cc4a6a4a1e0b005ab0a78372cfc177a7

Sharing

Copy URL Twitter E-mail

General

Target

cc4a6a4a1e0b005ab0a78372cfc177a7
Size

98KB
MD5

cc4a6a4a1e0b005ab0a78372cfc177a7
SHA1

d77cf6d33fd1e48ec039cd7acda6a0870e9aeab6
SHA256

cfefbe8f244d09ccf392187a3e593ba223710639f31cfdf978160e25613b38f1
SHA512

1d9b4b536d6ebf227b9cbf0aba112a8cab70ec366534db4b9da5a8cbcd886f1888f3700e6d7f0786d8b843bfbe7ec5dcbb42389e3036ed6b97aa98d00d343573
SSDEEP

1536:3FjKD6Wd5pZNXAlUvpg5PPE776GxNGUK28STQ0UoFjgieUWj8PHYMiA5iuYw:3AD6WTg5PZeNGUT1RYv4PHRgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc4a6a4a1e0b005ab0a78372cfc177a7

Files

cc4a6a4a1e0b005ab0a78372cfc177a7
.exe windows:4 windows x86 arch:x86

59bfd82dd01b9ae78c7b5e8e9e1167ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dev\work\lucy\505_20060618_1724\Yahoo\YPager\msgrcli\YServer\Release\YServer.pdb

Imports

wsock32

getsockname
closesocket
WSAStartup
send
inet_addr
getpeername
WSAGetLastError
ntohs
recv
gethostbyname
gethostname
listen
bind
htons
socket
setsockopt
accept

kernel32

SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
FindClose
GetTempPathA
GetTempFileNameA
GetACP
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
CloseHandle
CreateThread
lstrcmpiA
lstrcpynA
CreateEventA
GetTickCount
Sleep
SetEvent
GetModuleFileNameA
GetModuleHandleA
WaitForMultipleObjects
TerminateThread
GetCurrentThreadId
WriteFile
CreateFileA
GetShortPathNameA
GetExitCodeThread
GetCurrentProcessId
MultiByteToWideChar
OutputDebugStringW
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileIntA
IsBadReadPtr
IsBadWritePtr

user32

GetMessageA
LoadStringA
IsWindow
SendMessageA
PostMessageA
DispatchMessageA
LoadIconA
GetActiveWindow
wvsprintfA
wsprintfA
DefWindowProcA
PostQuitMessage
MoveWindow
MessageBoxA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
PostThreadMessageA

gdi32

GetStockObject

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

ole32

CoRevokeClassObject
CoTaskMemAlloc
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoRegisterClassObject

msvcr71

_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_vsnprintf
wcslen
isupper
_mbsnbcpy
wcstombs
localtime
isxdigit
strtok
_mkdir
__CxxFrameHandler
_controlfp
_except_handler3
__setusermatherr
memset
__security_error_handler
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
ctime
gmtime
time
_read
strstr
_stricmp
_creat
??3@YAXPAX@Z
??2@YAPAXI@Z
_strdup
free
_ftime
calloc
_mbschr
atoi
_snprintf
_write
_open
_close
_unlink
sprintf
_errno
strncpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_lseek
_mbsnbcat
rename
_mbscmp
_stat
_mbsrchr

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ddata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59bfd82dd01b9ae78c7b5e8e9e1167ef

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

gdi32

advapi32

ole32

msvcr71

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 544B

.rsrc Size: 1KB - Virtual size: 1KB

.ddata Size: 15KB - Virtual size: 15KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 544B

.rsrc
Size: 1KB - Virtual size: 1KB

.ddata
Size: 15KB - Virtual size: 15KB