chinese_generic_botnet | b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75

Sharing

Copy URL

Twitter E-mail

General

Target

b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75
Size

96KB
MD5

11db5a1d15942c7995a8940d190e5979
SHA1

3cc0e969a86bd2b86cdb4f69e4c5b020eb49ec02
SHA256

b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75
SHA512

206f84d254e90958188210b67c694913b134f4c0867cae6b02dd4892416b49f1b37936b491203fbeb85edcb6b42fd75b83a7212634dd9d82e5b26f92208b0fa3
SSDEEP

1536:i2yNWTyVrtUps8aHN+CfdyXODKGEmQu+hVQDfOJbomjcm7PRc:i27+VxUuLxfdyXfmts5bncWpc

Score

10^/10

botnet chinese_generic_botnet

Malware Config

Signatures

Chinese Botnet payload 1 IoCs

botnet

resource	yara_rule
sample	unk_chinese_botnet

Chinese_generic_botnet family
chinese_generic_botnet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75

Files

b2f339bc128a3044a6bf5143784b80590ab7364c9deba41b34ae547a5b98fe75
.dll windows x86

cb12a75c96f0425e9a861d329fcf1d08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
lstrcpyA
lstrcatA
GetSystemDirectoryA
TerminateProcess
CreateProcessA
GetCurrentProcessId
lstrlenA
SetFilePointer
GetFileSize
GetLocalTime
ExpandEnvironmentStringsA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
GetVersionExA
OutputDebugStringA
LocalAlloc
ReadFile
HeapAlloc
GetProcessHeap
GetProcAddress
HeapFree
GetSystemInfo
lstrcmpiA
LoadLibraryW
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
WinExec
FindClose
RemoveDirectoryA
GetFileAttributesA
DuplicateHandle
OpenProcess
CreateDirectoryA
ReleaseMutex
CreateMutexA
MoveFileExA
MoveFileA
SetFileAttributesA
DefineDosDeviceA
ExitProcess
CopyFileA
GetCurrentThreadId
Process32Next
Process32First
FreeLibrary
CreateThread
ExitThread
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
VirtualFree
GetCurrentProcess
FindFirstFileA
FindNextFileA
GlobalLock
GlobalUnlock
VirtualAlloc
VirtualProtect

user32

EnumWindows
IsWindowVisible
GetLastInputInfo
MessageBoxA
FindWindowA
GetClassNameA
GetWindow
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
wsprintfA
EmptyClipboard
GetMessageA
PostThreadMessageA
GetInputState
SendMessageA
OpenClipboard
CloseClipboard
GetClipboardData
ExitWindowsEx
SetClipboardData

advapi32

OpenServiceA
CloseEventLog
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
DeleteService
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
ClearEventLogA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA
SHChangeNotify

ole32

CoUninitialize
CoCreateGuid
CoInitialize

ws2_32

closesocket
WSAGetLastError
gethostname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
getsockname
send
inet_addr
sendto
htonl
WSASocketA
inet_ntoa

msvcrt

_strupr
strlen
_strcmpi
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
fopen
fprintf
fclose
_beginthreadex
_except_handler3
strncmp
_snprintf
_access
_mbscmp
_mbsicmp
strrchr
free
realloc
strcmp
malloc
time
srand
strchr
sprintf
strstr
strcspn
strncpy
atoi
rand
_CxxThrowException
memcmp
??2@YAPAXI@Z
memset
exit
strcpy
strcat
_stricmp
__CxxFrameHandler
_ftol
memcpy
??3@YAXPAX@Z

mfc42

ord540
ord941
ord940
ord800
ord860

setupapi

SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetIfTable

urlmon

URLDownloadToFileA

Exports

Exports

fuckyou
fuckyou1

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb12a75c96f0425e9a861d329fcf1d08

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

msvcrt

mfc42

setupapi

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB