c8e1bb52cbfafe08938f6a9554c55091

Sharing

Copy URL Twitter E-mail

General

Target

c8e1bb52cbfafe08938f6a9554c55091
Size

289KB
MD5

c8e1bb52cbfafe08938f6a9554c55091
SHA1

39f57cfcf9090a53c9895483be736fbc93e6f52a
SHA256

08cac059a82ae4dd18d6e420a6d0c13f95a784282dd2f734fe5a63002db0b2da
SHA512

9903b8f572d788881d278cf8660f969660a1a642471fcf5535fbae0d9113ce7b965cb6466a286b12d92f8d42d40db437f65b0914b07396d158ba0ffffc91ce38
SSDEEP

6144:65PZTQn/FW3JabAqPrtX9y6p2WwDDmTBJL+uSO1Q:69UWo7rrhp2Ww/mTrL+uU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8e1bb52cbfafe08938f6a9554c55091

Files

c8e1bb52cbfafe08938f6a9554c55091
.exe windows:5 windows x86 arch:x86

f13bccad370d2957b4e59eb6968fc365

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\TS\Spider\branches\mail_client\release\mliveup.pdb

Imports

ws2_32

ntohl
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup

wldap32

ord32
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord46
ord35
ord79
ord200
ord33
ord301
ord27
ord41

kernel32

GetTickCount
LoadLibraryA
FreeLibrary
InterlockedDecrement
WaitForSingleObject
FormatMessageA
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetLastError
GetLastError
SleepEx
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WriteProcessMemory
Sleep
VirtualProtect
LoadLibraryW
GetProcAddress
GetCurrentProcessId
SetUnhandledExceptionFilter

msvcr90

_strdup
_close
_fileno
_open
_read
_stricmp
calloc
realloc
free
malloc
memset
memcpy
_time64
strchr
fwrite
fread
_strnicmp
strtoul
strstr
memmove
sscanf
tolower
strtol
isxdigit
strncpy
strrchr
fseek
_strtoi64
strncmp
fclose
fgets
fopen
qsort
fputs
isdigit
sprintf
fputc
_errno
isalnum
_CxxThrowException
memchr
_gmtime64
_fstat64
_lseeki64
fflush
getenv
strerror
__sys_nerr
isalpha
_beginthreadex
_stat64
islower
isupper
isprint
isgraph
memmove_s
_mktime64
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
rand
??3@YAXPAX@Z
strftime
_localtime64
??2@YAPAXI@Z
_itoa
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
__iob_func
isspace

msvcp90

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13bccad370d2957b4e59eb6968fc365

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

msvcr90

msvcp90

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B