SecuriteInfo[.]com[.]BackDoor[.]IRC[.]Bot[.]2716[.]19571[.]23308[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.BackDoor.IRC.Bot.2716.19571.23308.dll
Size

436KB
MD5

6272ed275d1876f231683d01070b54da
SHA1

e3537dd595c826f37124a6131c5905169597d031
SHA256

a8ca3198f6c01e32d55bd61c6ba53aea6cbc2faaa8fa192a38ee2ab6d3937de8
SHA512

1aac150a074793bbf2a0ac32788dd60a3437851e8868735c77df8269cb69546ddda37bb0dc9f14e4e7ee674235dd14069d87afbfcdf6d5b8ead272ff25f9e546
SSDEEP

12288:/u2ix17idLirUjjTPJBVTccB7ZtatizhK:lzEUTxcAZU4zU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.BackDoor.IRC.Bot.2716.19571.23308.dll

Files

SecuriteInfo.com.BackDoor.IRC.Bot.2716.19571.23308.dll
.dll windows:4 windows x86 arch:x86

48bac8a20eb43263f2f4a42ac3fc80d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

perl516

Perl_gv_fetchpvn_flags
Perl_sv_2mortal
Perl_sv_setuv
Perl_newSVrv
Perl_sv_2bool_flags
Perl_newSV_type
Perl_croak_xs_usage
Perl_sv_2uv_flags
Perl_croak_no_modify
Perl_sv_newmortal
Perl_stack_grow
Perl_newSVuv
Perl_sv_bless
Perl_sv_unmagic
Perl_sv_magic
Perl_sv_free
Perl_xs_apiversion_bootcheck
Perl_newXS
Perl_xs_version_bootcheck
Perl_sv_2pv_flags
Perl_call_list

msvcrt

_adjust_fdiv
malloc
_initterm
free
memcmp

kernel32

DisableThreadLibraryCalls

Exports

Exports

_boot_Tie__Hash__NamedCapture
boot_Tie__Hash__NamedCapture

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ