87d09e1c70461a716ea622bf6c40d04e

Sharing

Copy URL Twitter E-mail

General

Target

87d09e1c70461a716ea622bf6c40d04e
Size

136KB
MD5

87d09e1c70461a716ea622bf6c40d04e
SHA1

894b92a8bd4057436fa3484c00a0db5256778f6c
SHA256

c8c6c1f9c03cba9ddb51a6c50e9964bb9fc9f0f4e1f5ef84b83af523da96a3ef
SHA512

001e6fd9a4f461b0b19dc5b5f7304babc78254fd65e320fa08fe6d79784f3e1ecaad1ff4ff8d87340dc6309dafc48d1b4d772047dbaa4d0fcbdde81aa912ed4f
SSDEEP

1536:xy3yppnxpUhVsEZDbn0j47nk4AyJnpaX20l8LEIg/l6PSF08:xmavUhVsEZHn0Ak54LEIGl6Po

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87d09e1c70461a716ea622bf6c40d04e

Files

87d09e1c70461a716ea622bf6c40d04e
.dll windows:4 windows x86 arch:x86

2f565772032082fb4af951b17253087e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\KernelBots_Up10\Shell\Release\Shell.pdb

Imports

ws2_32

inet_ntoa
WSACleanup
closesocket
select
connect
htons
setsockopt
htonl
sendto
WSAStartup
send
socket
inet_addr
gethostbyname

kernel32

Sleep
CreateThread
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
lstrcpyW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
GetModuleFileNameA
CloseHandle
GetSystemDirectoryA
OpenFile
lstrlenW
GetModuleFileNameW
GetLastError
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateProcessW
GetSystemDirectoryW
GetCurrentProcess
CreateFileW
CopyFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetExitCodeThread
WaitForSingleObject
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
GetVolumeInformationW
ExitProcess
RtlUnwind
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
VirtualProtect
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
GetSystemInfo
SetEndOfFile
ReadFile
HeapAlloc
GetCurrentThreadId
HeapSize

user32

ShowWindow
CreateWindowExW
RegisterClassExW
wsprintfW
UpdateWindow
GetWindowLongW
GetMessageW
DispatchMessageW
TranslateMessage
DefWindowProcW
PostQuitMessage
SetWindowLongW
GetClientRect

advapi32

ChangeServiceConfigW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CreateServiceW
RegOpenKeyExW
ControlService
CloseServiceHandle

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

Exports

Exports

DestoryAntiVirus
GetDllModuleControl
StartShell

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f565772032082fb4af951b17253087e

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 48KB - Virtual size: 65KB

.Shell__ Size: 4KB - Virtual size: 520B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 48KB - Virtual size: 65KB

.Shell__
Size: 4KB - Virtual size: 520B

.reloc
Size: 8KB - Virtual size: 6KB