132d3851d4d08fa554138841b1f7185e19aa153fa21d202f0ec138aed6de6d47

Sharing

Copy URL Twitter E-mail

General

Target

132d3851d4d08fa554138841b1f7185e19aa153fa21d202f0ec138aed6de6d47
Size

1.6MB
MD5

dcf3030813e4e9c95971c0d4f6cde2f7
SHA1

9c9afc537dce1672acbaf31bf0746e98acacae3d
SHA256

132d3851d4d08fa554138841b1f7185e19aa153fa21d202f0ec138aed6de6d47
SHA512

0eff2b06dbefc870fe76fff8746088c6820da7fbd3207ff23bb3afd1ba3940afd8cafd13a36302a6062ca1efe144be3c8e9825e4051126796699d82c172f03d5
SSDEEP

24576:9IcEsGSe4xOKkxtr+KpPxyqj9CIzkQkpVwTgUqahCW2RVEZdwr8ogk42+ITkgUpj:A9/jTT5dsr8ogYTkgUpMDq3qu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
132d3851d4d08fa554138841b1f7185e19aa153fa21d202f0ec138aed6de6d47

Files

132d3851d4d08fa554138841b1f7185e19aa153fa21d202f0ec138aed6de6d47
.exe windows:5 windows x86 arch:x86

42ff506375c0343bbb0c8a9ca9e41a96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\gitlab\netca_websocket\Release\NetcaWebSocketServer.pdb

Imports

ws2_32

listen
accept
socket
connect
WSAAddressToStringW
WSAWaitForMultipleEvents
WSASetEvent
WSASetLastError
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSACleanup
WSAStartup
getprotobyname
setsockopt
select
getsockopt
ioctlsocket
freeaddrinfo
WSAResetEvent
getaddrinfo
ntohs
inet_addr
htons
getsockname
getpeername
closesocket
bind
shutdown
WSAGetLastError
send
recv
gethostname
gethostbyname

kernel32

FindFirstFileW
FindNextFileW
IsProcessorFeaturePresent
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FindClose
GetSystemTime
SystemTimeToFileTime
SetLastError
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
InterlockedIncrement
GetCurrentProcessId
GetLocalTime
GetCurrentThreadId
CreateMutexW
CreateThread
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
LockResource
CreateProcessW
GetModuleFileNameW
GetModuleFileNameA
CloseHandle
CreateFileA
ConnectNamedPipe
WriteFile
ReadFile
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
SetErrorMode
WaitNamedPipeW
Sleep
CreateFileW
GetProcAddress
LoadLibraryA
SetNamedPipeHandleState
GetFileSize
GetFileSizeEx
SetFilePointerEx
GetSystemTimeAsFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchangeAdd
DeleteFiber
SwitchToFiber
CreateFiber
GetModuleHandleW
GetVersion
GetFileType
GetStdHandle
ConvertFiberToThread
ConvertThreadToFiber
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
FreeLibrary
LoadLibraryW
GetConsoleMode
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleW
ReadConsoleA

user32

GetUserObjectInformationW
wsprintfW
GetProcessWindowStation
MessageBoxW

advapi32

ReportEventW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptGenRandom
RegisterEventSourceW
RegQueryValueExA
DeregisterEventSource
CryptDecrypt

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty

msvcp120

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_BADOFF@std@@3_JB
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

msvcr120

strtol
fputs
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_isatty
_close
_open
_read
_stat64i32
_CxxThrowException
__CxxFrameHandler3
_except1
??3@YAXPAX@Z
sprintf_s
sscanf
memmove
free
__iob_func
fprintf
_purecall
??2@YAPAXI@Z
abort
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
modf
malloc
strchr
??_V@YAXPAX@Z
strpbrk
rand
memchr
sprintf
fflush
fopen
vfprintf
fclose
signal
toupper
_difftime64
_time64
memmove_s
wmemcpy_s
wcsnlen
memcpy_s
_wtol
strncpy
memcpy
atoi
memset
getenv
strerror
strncmp
_localtime64
exit
_errno
realloc
atoll
strrchr
tolower
_stricmp
strstr
_stat32i64
__daylight
__timezone
_tzset
isspace
isdigit
qsort
strtoul
wcsstr
_vsnwprintf
_vsnprintf
_exit
raise
strcmp
strerror_s
isxdigit
_strnicmp
strspn
ferror
fread
fwrite
_setmode
_fileno
ftell
feof
fseek
fgets
_gmtime64
strcspn
_wfopen

rpcrt4

UuidCreate

Exports

Exports

_snprintf

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ff506375c0343bbb0c8a9ca9e41a96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

crypt32

msvcp120

msvcr120

rpcrt4

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 34KB - Virtual size: 43KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 34KB - Virtual size: 43KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 49KB