bd6f6bb51cf7d447431d2dfcb2a6568e

Sharing

Copy URL

Twitter E-mail

General

Target

bd6f6bb51cf7d447431d2dfcb2a6568e
Size

239KB
MD5

bd6f6bb51cf7d447431d2dfcb2a6568e
SHA1

6af27f65d8794f9c19cdf1775c093c468d3aa70e
SHA256

02d9748d56c15931d1860763a22a26f009f792a33aedfcb8dfdff736ed8acb7c
SHA512

026917ea26e630c3ffd9415a543181f776cf0e62c58fd3a59cb8ca99825de4b8f8e049fd03aa65e269c4b1ac76cb9086b1fc7d61cc7476fa98a6e915682f8476
SSDEEP

3072:9WXRXSl+2Xl1SZJmrqIcAiQ5mdNXagj2u1EPYINqkBrtIYhEakFj1g8VzndpT+4G:YXhk+5Lm2IdiPDfwprEakVVz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd6f6bb51cf7d447431d2dfcb2a6568e

Files

bd6f6bb51cf7d447431d2dfcb2a6568e
.dll windows:5 windows x86 arch:x86

f94fac7e5cde96b6b555171bce584f5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mswsock.pdb

Imports

msvcrt

wcscmp
wcscpy
strtoul
_except_handler3
malloc
exit
getc
fopen
_adjust_fdiv
_initterm
free
strncmp
wcsncmp
wcsncpy
wcstol
_wcsnicmp
swprintf
strcpy
strlen
strpbrk
_strnicmp
wcschr
atoi
_stricmp
_wcsicmp
wcslen
wcscat
isspace
fgets
fclose
rewind
_errno
sprintf
_write
_iob
fprintf
isdigit
isxdigit
islower
memmove

ntdll

NtSetIoCompletion
NtRemoveIoCompletion
NtClose
NtSetInformationFile
NtCreateEvent
NtSetInformationObject
NtCreateIoCompletion
RtlFreeHeap
RtlRegisterSecureMemoryCacheCallback
RtlAllocateHeap
DbgPrint
NtOpenKey
RtlInitUnicodeString
RtlQueryRegistryValues
RtlGetNtProductType
NtDeviceIoControlFile
NtCreateFile
NtCancelIoFile
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
NtSetEvent
RtlRaiseStatus
NtWaitForSingleObject
NtDelayExecution
NtLoadDriver
RtlAdjustPrivilege
RtlImpersonateSelf
NtQuerySystemTime
NtAlertThread
NtQueueApcThread
NtClearEvent
NtReadFile
NtWaitForMultipleObjects
RtlNtStatusToDosError
NtQueryEvent
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeAnsiString
RtlDestroyHeap
RtlCreateHeap
RtlDeregisterWaitEx
RtlQueueWorkItem
RtlRegisterWait
NtCreateWaitablePort
NtRequestWaitReplyPort
NtConnectPort
NtReplyPort
RtlIpv6StringToAddressA
RtlIpv6StringToAddressW
RtlInitString
NtQueryValueKey
NtDuplicateObject
NtResetEvent
NtAcceptConnectPort
NtReplyWaitReceivePortEx
NtCompleteConnectPort

kernel32

LocalAlloc
LocalFree
FormatMessageA
ReadFile
WriteFile
SetConsoleMode
GetConsoleMode
CreateFileA
ExpandEnvironmentStringsA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DelayLoadFailureHook
GetComputerNameExA
WriteProcessMemory
GetCurrentThreadId
IsBadWritePtr
IsBadCodePtr
ResetEvent
SwitchToThread
HeapCreate
HeapAlloc
CreateFileMappingA
MapViewOfFile
GetProcessHeap
HeapDestroy
HeapFree
UnmapViewOfFile
VirtualFree
GetSystemInfo
FormatMessageW
lstrcmpW
TerminateThread
CreateEventW
ResumeThread
SetEvent
lstrlenW
lstrcpyW
VirtualAlloc
CreateEventA
WaitForMultipleObjects
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetOverlappedResult
OpenProcess
GetCurrentProcess
DuplicateHandle
IsBadReadPtr
WaitForSingleObject
GetTickCount
InterlockedExchange
CreateThread
InterlockedExchangeAdd
GetCurrentThread
SetThreadPriority
GetCurrentProcessId
FreeLibraryAndExitThread
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
GetLastError
Sleep
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
LoadLibraryW
ExpandEnvironmentStringsW
InterlockedDecrement
GetEnvironmentVariableA
CloseHandle
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedIncrement
SleepEx
OutputDebugStringA

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegSetValueExA
SetServiceStatus
DeregisterEventSource
RegNotifyChangeKeyValue
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegisterEventSourceA
ReportEventA
RegDeleteValueW
RegOpenCurrentUser
RegQueryInfoKeyA
RegEnumValueW
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
RegisterServiceCtrlHandlerA
RevertToSelf

rpcrt4

UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW

ws2_32

htons
socket
recv
gethostbyname
inet_addr
select
getsockname
inet_ntoa
WSACleanup
WSAGetLastError
connect
ntohs
accept
listen
send
closesocket
bind
WSAProviderConfigChange
WSAIsBlocking
WSARecv
gethostname
WSCInstallProvider
WSCUpdateProvider
WSCDeinstallProvider
getservbyport
getservbyname
WSAEnumProtocolsW
WSAIoctl
ntohl
htonl
WSCEnumProtocols
WSCGetProviderPath
WSAStartup
WSASocketW

ws2help

WahEnumerateHandleContexts
WahRemoveHandleContext
WahReferenceContextByHandle
WahInsertHandleContext
WahDestroyHandleContextTable
WahCreateHandleContextTable

Exports

Exports

AcceptEx
EnumProtocolsA
EnumProtocolsW
GetAcceptExSockaddrs
GetAddressByNameA
GetAddressByNameW
GetNameByTypeA
GetNameByTypeW
GetServiceA
GetServiceW
GetTypeByNameA
GetTypeByNameW
MigrateWinsockConfiguration
NPLoadNameSpaces
NSPStartup
ServiceMain
SetServiceA
SetServiceW
StartWsdpService
StopWsdpService
SvchostPushServiceGlobals
TransmitFile
WSARecvEx
WSPStartup
dn_expand
getnetbyname
inet_network
rcmd
rexec
rresvport
s_perror
sethostname

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SANONTCP
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94fac7e5cde96b6b555171bce584f5c

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

rpcrt4

ws2_32

ws2help

Exports

Exports

Sections

.text Size: 165KB - Virtual size: 164KB

SANONTCP Size: 47KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 165KB - Virtual size: 164KB

SANONTCP
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 11KB - Virtual size: 11KB