53b8ec0597410bde8b9333cb290170269ccc6c06f4a8907e059dc01d0bce33d8

General

Target

53b8ec0597410bde8b9333cb290170269ccc6c06f4a8907e059dc01d0bce33d8
Size

16KB
MD5

99505160d68217c8a8023e9f26712a17
SHA1

74327087afb9662cf585bc2ff2155ce48e335a14
SHA256

53b8ec0597410bde8b9333cb290170269ccc6c06f4a8907e059dc01d0bce33d8
SHA512

96d499e4e1a767ae215ce12e5e6b818e8a2dd63543a6f86505325308de61b450ce543f1a38d19630b73858df94e7f3b51e8f967c658878d897e7f253357131f8
SSDEEP

384:QJOCW9Z1Bm54SpLS7yC9a4a8aPxM/WbIOQAvc9yp49Pqj2TWZPp:QJze1Bm5lpLS7yCkxvRQA3/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53b8ec0597410bde8b9333cb290170269ccc6c06f4a8907e059dc01d0bce33d8

Files

53b8ec0597410bde8b9333cb290170269ccc6c06f4a8907e059dc01d0bce33d8
.dll windows:4 windows x86 arch:x86

bcf1a8b24b6cc20ebfb6054cd0098e9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cvsbin\release builder\cvsnt\winrel\sserver_protocol.pdb

Imports

wsock32

socket
bind
connect
closesocket
getservbyport
gethostbyaddr
htons
htonl
inet_addr
gethostbyname
ioctlsocket
getservbyname
ntohs
send
recv
WSAGetLastError

libeay32_vc71

ord227
ord581
ord657
ord2291
ord680

ssleay32_vc71

ord110
ord116
ord21
ord87
ord43
ord157
ord8
ord48
ord61
ord108
ord78
ord58
ord183
ord74
ord112
ord12
ord141
ord30
ord24
ord5
ord75
ord89
ord95
ord35
ord96

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FormatMessageA
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
ExitProcess

advapi32

GetUserNameA

msvcr71

fprintf
_snprintf
strchr
strtoul
strncpy
atoi
sprintf
free
malloc
_errno
_vsnprintf
memmove
_get_osfhandle
__security_error_handler
calloc
_except_handler3
_initterm
_adjust_fdiv
__CppXcptFilter
__dllonexit
_stricmp
_onexit
_read
_write
_strdup
_iob

Exports

Exports

get_protocol_interface

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcf1a8b24b6cc20ebfb6054cd0098e9a

Headers

File Characteristics

PDB Paths

Imports

wsock32

libeay32_vc71

ssleay32_vc71

kernel32

advapi32

msvcr71

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB