Sample details: 2ccc474eb85ceaa3e1fa1726580a3e5a --

Hashes
MD5: 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1: 7cf3366c68e402eb3678046fe97651a586044560
SHA256: 6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500
SSDEEP: 1536:HRqRC/AJcBuyg2q1htxvSrqtkBx5sALnR4lxCyqnelG:HR0TJKBq1hrvSrMkBx5swR41Mj
Details
File Type: PE32
Yara Hits
YRP/MS_Visual_Cpp_v8_DLL_h_small_sig2_additional | YRP/MS_Visual_Cpp_v8_DLL_h_small_sig2 | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/MSVisualCv8DLLhsmallsig2 | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/network_dns | YRP/win_registry | YRP/Str_Win32_Winsock2_Library |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/Bin/Release/ws2_32.dll
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
msvcrt.dll
WS2HELP.dll
WS2_32.dll
FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WPUCompleteOverlappedRequest
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCEnableNSProvider
WSCEnumProtocols
WSCGetProviderPath
WSCInstallNameSpace
WSCInstallProvider
WSCUnInstallNameSpace
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
__WSAFDIsSet
accept
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
inet_addr
inet_ntoa
ioctlsocket
listen
recvfrom
select
sendto
setsockopt
shutdown
socket
u29^@t-
~8_^[]
tg9w tb9w$t]9w(tX9w,tS9w0tN9w4tI
NSPStartup
WSNoteSuccessfulHostentLookup
WSAttemptAutodialName
WSAttemptAutodialAddr
rasadhlp.dll
AutodialDLL
ui9} tdj
_CLUSTER_NETWORK_NAME_
C4_^[]
QQSVW3
qVVVVj
Running
WinSock 2.0
freeaddrinfo
GetNameInfoW
getnameinfo
GetAddrInfoW
getaddrinfo
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
WSAProviderConfigChange
WPUCompleteOverlappedRequest
WSCEnableNSProvider
WSCUnInstallNameSpace
WSCInstallNameSpace
WSCGetProviderPath
WSCEnumProtocols
WSCInstallProvider
WSCDeinstallProvider
WSASetServiceW
WSASetServiceA
WSAGetServiceClassNameByClassIdW
WSAGetServiceClassNameByClassIdA
WSAEnumNameSpaceProvidersW
WSAEnumNameSpaceProvidersA
WSAGetServiceClassInfoW
WSAGetServiceClassInfoA
WSARemoveServiceClass
WSAInstallServiceClassW
WSAInstallServiceClassA
WSALookupServiceEnd
WSANSPIoctl
WSALookupServiceNextW
WSALookupServiceNextA
WSALookupServiceBeginW
WSALookupServiceBeginA
WSAStringToAddressW
WSAStringToAddressA
WSAAddressToStringW
WSAAddressToStringA
WSAWaitForMultipleEvents
WSASocketW
WSASocketA
WSASetEvent
WSASendTo
WSASendDisconnect
WSASend
WSAResetEvent
WSARecvFrom
WSARecvDisconnect
WSARecv
WSANtohs
WSANtohl
WSAJoinLeaf
WSAIoctl
WSAHtons
WSAHtonl
WSAGetQOSByName
WSAGetOverlappedResult
WSAEventSelect
WSAEnumProtocolsW
WSAEnumProtocolsA
WSAEnumNetworkEvents
WSADuplicateSocketW
WSADuplicateSocketA
WSACreateEvent
WSAConnect
WSACloseEvent
WSAAccept
WSACleanup
WSAStartup
WSAIsBlocking
WSACancelBlockingCall
WSASetLastError
WSAGetLastError
WSAUnhookBlockingHook
WSASetBlockingHook
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
WSAAsyncSelect
gethostname
getservbyport
getservbyname
getprotobynumber
getprotobyname
gethostbyname
gethostbyaddr
socket
shutdown
setsockopt
sendto
select
recvfrom
listen
inet_ntoa
inet_addr
ioctlsocket
getsockopt
getsockname
getpeername
connect
closesocket
accept
tjHtgH
WinSock_Registry_Version
System\CurrentControlSet\Services\WinSock2\Parameters
Serial_Access_Num
%08.8lX
WSPStartup
Catalog_Entries
Num_Catalog_Entries
PackedCatalogItem
Next_Catalog_Entry_ID
qProtocol_Catalog9
StoresServiceClassInfo
Version
Enabled
SupportedNameSpace
AddressFamily
ProviderId
LibraryPath
PSSSht
DisplayString
qNameSpace_Catalog5
QSVSVh
SSShL|
H4;K4t
SSShL|
protocol
Current_Protocol_Catalog
SSShL|
!FD9FH^
qYY_^[
DRIVERS\ETC\
DataBasePath
System\CurrentControlSet\Services\Tcpip\Parameters
%u.%u.%u.%u
C8_^[]
SSShL|
Current_NameSpace_Catalog
F$;G4uI
<9;~4u
QRPh(%
USER32.dll
DispatchMessageA
TranslateMessage
PeekMessageA
PostMessageA
wsprintfW
ADVAPI32.dll
KERNEL32.dll
msvcrt.dll
ntdll.dll
WS2HELP.dll
RegNotifyChangeKeyValue
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
GetTickCount
QueryPerformanceCounter
lstrcmpA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedCompareExchange
IsBadWritePtr
GetEnvironmentVariableA
GetComputerNameA
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
WaitForMultipleObjectsEx
ResetEvent
IsBadReadPtr
TlsSetValue
GetHandleInformation
ExpandEnvironmentStringsA
InterlockedExchange
GetCurrentThreadId
TlsAlloc
GetSystemInfo
HeapCreate
GetProcessHeap
HeapDestroy
TlsFree
lstrlenA
lstrcpyA
IsBadCodePtr
GetProcAddress
CreateEventA
GetModuleFileNameA
LoadLibraryA
CreateThread
FreeLibrary
WaitForSingleObject
CloseHandle
FreeLibraryAndExitThread
EnterCriticalSection
SetEvent
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SwitchToThread
SetLastError
DelayLoadFailureHook
TlsGetValue
InterlockedDecrement
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection
__isascii
isspace
_except_handler3
sprintf
_adjust_fdiv
malloc
_initterm
_stricmp
fclose
strchr
wcscpy
strtoul
wcscmp
wcslen
wcschr
RtlIpv4StringToAddressW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressA
WahCompleteRequest
WahQueueUserApc
WahEnableNonIFSHandleSupport
WahDisableNonIFSHandleSupport
WahCreateSocketHandle
WahNotifyAllProcesses
WahCreateNotificationHandle
WahWaitForNotification
WahOpenCurrentThread
WahCloseThread
WahInsertHandleContext
WahRemoveHandleContext
WahDestroyHandleContextTable
WahCreateHandleContextTable
WahEnumerateHandleContexts
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahOpenNotificationHandleHelper
WahOpenHandleHelper
WahOpenApcHelper
WahCloseSocketHandle
WahReferenceContextByHandle
ws2_32.pdb
393L3X3y3
6<6Q6W6
7!848t8
;/<?<E<w<
=/=4=y=
?D?H?_?c?o?{?
3H3c3i3o3{3
4"4+4P4
6(6)7h7F8
020?0Q0d0
3 3&3}3
4	5$51555
6$6-676I6R6[6e6w6
7T8X8`8d8l8p8
>->7>j>
2a3n3r3
3U4b4f4
5:6M8i8e9I:
5$6(6J6T6
9<:@:H:L:X:j:
;A;E;L;Q;W;
^3g3t3z3
6!6@6I6
757F7[7b7z7
798C8M8W8a8k8u8
:<;@;d;|;
< <(<,<4<8<
=Q>_>e>
2'2-292G2P2
2/3N3W3
7$8(8T8c8{8
9<9@9H9L9u9
95:A:\:i:o:
<#<8<N<{<
<;=H=N=j=
>7>A>_>
?$?(?4?d?h?u?
0,000<0d0h0
0X1c1k1r1
3;4e4x4E5
6(6A6d6
728L8P8X8\8
999A9G9R9X9^9u9|9
:D<4=Z=
1)1C1e1n1{1
7	8 828e8
9.9P9Y9f9
;);K;u;
=L>;?T?
+0H0x0
1A2O2\2b2
3#3B3m3
6-6\6j6v6|6
9,9:9i9
:<;M;z;
>F?\?w?
8@9G9L9c9i9p9
?'?n?u?~?
$0+040=0f0n0~0
0 1(181p1}1
152C2R2q2z2
3%3+3<3C3h3p3{3
4K4a4e4m4v4|4
6I6`6|6
8>8R8[8|8
:&:0:\:`:q:w:
= >2>@>Y>k>{>
0$0H0_0
1(121H1l1|1
2)2:2J2n2{2
3N3R3Z3y3
4	535q5
6&6M6c6j6t6
7,757;7g7
8n8r8z8
9J:N:V:
>D?Q?Z?e?
1+141P1Z1
4)4D4H4x4|4
6Y6s6w6
7L8P8\8t8
:1:S:a:
?]?t?x?
031L1P1\1
2_2t2x2
:*:.:7:
:W;p;t;};
=#='=1=
4'404l4p4x4|4
566C6L6k6u6
6a7m8"9>9N9Z9
::;G;P;
<!<A<M<t<
=\>`>l>v>|>
>G?^?w?
0?0F0i0
141:1b1
3-393L3_3x3
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4