e4a0ed9a1e84ce6dbd49eb1572d11b39ff970c7a8d1d6af9a45d1c014f6f8560

Sharing

Copy URL Twitter E-mail

General

Target

e4a0ed9a1e84ce6dbd49eb1572d11b39ff970c7a8d1d6af9a45d1c014f6f8560
Size

2.7MB
MD5

005640bfd128c205c4e4f2dc72bc2178
SHA1

f39221848276e22b8e0600bbdd5e918c60bf989c
SHA256

e4a0ed9a1e84ce6dbd49eb1572d11b39ff970c7a8d1d6af9a45d1c014f6f8560
SHA512

8fc4ad827152c3d0b860dd59fedbd8bac77e22e182376b248784ca2d242eb9ba3ecd7300b24c9dac1b64d4276a87750c96f7ada9f8c4ee5e890053ce5752eb44
SSDEEP

49152:x3yHCUOuBrV3lxL/9eiGv1PXmGEDvH8lJiCuAeMVlSXMucVn8mMoRrteDRWG4hIT:VaC4rxGv1PmGTTn4oFEcGt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4a0ed9a1e84ce6dbd49eb1572d11b39ff970c7a8d1d6af9a45d1c014f6f8560

Files

e4a0ed9a1e84ce6dbd49eb1572d11b39ff970c7a8d1d6af9a45d1c014f6f8560
.dll windows:5 windows x86 arch:x86

e2a4229c6c69eb1553abd38b7663dc2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

kernel32

SetEvent
TerminateThread
TlsAlloc
InterlockedExchangeAdd
CloseHandle
QueueUserAPC
LocalFree
DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
TlsFree
FormatMessageA
InitializeCriticalSection
GetTickCount
MultiByteToWideChar
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
CreateFileA
MulDiv
GetFileAttributesExW
CreateThread
Sleep
PostQueuedCompletionStatus
TlsGetValue
GetACP
SetWaitableTimer
TlsSetValue
SetLastError
InterlockedCompareExchange
GetQueuedCompletionStatus
GetLastError
VerSetConditionMask
SleepEx
VerifyVersionInfoW
CreateIoCompletionPort
LoadLibraryA
GetProcAddress
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
CreateFileW
GetFileInformationByHandle
DeleteFileW
CopyFileW
GetFileSizeEx
GetCurrentProcess
WriteFile
DeviceIoControl
SetEndOfFile
FindClose
GetOverlappedResult
SetFilePointerEx
CreateWaitableTimerW
GetCurrentThreadId
LoadLibraryW
FreeLibrary
GlobalMemoryStatusEx
ReadConsoleW
WriteConsoleW
FormatMessageW
WaitForSingleObject
LeaveCriticalSection
WaitForMultipleObjects
InterlockedDecrement
EnterCriticalSection
CreateEventW
InterlockedExchange
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetStdHandle
GetModuleFileNameA
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
HeapSize
GetModuleHandleExW
EncodePointer
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentDirectoryW
GetFileAttributesW
GetFileTime
GetFullPathNameW
MoveFileExW
AreFileApisANSI
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread

user32

IsCharAlphaA

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptGenRandom

ws2_32

WSARecvFrom
getpeername
__WSAFDIsSet
accept
bind
closesocket
WSASend
select
listen
WSASocketW
getaddrinfo
getsockname
WSASendTo
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAStringToAddressW
htons
ntohs
ntohl
WSASetLastError
WSAGetLastError
WSAAddressToStringW
htonl
WSACleanup
WSAStartup
WSAIoctl
socket
connect

mswsock

GetAcceptExSockaddrs
AcceptEx

Exports

Exports

vmsBtDownloadPeerInfoList_GetPeer
vmsBtDownloadPeerInfoList_GetPeerCount
vmsBtDownloadPeerInfoList_UpdateList
vmsBtDownloadPeerInfo_GetBytesDownloaded
vmsBtDownloadPeerInfo_GetBytesUploaded
vmsBtDownloadPeerInfo_GetClient
vmsBtDownloadPeerInfo_GetDownloadSpeed
vmsBtDownloadPeerInfo_GetFlags
vmsBtDownloadPeerInfo_GetIp
vmsBtDownloadPeerInfo_GetUploadSpeed
vmsBtDownload_GetConnectionCount
vmsBtDownload_GetCurrentTaskProgress
vmsBtDownload_GetCurrentTracker
vmsBtDownload_GetCurrentTracker2
vmsBtDownload_GetDownloadConnectionCount
vmsBtDownload_GetDownloadLimit
vmsBtDownload_GetDownloadSpeed
vmsBtDownload_GetDownloadSpeedIncludingServiceTraffic
vmsBtDownload_GetFastResumeData
vmsBtDownload_GetFileProgress
vmsBtDownload_GetNextAnnounceInterval
vmsBtDownload_GetNextAnnounceInterval2
vmsBtDownload_GetPeerInfoList
vmsBtDownload_GetPeersStat
vmsBtDownload_GetPercentDone
vmsBtDownload_GetPiecesProgressMap
vmsBtDownload_GetSavePath
vmsBtDownload_GetShareRating
vmsBtDownload_GetState
vmsBtDownload_GetTorrent
vmsBtDownload_GetTotalDownloadedBytesCount
vmsBtDownload_GetTotalUploadedByteCount
vmsBtDownload_GetUploadLimit
vmsBtDownload_GetUploadSpeed
vmsBtDownload_GetUploadSpeedIncludingServiceTraffic
vmsBtDownload_GetWastedByteCount
vmsBtDownload_IsHandleValid
vmsBtDownload_IsPaused
vmsBtDownload_IsPieceCompleted
vmsBtDownload_MoveToFolder
vmsBtDownload_Pause
vmsBtDownload_PrioritizeFiles
vmsBtDownload_Resume
vmsBtDownload_SetDownloadLimit
vmsBtDownload_SetMagnetMetadata
vmsBtDownload_SetUploadLimit
vmsBtDownload_set_ConnectionLimit
vmsBtDownload_set_TrackerLogin
vmsBtFile_Create
vmsBtFile_CreateNewTorrent
vmsBtFile_CreateNewTorrent2
vmsBtFile_GetFileCount
vmsBtFile_GetFileName
vmsBtFile_GetFileName2
vmsBtFile_GetFileSize
vmsBtFile_GetInfoHash
vmsBtFile_GetInfoHash2
vmsBtFile_GetMagnetLink
vmsBtFile_GetPieceCount
vmsBtFile_GetPieceSize
vmsBtFile_GetTorrentBuffer
vmsBtFile_GetTorrentComment
vmsBtFile_GetTorrentComment2
vmsBtFile_GetTorrentName
vmsBtFile_GetTorrentName2
vmsBtFile_GetTotalFilesSize
vmsBtFile_GetTrackerCount
vmsBtFile_GetTrackerUrl
vmsBtFile_GetTrackerUrl2
vmsBtFile_IsMagnetLink
vmsBtFile_IsValid
vmsBtFile_LoadFromBuffer
vmsBtFile_LoadFromFile
vmsBtFile_LoadFromMagnetLink
vmsBtFile_LoadFromMagnetMetadata
vmsBtFile_Release
vmsBtPersistObject_GetStateBuffer
vmsBtPersistObject_isDirty
vmsBtSession_Create
vmsBtSession_CreateDownload
vmsBtSession_DHT_getState
vmsBtSession_DHT_isStarted
vmsBtSession_DHT_start
vmsBtSession_DHT_stop
vmsBtSession_DeleteDownload
vmsBtSession_DisableOsCash
vmsBtSession_GetDownload
vmsBtSession_GetDownloadCount
vmsBtSession_GetListenPort
vmsBtSession_GetPersistObject
vmsBtSession_GetTotalDownloadConnectionCount
vmsBtSession_GetTotalDownloadSpeed
vmsBtSession_GetTotalDownloadedByteCount
vmsBtSession_GetTotalUploadSpeed
vmsBtSession_GetTotalUploadedByteCount
vmsBtSession_IsListening
vmsBtSession_ListenOn
vmsBtSession_LocalPeers_start
vmsBtSession_LocalPeers_stop
vmsBtSession_NATPMP_start
vmsBtSession_NATPMP_stop
vmsBtSession_SetDownloadLimit
vmsBtSession_SetMaxConnections
vmsBtSession_SetMaxHalfOpenConnections
vmsBtSession_SetMaxUploads
vmsBtSession_SetProxySettings
vmsBtSession_SetUploadLimit
vmsBtSession_SetUserAgent
vmsBtSession_UPNP_start
vmsBtSession_UPNP_stop
vmsBtSession_addDHTRouter
vmsBtSession_setMultiTracker
vmsBtSession_setWriteCacheSize
vmsBt_CreateTorrentFileObject
vmsBt_CreateUTorrentDownloadsDbObject
vmsBt_Shutdown
vmsBt_getMinimumBuildRequired
vmsBt_getSession

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2a4229c6c69eb1553abd38b7663dc2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 391KB - Virtual size: 390KB

.data Size: 75KB - Virtual size: 91KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 391KB - Virtual size: 390KB

.data
Size: 75KB - Virtual size: 91KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 96KB - Virtual size: 96KB