c51c265f406b6c58d17de5452fb01a726854493641f48656598d1f213fd6a1b9[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c51c265f406b6c58d17de5452fb01a726854493641f48656598d1f213fd6a1b9.exe
Size

475KB
MD5

740ab31cfbeeba126574752800e60bde
SHA1

c10f3dd5cb616fd007c4e342d27e814d35a5250a
SHA256

c51c265f406b6c58d17de5452fb01a726854493641f48656598d1f213fd6a1b9
SHA512

3b5a9c7c104350dc04a0a90f4204ff8a18b9a55c8130ca4f9784c8e8cb890459845ea8f18deed4c65aa8ffacdbd23c9d12b25b36e613d4dbb8607abca0bf97d2
SSDEEP

12288:DQt0D52k1e7rtT1n+mMJOE9vWN0VTTbM/0:qW1e9TRN8OEc09

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c51c265f406b6c58d17de5452fb01a726854493641f48656598d1f213fd6a1b9.exe

Files

c51c265f406b6c58d17de5452fb01a726854493641f48656598d1f213fd6a1b9.exe
.exe windows:5 windows x86 arch:x86

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Documents\Visual Studio 2010\Projects\server-side-bot\Release\server-side-bot.pdb

Imports

winhttp

WinHttpWriteData
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpCrackUrl

user32

wsprintfW
GetSystemMetrics
wsprintfA

dnsapi

DnsQuery_A
DnsFree

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
inet_addr
htons
socket
connect
send
closesocket
htonl
recv
__WSAFDIsSet
select
listen
bind
accept
WSAGetLastError
shutdown
ioctlsocket
sendto

urlmon

ObtainUserAgentString

advapi32

StartServiceW
RegisterServiceCtrlHandlerW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenServiceW
CreateServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
SetServiceStatus

iphlpapi

GetAdaptersInfo
GetBestInterface
SendARP

shell32

ShellExecuteExW
SHChangeNotify
ord680

ole32

CoUninitialize
CoCreateGuid
CoInitialize

shlwapi

StrCatW
StrStrIW

kernel32

HeapSize
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapCreate
GetCurrentThreadId
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
GetCPInfo
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
TlsFree
LoadLibraryW
CompareStringW
HeapReAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DeleteCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
CloseHandle
WaitForSingleObject
CreateProcessW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleW
lstrcatW
GetEnvironmentVariableW
ExitProcess
WriteFile
CreateFileW
MoveFileW
lstrcpyW
GetModuleFileNameW
Sleep
LoadLibraryA
SetThreadContext
ReadProcessMemory
GetThreadContext
VirtualProtect
ResumeThread
InitializeCriticalSection
FreeLibrary
LeaveCriticalSection
GetModuleHandleExW
EnterCriticalSection
GetTickCount
IsBadReadPtr
CreateThread
TerminateThread
ExitThread
VirtualFree
MultiByteToWideChar
VirtualAlloc
SetLastError
OutputDebugStringA
GetLastError
IsBadCodePtr
GetCurrentProcess
GetSystemDirectoryW
DeleteFileW
CreateMutexW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetShortPathNameW
CopyFileW
GetWindowsDirectoryW
CreateEventW
SetEvent
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetTempPathW
GlobalMemoryStatusEx
GetProcessAffinityMask
GetSystemInfo
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime

Exports

Exports

CfgGetBotVersion
CfgGetCurrentDomain
CfgGetCurrentPort
CfgReadConfigBinary
CfgReadConfigInteger
CfgReadConfigString
CfgWriteConfigBinary
CfgWriteConfigInteger
CfgWriteConfigString
NetGetStringFromServer
NetGetStringFromServerSpecifyLocation
NetSendDataToServer
NetSendStringToServer
RtlParseString

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

johfcvn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

user32

dnsapi

ws2_32

urlmon

advapi32

iphlpapi

shell32

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 40KB - Virtual size: 41KB

johfcvn Size: - Virtual size: 4KB

.text Size: 162KB - Virtual size: 164KB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 40KB - Virtual size: 41KB

johfcvn
Size: - Virtual size: 4KB

.text
Size: 162KB - Virtual size: 164KB