5458be33010382221408cd0444837a51

Sharing

Copy URL Twitter E-mail

General

Target

5458be33010382221408cd0444837a51
Size

331KB
MD5

5458be33010382221408cd0444837a51
SHA1

7f5579c2b6229e0e00313b09702a78b336316b59
SHA256

864daba3abf55e54e63af5715be206db38f0c5c281c5d7e59035ac5b8975e502
SHA512

2c4cf8fa9578333e82b8ed9d3ae0daa7975b7693c952cc0c47dfbe38c9b3733bc5623a9a5a22281aee15b0b4b81407b3d158c35dafb4f68b5316c6dd7015345c
SSDEEP

6144:hR82hQvt2IGYC+xw8k36JzrEO9mBbp+PuG4NirbNRz2wXTtGqeSD6PrHd58D3RzB:h7fY7xw8kC//zZ4NivX44c9uhzWt+

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TCPIP_LIB3/Attacker/Attacker.exe
unpack001/TCPIP_LIB3/KIPConfig/KIPConfig.exe
unpack001/TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.exe
unpack001/TCPIP_LIB3/TCPServer/TCPServer.exe
unpack001/TCPIP_LIB3/UDPScaner/UDPScaner.exe
unpack001/TCPIP_LIB3/UDPServer/UDPServer.exe
unpack001/TCPIP_LIB3/kping/kping.exe
unpack001/TCPIP_LIB3/ktracert/ktracert.exe

Files

5458be33010382221408cd0444837a51
.rar
TCPIP_LIB3/AsyncSocket.cpp
.js
TCPIP_LIB3/AsyncSocket.h
.js
TCPIP_LIB3/Attacker/Attacker.aps
TCPIP_LIB3/Attacker/Attacker.clw
TCPIP_LIB3/Attacker/Attacker.cpp
TCPIP_LIB3/Attacker/Attacker.dsp
TCPIP_LIB3/Attacker/Attacker.dsw
TCPIP_LIB3/Attacker/Attacker.exe
.exe windows:4 windows x86 arch:x86

f9ed6b152dfc333ad714de19981375a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSACleanup
WSAStartup
setsockopt
listen
htonl
inet_ntoa
connect
WSAIoctl
recvfrom
recv
WSAGetLastError
inet_addr
closesocket
bind
htons
sendto

mfc42

ord2648
ord5065
ord3749
ord1576
ord815
ord6669
ord1200
ord2645
ord6334
ord470
ord755
ord2379
ord2863
ord540
ord4160
ord825
ord823
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord2362
ord641
ord6515
ord2514
ord2621
ord1134
ord1199
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord800
ord2055
ord6376
ord2302
ord6055
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1168
ord1776
ord5290
ord3402
ord6743
ord1146
ord567
ord2301
ord2358
ord2361
ord2294

msvcrt

_itoa
_setmbcp
__p__commode
_acmdln
_controlfp
_except_handler3
__set_app_type
__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_XcptFilter
exit
__CxxFrameHandler
_strdup
free
_ftol
__dllonexit
_onexit
_exit

kernel32

GetStartupInfoA
GetModuleHandleA
GetCurrentProcessId
FormatMessageA
LocalFree

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPIP_LIB3/Attacker/Attacker.h
TCPIP_LIB3/Attacker/Attacker.ico
TCPIP_LIB3/Attacker/Attacker.ncb
TCPIP_LIB3/Attacker/Attacker.opt
TCPIP_LIB3/Attacker/Attacker.plg
.html
TCPIP_LIB3/Attacker/Attacker.rc
TCPIP_LIB3/Attacker/Attacker.rc2
TCPIP_LIB3/Attacker/AttackerDlg.cpp
TCPIP_LIB3/Attacker/AttackerDlg.h
TCPIP_LIB3/Attacker/StdAfx.cpp
TCPIP_LIB3/Attacker/StdAfx.h
TCPIP_LIB3/Attacker/resource.h
TCPIP_LIB3/BinaryTree.cpp
TCPIP_LIB3/BinaryTree.h
TCPIP_LIB3/ICMPSocket.cpp
TCPIP_LIB3/ICMPSocket.h
TCPIP_LIB3/ICMPSocketAsync.cpp
TCPIP_LIB3/ICMPSocketAsync.h
TCPIP_LIB3/Interfaces.cpp
TCPIP_LIB3/Interfaces.h
TCPIP_LIB3/KIPConfig/KIPConfig.cpp
TCPIP_LIB3/KIPConfig/KIPConfig.dsp
TCPIP_LIB3/KIPConfig/KIPConfig.dsw
TCPIP_LIB3/KIPConfig/KIPConfig.exe
.exe windows:4 windows x86 arch:x86

3dec34a8567ed3b2d67823f1b898632c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
FormatMessageA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CloseHandle
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
LocalFree
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetLastError
FlushFileBuffers

ws2_32

inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError
socket
WSAIoctl
closesocket

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TCPIP_LIB3/KIPConfig/KIPConfig.ncb
TCPIP_LIB3/KIPConfig/KIPConfig.opt
.js
TCPIP_LIB3/KIPConfig/KIPConfig.plg
.html
TCPIP_LIB3/KIPConfig/StdAfx.cpp
TCPIP_LIB3/KIPConfig/StdAfx.h
TCPIP_LIB3/KSniffer/ClientSocket.cpp
TCPIP_LIB3/KSniffer/ClientSocket.h
TCPIP_LIB3/KSniffer/KSniffer.aps
TCPIP_LIB3/KSniffer/KSniffer.clw
TCPIP_LIB3/KSniffer/KSniffer.cpp
TCPIP_LIB3/KSniffer/KSniffer.dsp
TCPIP_LIB3/KSniffer/KSniffer.dsw
TCPIP_LIB3/KSniffer/KSniffer.h
TCPIP_LIB3/KSniffer/KSniffer.ncb
TCPIP_LIB3/KSniffer/KSniffer.opt
TCPIP_LIB3/KSniffer/KSniffer.plg
.html
TCPIP_LIB3/KSniffer/KSniffer.rc
TCPIP_LIB3/KSniffer/KSnifferDlg.cpp
TCPIP_LIB3/KSniffer/KSnifferDlg.h
TCPIP_LIB3/KSniffer/StdAfx.cpp
TCPIP_LIB3/KSniffer/StdAfx.h
TCPIP_LIB3/KSniffer/res/KSniffer.ico
TCPIP_LIB3/KSniffer/res/KSniffer.rc2
TCPIP_LIB3/KSniffer/resource.h
TCPIP_LIB3/SniffSocket.cpp
TCPIP_LIB3/SniffSocket.h
TCPIP_LIB3/SpoofBase.cpp
.js
TCPIP_LIB3/SpoofBase.h
TCPIP_LIB3/SpoofSocket.cpp
TCPIP_LIB3/SpoofSocket.h
TCPIP_LIB3/StealthTCPScanner/ClientSocket.cpp
.js
TCPIP_LIB3/StealthTCPScanner/ClientSocket.h
TCPIP_LIB3/StealthTCPScanner/StdAfx.cpp
TCPIP_LIB3/StealthTCPScanner/StdAfx.h
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.aps
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.clw
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.cpp
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.dsp
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.dsw
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.exe
.exe windows:4 windows x86 arch:x86

14cfc75e5bd757758faa660741e66ce6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAGetLastError
gethostbyname
socket
WSAAsyncSelect
listen
connect
htonl
inet_addr
bind
recvfrom
recv
WSAIoctl
sendto
closesocket
htons
WSAStartup
setsockopt
inet_ntoa

mfc42

ord3749
ord2446
ord2124
ord641
ord6453
ord2645
ord6669
ord3803
ord2915
ord6334
ord4224
ord470
ord755
ord2379
ord2863
ord825
ord823
ord800
ord941
ord860
ord540
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2302
ord6515
ord692
ord2514
ord2621
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord4160
ord5065
ord1727
ord5261
ord2581
ord1576
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6743
ord1771
ord6366
ord2413
ord2024
ord4219
ord1146
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord1168
ord567
ord2301
ord2295
ord2364
ord2370

msvcrt

_ltoa
_setmbcp
__p__fmode
__set_app_type
_acmdln
_controlfp
_except_handler3
_strdup
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_purecall
__CxxFrameHandler
free
_ftol
_mbscmp
__dllonexit
_onexit
_exit
_XcptFilter

kernel32

GetStartupInfoA
GetModuleHandleA
GetCurrentProcessId
FormatMessageA
LocalFree
Sleep

user32

GetSystemMetrics
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
EnableWindow
LoadIconA
SendMessageA
KillTimer
SetTimer
DestroyWindow
UnregisterClassA
CreateWindowExA
DefWindowProcA
RegisterClassA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.h
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.ncb
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.opt
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.plg
.html
TCPIP_LIB3/StealthTCPScanner/StealthTCPScanner.rc
TCPIP_LIB3/StealthTCPScanner/StealthTCPScannerDlg.cpp
TCPIP_LIB3/StealthTCPScanner/StealthTCPScannerDlg.h
TCPIP_LIB3/StealthTCPScanner/res/StealthTCPScanner.ico
TCPIP_LIB3/StealthTCPScanner/res/StealthTCPScanner.rc2
TCPIP_LIB3/StealthTCPScanner/resource.h
TCPIP_LIB3/TCPServer/ClientSocket.cpp
TCPIP_LIB3/TCPServer/ClientSocket.h
TCPIP_LIB3/TCPServer/StdAfx.cpp
TCPIP_LIB3/TCPServer/StdAfx.h
TCPIP_LIB3/TCPServer/TCPServer.cpp
TCPIP_LIB3/TCPServer/TCPServer.dsp
TCPIP_LIB3/TCPServer/TCPServer.dsw
TCPIP_LIB3/TCPServer/TCPServer.exe
.exe windows:4 windows x86 arch:x86

99ff1fbdf3b030d56094f489e4da5ccb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
FormatMessageA
GetCurrentProcessId
GetModuleFileNameA
WriteFile
GetStartupInfoA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
HeapFree
GetCommandLineA
GetVersion
ExitProcess
LocalFree
HeapCreate
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapReAlloc
VirtualFree
VirtualAlloc
IsBadWritePtr

user32

CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
UnregisterClassA
RegisterClassA
DefWindowProcA

ws2_32

recv
WSAAsyncSelect
send
accept
listen
htonl
connect
WSAIoctl
recvfrom
closesocket
bind
inet_addr
htons
sendto
socket
setsockopt
inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TCPIP_LIB3/TCPServer/TCPServer.ncb
TCPIP_LIB3/TCPServer/TCPServer.opt
TCPIP_LIB3/TCPServer/TCPServer.plg
.html
TCPIP_LIB3/TCPSocket.cpp
TCPIP_LIB3/TCPSocket.h
TCPIP_LIB3/TCPSocketAsync.cpp
.vbs
TCPIP_LIB3/TCPSocketAsync.h
TCPIP_LIB3/UDPScaner/ScanSocket.cpp
.js
TCPIP_LIB3/UDPScaner/ScanSocket.h
TCPIP_LIB3/UDPScaner/StdAfx.cpp
TCPIP_LIB3/UDPScaner/StdAfx.h
TCPIP_LIB3/UDPScaner/UDPScaner.aps
TCPIP_LIB3/UDPScaner/UDPScaner.clw
TCPIP_LIB3/UDPScaner/UDPScaner.cpp
TCPIP_LIB3/UDPScaner/UDPScaner.dsp
TCPIP_LIB3/UDPScaner/UDPScaner.dsw
TCPIP_LIB3/UDPScaner/UDPScaner.exe
.exe windows:4 windows x86 arch:x86

9d2b4cc01f6a3808d5523a13f63df475

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
gethostbyname
htons
WSACleanup
WSAAsyncSelect
WSAGetLastError
setsockopt
WSAStartup
inet_ntoa
htonl
recvfrom
recv
inet_addr
closesocket
bind
sendto
socket

mfc42

ord4627
ord4234
ord641
ord1576
ord6052
ord6669
ord4224
ord6334
ord2645
ord470
ord825
ord823
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2379
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord755
ord4425
ord3597
ord324
ord800
ord3639
ord6743
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord4160
ord2863
ord6515
ord692
ord1146
ord1168
ord860
ord540
ord567
ord2370
ord2301
ord2294
ord2362
ord2302

msvcrt

_ltoa
_strdup
_setmbcp
_controlfp
_mbscmp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_purecall
__CxxFrameHandler
free
_ftol
_adjust_fdiv
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr

kernel32

GetStartupInfoA
GetModuleHandleA
Sleep
GetCurrentProcessId
FormatMessageA
LocalFree
GetTickCount

user32

EnableWindow
DefWindowProcA
GetClientRect
DrawIcon
GetSystemMetrics
IsIconic
CreateWindowExA
RegisterClassA
AppendMenuA
SendMessageA
GetSystemMenu
DestroyWindow
UnregisterClassA
LoadIconA
KillTimer
SetTimer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPIP_LIB3/UDPScaner/UDPScaner.h
TCPIP_LIB3/UDPScaner/UDPScaner.ncb
TCPIP_LIB3/UDPScaner/UDPScaner.opt
TCPIP_LIB3/UDPScaner/UDPScaner.plg
.html
TCPIP_LIB3/UDPScaner/UDPScaner.rc
TCPIP_LIB3/UDPScaner/UDPScanerDlg.cpp
.js
TCPIP_LIB3/UDPScaner/UDPScanerDlg.h
TCPIP_LIB3/UDPScaner/res/UDPScaner.ico
TCPIP_LIB3/UDPScaner/res/UDPScaner.rc2
TCPIP_LIB3/UDPScaner/res/komodia.bmp
TCPIP_LIB3/UDPScaner/resource.h
TCPIP_LIB3/UDPServer/ClientSocket.cpp
TCPIP_LIB3/UDPServer/ClientSocket.h
TCPIP_LIB3/UDPServer/StdAfx.cpp
TCPIP_LIB3/UDPServer/StdAfx.h
TCPIP_LIB3/UDPServer/UDPServer.cpp
TCPIP_LIB3/UDPServer/UDPServer.dsp
TCPIP_LIB3/UDPServer/UDPServer.dsw
TCPIP_LIB3/UDPServer/UDPServer.exe
.exe windows:4 windows x86 arch:x86

e8a27b10c4a154970b34f4dfae827cb0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FormatMessageA
GetCurrentProcessId
GetVersionExA
HeapDestroy
HeapFree
WriteFile
GetCommandLineA
GetFileType
GetStdHandle
GetStartupInfoA
GetEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
CloseHandle
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
RtlUnwind
VirtualFree
HeapCreate
GetVersion
ExitProcess
HeapAlloc
GetModuleHandleA
LocalFree
GetEnvironmentVariableA
IsBadWritePtr
HeapReAlloc
FreeEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetProcAddress
TerminateProcess
GetCurrentProcess

user32

RegisterClassA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
DestroyWindow
CreateWindowExA

ws2_32

inet_addr
WSAAsyncSelect
WSAIoctl
recvfrom
recv
closesocket
bind
htons
sendto
socket
setsockopt
inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TCPIP_LIB3/UDPServer/UDPServer.ncb
TCPIP_LIB3/UDPServer/UDPServer.opt
TCPIP_LIB3/UDPServer/UDPServer.plg
.html
TCPIP_LIB3/UDPSocket.cpp
TCPIP_LIB3/UDPSocket.h
TCPIP_LIB3/UDPSocketAsync.cpp
.vbs
TCPIP_LIB3/UDPSocketAsync.h
TCPIP_LIB3/komodia.GIF
.gif
TCPIP_LIB3/kping/PingSocket.cpp
.js
TCPIP_LIB3/kping/PingSocket.h
TCPIP_LIB3/kping/StdAfx.cpp
TCPIP_LIB3/kping/StdAfx.h
TCPIP_LIB3/kping/kping.cpp
TCPIP_LIB3/kping/kping.dsp
TCPIP_LIB3/kping/kping.dsw
TCPIP_LIB3/kping/kping.exe
.exe windows:4 windows x86 arch:x86

57a4929e8953bbcc9ace0702bdaaba93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCurrentProcessId
LocalFree
FormatMessageA
GetVersionExA
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
CloseHandle
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
HeapDestroy
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
GetTickCount
GetModuleFileNameA
GetEnvironmentVariableA
HeapReAlloc
IsBadWritePtr
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentProcess
GetProcAddress
TerminateProcess
UnhandledExceptionFilter

user32

CreateWindowExA
TranslateMessage
GetMessageA
DispatchMessageA
KillTimer
SetTimer
DestroyWindow
UnregisterClassA
RegisterClassA
DefWindowProcA

ws2_32

socket
WSAIoctl
gethostbyname
recvfrom
recv
closesocket
bind
sendto
setsockopt
inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError
WSAAsyncSelect
htons
htonl
inet_addr

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TCPIP_LIB3/kping/kping.ncb
TCPIP_LIB3/kping/kping.opt
TCPIP_LIB3/kping/kping.plg
.html
TCPIP_LIB3/ktracert/PingSocket.cpp
.js
TCPIP_LIB3/ktracert/PingSocket.h
TCPIP_LIB3/ktracert/StdAfx.cpp
TCPIP_LIB3/ktracert/StdAfx.h
TCPIP_LIB3/ktracert/ktracert.cpp
TCPIP_LIB3/ktracert/ktracert.dsp
TCPIP_LIB3/ktracert/ktracert.dsw
TCPIP_LIB3/ktracert/ktracert.exe
.exe windows:4 windows x86 arch:x86

57a4929e8953bbcc9ace0702bdaaba93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCurrentProcessId
LocalFree
FormatMessageA
GetVersionExA
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
CloseHandle
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
HeapDestroy
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
GetTickCount
GetModuleFileNameA
GetEnvironmentVariableA
HeapReAlloc
IsBadWritePtr
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentProcess
GetProcAddress
TerminateProcess
UnhandledExceptionFilter

user32

CreateWindowExA
TranslateMessage
GetMessageA
DispatchMessageA
KillTimer
SetTimer
DestroyWindow
UnregisterClassA
RegisterClassA
DefWindowProcA

ws2_32

socket
WSAIoctl
gethostbyname
recvfrom
recv
closesocket
bind
sendto
setsockopt
inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError
WSAAsyncSelect
htons
htonl
inet_addr

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TCPIP_LIB3/ktracert/ktracert.ncb
TCPIP_LIB3/ktracert/ktracert.opt
TCPIP_LIB3/ktracert/ktracert.plg
.html
TCPIP_LIB3/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

f9ed6b152dfc333ad714de19981375a8

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 888B

.rsrc Size: 68KB - Virtual size: 64KB

3dec34a8567ed3b2d67823f1b898632c

Headers

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 16KB

14cfc75e5bd757758faa660741e66ce6

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

99ff1fbdf3b030d56094f489e4da5ccb

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 17KB

9d2b4cc01f6a3808d5523a13f63df475

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 76KB - Virtual size: 74KB

e8a27b10c4a154970b34f4dfae827cb0

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 17KB

57a4929e8953bbcc9ace0702bdaaba93

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 888B

.rsrc
Size: 68KB - Virtual size: 64KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 17KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 76KB - Virtual size: 74KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 17KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 17KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 17KB