dnscat2 | b2d3bfda029a90ebe28d9c2530fbfdcb2bd9e53f4d32eb42b412e56d64b48838

Sharing

Copy URL

Twitter E-mail

General

Target

b2d3bfda029a90ebe28d9c2530fbfdcb2bd9e53f4d32eb42b412e56d64b48838
Size

201KB
MD5

097bbf04ee034ed4f6b6d8554deb33d8
SHA1

5ea85cdf2d779129605243941812ee5dcf8f1ab1
SHA256

b2d3bfda029a90ebe28d9c2530fbfdcb2bd9e53f4d32eb42b412e56d64b48838
SHA512

6250c8e79c09927ec09032072dbd7a7c2e339a64a857cc2580a6d9f20129891534de3454b329292ecc2354393e5dfb3ff0ea44ecb8b6bf771c41055c54ede580
SSDEEP

3072:W3k4C2SFWeY7pO62S2S4IOsP5OhptkG8ukAigbWJ7Ma3XtITexZZ4FzK:ajC2AcpIIOgOh3IBJP3GTexZK0

Score

10^/10

dnscat2

Malware Config

Signatures

Detects dnscat2 1 IoCs

resource	yara_rule
sample	tool_dnscat2

Dnscat2 family
dnscat2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2d3bfda029a90ebe28d9c2530fbfdcb2bd9e53f4d32eb42b412e56d64b48838

Files

b2d3bfda029a90ebe28d9c2530fbfdcb2bd9e53f4d32eb42b412e56d64b48838
.exe windows:6 windows x86 arch:x86

5e03bc2cbe0820a08e1129a8e6b1fada

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\projects\MalProto\proj\test\sample\dnscat\dnscat2-master\client\win32\Release\dnscat2.pdb

Imports

ws2_32

htons
sendto
setsockopt
WSAGetLastError
bind
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect
ioctlsocket
__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
recv
getsockopt
WSAStringToAddressA
htonl
gethostname

dnsapi

DnsQueryConfig

kernel32

GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
FlushFileBuffers
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetACP
GetTimeZoneInformation
GetSystemTimeAsFileTime
WriteFile
TerminateProcess
CreatePipe
CloseHandle
CreateProcessA
ReadFile
GetStdHandle
PeekNamedPipe
Sleep
GetLastError
CreateThread
FormatMessageA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadConsoleW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
GetFullPathNameW
MultiByteToWideChar
SetStdHandle

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e03bc2cbe0820a08e1129a8e6b1fada

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dnsapi

kernel32

advapi32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB