726ba8304085d6054938ee6993336ba87a13ea0c871a838b787f9c86c2f834ea

Sharing

Copy URL

Twitter E-mail

General

Target

726ba8304085d6054938ee6993336ba87a13ea0c871a838b787f9c86c2f834ea
Size

35KB
MD5

dba964d20a17ba1a53aa4ccf1e343ee6
SHA1

a811ad7fd84a667e7da408d6676f2c91f034e4d2
SHA256

726ba8304085d6054938ee6993336ba87a13ea0c871a838b787f9c86c2f834ea
SHA512

395d5b2606300a4ca955defa4a9c8ccbc40557d4f4afaad36e4c222914c4a5ae72b1c3cc1ba2e5f32f2c24d74f6a1d35b8da8c947a222fa555aa936d5f5c0d14
SSDEEP

384:ijyvlE/DbortfVqA3C5y4UVjdx+jhBhXkMqxCfYWhuQWQTZOxP:ijMlE/Dbg6AS5Nkd8jNXkZxCWYW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
726ba8304085d6054938ee6993336ba87a13ea0c871a838b787f9c86c2f834ea

Files

726ba8304085d6054938ee6993336ba87a13ea0c871a838b787f9c86c2f834ea
.exe windows:5 windows x86 arch:x86

b1d55fa515e5a04d4aacd0f14e36c6a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

netstat.pdb

Imports

msvcrt

_iob
_setmode
_cexit
__initenv
__getmainargs
_initterm
wcslen
wcscpy
exit
toupper
__setusermatherr
_adjust_fdiv
__p__commode
fprintf
__p__fmode
__set_app_type
_except_handler3
_controlfp
time
strchr
sscanf
_strupr
_c_exit
_exit
sprintf
_XcptFilter
system

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryExA
Sleep
SetThreadUILanguage
LoadLibraryA
OpenProcess
lstrcmpiA
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
FormatMessageA
GetCurrentProcess
CloseHandle
LocalFree
GetSystemDirectoryA
GetProcessHeap
HeapFree
GetLastError

dbghelp

SymCleanup

psapi

GetModuleBaseNameA

iphlpapi

GetIcmpStatsFromStackEx
GetUdpStatsFromStackEx
GetTcpStatsFromStackEx
GetIpStatsFromStackEx
AllocateAndGetTcpExTableFromStack
AllocateAndGetTcpExTable2FromStack
AllocateAndGetUdpExTable2FromStack
AllocateAndGetUdpExTableFromStack

user32

CharToOemBuffW
CharToOemBuffA

ws2_32

gethostname
htons
ntohs
WSAStartup
getnameinfo
ntohl

snmpapi

SnmpUtilVarBindFree
SnmpUtilMemFree
SnmpUtilMemAlloc
SnmpUtilOidCpy

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1d55fa515e5a04d4aacd0f14e36c6a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

dbghelp

psapi

iphlpapi

user32

ws2_32

snmpapi

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 14KB - Virtual size: 174KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 14KB - Virtual size: 174KB