/10

mylobot

Malware Config

Extracted

Family

mylobot

fywkuzp.ru:6391

zdrussle.ru:4507

pseyumd.ru:8597

stydodo.ru:7094

wasyellowindexhotel.ru:7393

fywkuzp.ru:6401

rxzyglt.ru:1973

qhrywlc.ru:8926

fgqjwdl.ru:3485

qwwzlam.ru:5576

dqoudex.ru:7396

ssopuyk.ru:3367

gqlgpob.ru:8977

yboqlxs.ru:9336

qmwekpe.ru:1343

pyjhhpx.ru:6769

qyccsug.ru:4256

nrxboty.ru:3757

reczrhm.ru:2587

uzpadrm.ru:4254

Signatures

Mylobot family
mylobot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560

Files

a41daba8424dc768e8591846a0cf334807bc6a05c712e8a13b7e1bf98b341560
.exe windows x86

4053b0cf9f9edaf24709e2743eabbb6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
InitializeCriticalSection
LoadLibraryA
GetCurrentProcessId
TerminateProcess
GetProcessId
Sleep
FindClose
GetFullPathNameA
SetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
MoveFileA
CreateProcessW
CloseHandle
GetTickCount
GetModuleFileNameW
GetModuleHandleW
Module32First
Module32Next
ExitThread
SuspendThread
ResumeThread
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventA
GetVersionExA
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
lstrlenW
CreateDirectoryA
GetCurrentDirectoryW
DeleteFileW
GetLongPathNameW
TerminateThread
FlushInstructionCache
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
OpenProcess
CreateRemoteThread
ReadProcessMemory
WriteProcessMemory
WaitForSingleObject
GetFileSize
ReadFile
CreateFileW
SetLastError
WriteFile
GetTempPathW
lstrlenA
LocalAlloc
lstrcatW
CreateThread
LocalFree
WaitForMultipleObjects
SetErrorMode

user32

wsprintfA

shell32

ShellExecuteExW
SHGetSpecialFolderPathA

ws2_32

inet_addr
gethostbyname
WSAGetLastError
ioctlsocket
freeaddrinfo
htons
recv
connect
socket
send
getaddrinfo
select
closesocket

Exports

Exports

_ep@4
_re@4

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

4053b0cf9f9edaf24709e2743eabbb6b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB