f2ce101698952e1c4309f8696fd43d694a79d35bb090e6a7fd4651c8f41794a3

Sharing

Copy URL

Twitter E-mail

General

Target

f2ce101698952e1c4309f8696fd43d694a79d35bb090e6a7fd4651c8f41794a3
Size

666KB
MD5

d0cb15e5fd961e4f5b3b120fc60dbdf8
SHA1

9ec2f21641bd3f482b4c85cd6050432dc05e7680
SHA256

f2ce101698952e1c4309f8696fd43d694a79d35bb090e6a7fd4651c8f41794a3
SHA512

98f93300fbe3d9b7c6a0f7d8067da0ec5236e6d46593fb189274b2139f470240bb0a4cffd54e40a8ef6d3359ddc64e846e9ded55743a49319dbe1a7234571905
SSDEEP

6144:v0qF0LjWCJRiVGGmiFgvLyMkbhxUKvQl7LQmVbAObcxnrmnUHVe5:vbF0mCfiVGGgVKvQ1Qmh1cxnU+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2ce101698952e1c4309f8696fd43d694a79d35bb090e6a7fd4651c8f41794a3

Files

f2ce101698952e1c4309f8696fd43d694a79d35bb090e6a7fd4651c8f41794a3
.exe windows:5 windows x86 arch:x86

d077c94c96f4bea114118851961439bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\磁盘\E\项目问题\版本\UDPUDP-英文\bin\server.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegEnumValueW

user32

wsprintfW

ws2_32

freeaddrinfo
getnameinfo
getaddrinfo
WSAGetLastError
WSAStartup
WSACleanup
getsockname
ntohs
select
bind
socket
setsockopt
closesocket
getsockopt
getpeername
ntohl
WSASendTo
htonl
WSARecvFrom
__WSAFDIsSet

kernel32

FormatMessageW
LocalFree
SetThreadAffinityMask
QueryPerformanceFrequency
OpenThread
SetEvent
GetCurrentProcess
OpenProcess
LoadLibraryW
TerminateProcess
GetLastError
GetProcAddress
CloseHandle
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
CreateDirectoryW
WriteFile
ReadFile
CreateFileW
GlobalMemoryStatus
GetDriveTypeW
GetComputerNameW
GetVersionExW
GetDiskFreeSpaceExW
GetFileSize
CreateMutexW
SetFilePointer
SetErrorMode
CreateProcessW
MoveFileExW
OutputDebugStringW
GetPrivateProfileStringW
WideCharToMultiByte
VirtualFreeEx
Sleep
GetModuleFileNameW
MultiByteToWideChar
WritePrivateProfileStringW
VirtualAllocEx
LoadLibraryA
RemoveDirectoryW
GetShortPathNameW
OutputDebugStringA
DeleteFileW
lstrcpyW
CreateThread
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetFileAttributesW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetProcessHeap
WaitForSingleObject
ReleaseMutex
CreateEventW
GetModuleHandleA

Exports

Exports

??0CCC@@QAE@XZ
??0CUDTException@@QAE@ABV0@@Z
??0CUDTException@@QAE@HHH@Z
??1CCC@@UAE@XZ
??1CUDTException@@UAE@XZ
??4CCC@@AAEAAV0@ABV0@@Z
??4CUDTException@@QAEAAV0@ABV0@@Z
??_7CCC@@6B@
??_7CUDTException@@6B@
??_FCUDTException@@QAEXXZ
?EASYNCFAIL@CUDTException@@2HB
?EASYNCRCV@CUDTException@@2HB
?EASYNCSND@CUDTException@@2HB
?EBOUNDSOCK@CUDTException@@2HB
?ECONNFAIL@CUDTException@@2HB
?ECONNLOST@CUDTException@@2HB
?ECONNREJ@CUDTException@@2HB
?ECONNSETUP@CUDTException@@2HB
?ECONNSOCK@CUDTException@@2HB
?EDGRAMILL@CUDTException@@2HB
?EDUPLISTEN@CUDTException@@2HB
?EFILE@CUDTException@@2HB
?EINVOP@CUDTException@@2HB
?EINVPARAM@CUDTException@@2HB
?EINVPOLLID@CUDTException@@2HB
?EINVRDOFF@CUDTException@@2HB
?EINVSOCK@CUDTException@@2HB
?EINVWROFF@CUDTException@@2HB
?ELARGEMSG@CUDTException@@2HB
?ENOBUF@CUDTException@@2HB
?ENOCONN@CUDTException@@2HB
?ENOLISTEN@CUDTException@@2HB
?ENOSERVER@CUDTException@@2HB
?EPEERERR@CUDTException@@2HB
?ERDPERM@CUDTException@@2HB
?ERDVNOSERV@CUDTException@@2HB
?ERDVUNBOUND@CUDTException@@2HB
?ERESOURCE@CUDTException@@2HB
?ERROR@UDT@@3HB
?ESECFAIL@CUDTException@@2HB
?ESOCKFAIL@CUDTException@@2HB
?ESTREAMILL@CUDTException@@2HB
?ETHREAD@CUDTException@@2HB
?EUNBOUNDSOCK@CUDTException@@2HB
?EUNKNOWN@CUDTException@@2HB
?EWRPERM@CUDTException@@2HB
?INVALID_SOCK@UDT@@3HB
?SUCCESS@CUDTException@@2HB
?accept@UDT@@YAHHPAUsockaddr@@PAH@Z
?bind@UDT@@YAHHI@Z
?bind@UDT@@YAHHPBUsockaddr@@H@Z
?cleanup@UDT@@YAHXZ
?clear@CUDTException@@UAEXXZ
?close@CCC@@UAEXXZ
?close@UDT@@YAHH@Z
?connect@UDT@@YAHHPBUsockaddr@@H@Z
?epoll_add_ssock@UDT@@YAHHIPBH@Z
?epoll_add_usock@UDT@@YAHHHPBH@Z
?epoll_create@UDT@@YAHXZ
?epoll_release@UDT@@YAHH@Z
?epoll_remove_ssock@UDT@@YAHHI@Z
?epoll_remove_usock@UDT@@YAHHH@Z
?epoll_wait@UDT@@YAHHPAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@0_JPAV?$set@IU?$less@I@std@@V?$allocator@I@2@@3@2@Z
?getErrorCode@CUDTException@@UBEHXZ
?getErrorMessage@CUDTException@@UAEPBDXZ
?getPerfInfo@CCC@@IAEPBUCPerfMon@@XZ
?getlasterror@UDT@@YAAAVCUDTException@@XZ
?getpeername@UDT@@YAHHPAUsockaddr@@PAH@Z
?getsockname@UDT@@YAHHPAUsockaddr@@PAH@Z
?getsockopt@UDT@@YAHHHW4UDTOpt@@PAXPAH@Z
?getsockstate@UDT@@YA?AW4UDTSTATUS@@H@Z
?init@CCC@@UAEXXZ
?listen@UDT@@YAHHH@Z
?onACK@CCC@@UAEXABH@Z
?onLoss@CCC@@UAEXPBHABH@Z
?onPktReceived@CCC@@UAEXPBVCPacket@@@Z
?onPktSent@CCC@@UAEXPBVCPacket@@@Z
?onTimeout@CCC@@UAEXXZ
?perfmon@UDT@@YAHHPAUCPerfMon@@_N@Z
?processCustomMsg@CCC@@UAEXPBVCPacket@@@Z
?recv@UDT@@YAHHPADHH@Z
?recvfile@UDT@@YA_JHAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@AA_J_JH@Z
?recvmsg@UDT@@YAHHPADH@Z
?select@UDT@@YAHHPAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@00PBUtimeval@@@Z
?selectEx@UDT@@YAHABV?$vector@HV?$allocator@H@std@@@std@@PAV23@11_J@Z
?send@UDT@@YAHHPBDHH@Z
?sendCustomMsg@CCC@@IBEXAAVCPacket@@@Z
?sendfile@UDT@@YA_JHAAV?$basic_fstream@DU?$char_traits@D@std@@@std@@AA_J_JH@Z
?sendmsg@UDT@@YAHHPBDHH_N@Z
?setACKInterval@CCC@@IAEXABH@Z
?setACKTimer@CCC@@IAEXABH@Z
?setBandwidth@CCC@@AAEXABH@Z
?setMSS@CCC@@AAEXABH@Z
?setMaxCWndSize@CCC@@AAEXABH@Z
?setRTO@CCC@@IAEXABH@Z
?setRTT@CCC@@AAEXABH@Z
?setRcvRate@CCC@@AAEXABH@Z
?setSndCurrSeqNo@CCC@@AAEXABH@Z
?setUserParam@CCC@@IAEXPBDABH@Z
?setsockopt@UDT@@YAHHHW4UDTOpt@@PBXH@Z
?socket@UDT@@YAHHHH@Z
?startup@UDT@@YAHXZ

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d077c94c96f4bea114118851961439bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 394KB - Virtual size: 394KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 177KB - Virtual size: 180KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 394KB - Virtual size: 394KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 177KB - Virtual size: 180KB

.reloc
Size: 18KB - Virtual size: 17KB