7e5537cc42736e812be8321f560a98c1

Sharing

Copy URL Twitter E-mail

General

Target

7e5537cc42736e812be8321f560a98c1
Size

72KB
MD5

7e5537cc42736e812be8321f560a98c1
SHA1

e7e08de577195205f97f92bd737bb572f492c22d
SHA256

a3caac98154b0751ac5b778f5bd42ef53f8ceb11ae3412a285151215307cf8aa
SHA512

58d29953304ae3f6230f854b788046b9179637a848134ec3c13b104d1110db09354f0f33093b40c798ee2c090e97bedfed3e4f45d1d317df5e9f337d01f6a86f
SSDEEP

1536:ZeCdjGA38po+U87UwtXx/VSbrz/diwxSxkxLDpXvaz6Wg5MFdfFRlubhTGuib5Md:ACdjZ3CHXx/gbrz/diwxSxkxLDpXvazE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e5537cc42736e812be8321f560a98c1

Files

7e5537cc42736e812be8321f560a98c1
.exe windows:4 windows x86 arch:x86

9158b8073ac51e8dd98f822718fab678

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\周令俊\桌面\Hack\YaBot-LEAKiSO-20072\bin32\bot.pdb

Imports

kernel32

CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
TerminateProcess
GlobalMemoryStatus
FreeLibrary
LoadLibraryExA
CreateThread
TerminateThread
CopyFileA
SetFileAttributesA
GetTempPathA
GetWindowsDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
GetShortPathNameA
GetTickCount
SetProcessWorkingSetSize
GetDiskFreeSpaceExA
GetVersionExA
GetSystemDirectoryA
GetComputerNameA
GetLocaleInfoA
GetFileSize
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
LockResource
ExitProcess
WriteFile
CreateFileA
CloseHandle
DeleteFileA
GetDateFormatA
GetTimeFormatA
OutputDebugStringA
GetStdHandle
SetConsoleTextAttribute
Sleep
CreateMutexA
GetLastError
CreateProcessA

advapi32

RegCreateKeyExA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus

shell32

ShellExecuteA

mpr

WNetAddConnection2A
WNetCancelConnection2A

msvcrt

atoi
_snprintf
fclose
fprintf
fopen
printf
strncat
_vsnprintf
strncpy
toupper
strtok
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
malloc
strstr
islower
rand
srand
atol
system

netapi32

NetShareDel

wininet

InternetGetConnectedStateEx

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname
gethostbyaddr
inet_addr
recv
send
closesocket
connect
htons
socket
getsockname
WSACloseEvent
shutdown
sendto

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

Sections

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9158b8073ac51e8dd98f822718fab678

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

mpr

msvcrt

netapi32

wininet

ws2_32

ntdll

Sections

.bss Size: - Virtual size: 2KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 10KB - Virtual size: 10KB

.bss
Size: - Virtual size: 2KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 10KB - Virtual size: 10KB