cb5cc559fe87f6f30303c2792d2de8745f3c3bc52bd3b7615682f10d980eaa36N

Sharing

Copy URL Twitter E-mail

General

Target

cb5cc559fe87f6f30303c2792d2de8745f3c3bc52bd3b7615682f10d980eaa36N
Size

108KB
MD5

01c0861d291f140405eebb49b202efa0
SHA1

3e12f3bb0eb0b0772b0f82d2460010f3ef322ae7
SHA256

cb5cc559fe87f6f30303c2792d2de8745f3c3bc52bd3b7615682f10d980eaa36
SHA512

285ae6d177517447a2540c9f42d7c6c44ab3649be9ec1f1125a77d0ced44d51eed53be21384b59796710f554e4ed13f6ebe97a7b8cdab4463240712f42443a21
SSDEEP

1536:GAMhhJ2bbXC58cWNY4kZCIo+U3AQy5amfVOV2N4iCS5VP3v+zahzOQkr:GAMhhWXC58cWTkdo+R4vxiPf9qQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb5cc559fe87f6f30303c2792d2de8745f3c3bc52bd3b7615682f10d980eaa36N

Files

cb5cc559fe87f6f30303c2792d2de8745f3c3bc52bd3b7615682f10d980eaa36N
.exe windows:5 windows x86 arch:x86

a2be6c554aa8cb37fa6808ef0bf57290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

snmp.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
atoi
wcscpy
wcslen
_except_handler3
memmove
_stricmp
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
_strnicmp
__getmainargs

advapi32

SetServiceStatus
RegEnumKeyW
RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegEnumValueA
RegQueryValueExA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetEvent
Sleep
LeaveCriticalSection
EnterCriticalSection
ResumeThread
GetTickCount
MultiByteToWideChar
SetConsoleCtrlHandler
WaitForSingleObjectEx
CreateThread
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetProcAddress
LoadLibraryExA
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
CloseHandle
CreateEventA
lstrcmpiA
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetLastError
FreeLibrary

snmpapi

SnmpUtilMemReAlloc
SnmpSvcInitUptime
SnmpUtilUnicodeToUTF8
SnmpSvcGetUptime
SnmpUtilAsnAnyCpy
SnmpSvcAddrToSocket
SnmpSvcGetEnterpriseOID
SnmpUtilOidNCmp
SnmpUtilOidCmp
SnmpUtilVarBindFree
SnmpUtilOidFree
SnmpUtilOidCpy
SnmpUtilVarBindCpy
SnmpUtilVarBindListFree
SnmpUtilMemAlloc
SnmpUtilOctetsCmp
SnmpUtilOctetsFree
SnmpSvcSetLogLevel
SnmpSvcSetLogType
SnmpUtilMemFree

ws2_32

bind
htons
getservbyname
WSASocketA
ntohl
inet_addr
WSASendTo
WSAGetLastError
WSARecvFrom
WSAStartup
WSACleanup
WSAIoctl
closesocket

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a2be6c554aa8cb37fa6808ef0bf57290

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

snmpapi

ws2_32

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 79KB - Virtual size: 80KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 79KB - Virtual size: 80KB