Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Spyeyes"
- [*] MalScore: 10.0
- [*] File Name: "ddos.dll"
- [*] File Size: 9728
- [*] File Type: "PE32 executable (DLL) (console) Intel 80386, for MS Windows"
- [*] SHA256: "c7a7fc134d874ebb60bbc4ee8594c7fe9b472340f7ee304ce1cedf182685e2fd"
- [*] MD5: "716d82810241daa5e2a41327014e9a77"
- [*] SHA1: "b2639f5808d996a32484c0d23043870d651d0864"
- [*] SHA512: "058196a90d1d2e6c4f262290f4cfbab5b592caf2447f76c5830f97984ad4b397b5e1aa3778be598732b4f0e9a95a7175dff4eb4d33357096a8cbcc668b0f8db9"
- [*] CRC32: "B2D8C52C"
- [*] SSDEEP: "96:oWHaOMll5M5ZShrp0sdr0jSx5hGK2LpDHWqe7ytpEgcRQmdHQX/Kmd5+4cs7PZAD:olOonl0WpWpjxLt61qPzP+4cuLIb/w"
- [*] Process Execution: []
- [*] Signatures Detected: [
- {
- "Description": "File has been identified by 36 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "Bkav": "W32.OnGameWLALXAJ.Trojan"
- },
- {
- "MicroWorld-eScan": "Trojan.Generic.KDV.205559"
- },
- {
- "nProtect": "Trojan/W32.Small.9728.FH"
- },
- {
- "CAT-QuickHeal": "TrojanSpy.SpyEyes.gdz"
- },
- {
- "McAfee": "PWS-Spyeye.dw"
- },
- {
- "Malwarebytes": "Trojan.SpyEyes"
- },
- {
- "TheHacker": "Trojan/Spy.SpyEyes.gdz"
- },
- {
- "Agnitum": "TrojanSpy.SpyEyes!Mv/wHCJz9P0"
- },
- {
- "Norman": "Suspicious_Gen2.MMOHQ"
- },
- {
- "TotalDefense": "Win32/SpyEye.VH"
- },
- {
- "TrendMicro-HouseCall": "TROJ_GEN.RCBCDE2"
- },
- {
- "ClamAV": "Win.Trojan.Spyeyes-559"
- },
- {
- "Kaspersky": "Trojan-Spy.Win32.SpyEyes.gdz"
- },
- {
- "BitDefender": "Trojan.Generic.KDV.205559"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.SpyEyes.kxoyf"
- },
- {
- "Ad-Aware": "Trojan.Generic.KDV.205559"
- },
- {
- "Sophos": "Mal/Generic-S"
- },
- {
- "Comodo": "UnclassifiedMalware"
- },
- {
- "F-Secure": "Trojan.Generic.KDV.205559"
- },
- {
- "DrWeb": "BackDoor.Spy.1547"
- },
- {
- "VIPRE": "Trojan.Win32.Generic!BT"
- },
- {
- "AntiVir": "TR/Spy.SpyEyes.gdz"
- },
- {
- "TrendMicro": "TROJ_GEN.RCBCDE2"
- },
- {
- "McAfee-GW-Edition": "PWS-Spyeye.dw"
- },
- {
- "Jiangmin": "TrojanSpy.SpyEyes.ceb"
- },
- {
- "Kingsoft": "Win32.Troj.SpyEyes.(kcloud)"
- },
- {
- "Microsoft": "Trojan:Win32/EyeStye.plugin"
- },
- {
- "ViRobot": "Trojan.Win32.A.SpyEyes.9728.F"
- },
- {
- "AhnLab-V3": "Spyware/Win32.SpyEyes"
- },
- {
- "GData": "Trojan.Generic.KDV.205559"
- },
- {
- "VBA32": "TrojanSpy.SpyEyes"
- },
- {
- "Panda": "Generic Malware"
- },
- {
- "Ikarus": "Trojan-Spy.Win32.SpyEyes"
- },
- {
- "Fortinet": "W32/SpyEyes.GDZ!tr"
- },
- {
- "AVG": "PSW.Generic8.CCIY"
- },
- {
- "Baidu-International": "Trojan.Win32.SpyEyes.aULb"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "free",
- "address": "0x10003074"
- },
- {
- "name": "atoi",
- "address": "0x10003078"
- },
- {
- "name": "malloc",
- "address": "0x1000307c"
- },
- {
- "name": "realloc",
- "address": "0x10003080"
- },
- {
- "name": "memset",
- "address": "0x10003084"
- },
- {
- "name": "sprintf",
- "address": "0x10003088"
- },
- {
- "name": "strtok",
- "address": "0x1000308c"
- },
- {
- "name": "srand",
- "address": "0x10003090"
- },
- {
- "name": "rand",
- "address": "0x10003094"
- }
- ],
- "dll": "msvcrt.dll"
- },
- {
- "imports": [
- {
- "name": "ioctlsocket",
- "address": "0x10003048"
- },
- {
- "name": "send",
- "address": "0x1000304c"
- },
- {
- "name": "sendto",
- "address": "0x10003050"
- },
- {
- "name": "WSAStartup",
- "address": "0x10003054"
- },
- {
- "name": "htons",
- "address": "0x10003058"
- },
- {
- "name": "socket",
- "address": "0x1000305c"
- },
- {
- "name": "connect",
- "address": "0x10003060"
- },
- {
- "name": "closesocket",
- "address": "0x10003064"
- },
- {
- "name": "inet_addr",
- "address": "0x10003068"
- },
- {
- "name": "gethostbyname",
- "address": "0x1000306c"
- }
- ],
- "dll": "WS2_32.dll"
- },
- {
- "imports": [
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x10003000"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x10003004"
- },
- {
- "name": "TerminateProcess",
- "address": "0x10003008"
- },
- {
- "name": "RtlUnwind",
- "address": "0x1000300c"
- },
- {
- "name": "CreateThread",
- "address": "0x10003010"
- },
- {
- "name": "lstrcmpA",
- "address": "0x10003014"
- },
- {
- "name": "lstrcpynA",
- "address": "0x10003018"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x1000301c"
- },
- {
- "name": "CloseHandle",
- "address": "0x10003020"
- },
- {
- "name": "lstrlenA",
- "address": "0x10003024"
- },
- {
- "name": "lstrcpyA",
- "address": "0x10003028"
- },
- {
- "name": "GetTickCount",
- "address": "0x1000302c"
- },
- {
- "name": "Sleep",
- "address": "0x10003030"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x10003034"
- },
- {
- "name": "HeapFree",
- "address": "0x10003038"
- },
- {
- "name": "HeapAlloc",
- "address": "0x1000303c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x10003040"
- }
- ],
- "dll": "KERNEL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "ddos.dll",
- "actual_checksum": "0x0000c9fa",
- "overlay": null,
- "imagebase": "0x10000000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x100016e8",
- "timestamp": "2011-01-30 20:42:30",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00001200",
- "entropy": "5.98",
- "raw_address": "0x00000400",
- "virtual_size": "0x00001074",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00003000",
- "size_of_data": "0x00000600",
- "entropy": "4.44",
- "raw_address": "0x00001600",
- "virtual_size": "0x00000547",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00004000",
- "size_of_data": "0x00000400",
- "entropy": "5.75",
- "raw_address": "0x00001c00",
- "virtual_size": "0x00000858",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00000600",
- "entropy": "1.86",
- "raw_address": "0x00002000",
- "virtual_size": "0x00000464",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x000034c0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000087"
- },
- {
- "virtual_address": "0x00003244",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000050"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000013c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000031d8",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00003000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x0000009c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "GetState",
- "address": "0x10001776"
- },
- {
- "ordinal": 2,
- "name": "SpyEye_Init",
- "address": "0x100016ee"
- },
- {
- "ordinal": 3,
- "name": "SpyEye_Start",
- "address": "0x1000191e"
- },
- {
- "ordinal": 4,
- "name": "SpyEye_Stop",
- "address": "0x10001736"
- }
- ],
- "guest_signers": {},
- "imphash": "6dc4401b4cfbfd191184a56946f37307",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 3,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "free",
- "address": "0x10003074"
- },
- {
- "name": "atoi",
- "address": "0x10003078"
- },
- {
- "name": "malloc",
- "address": "0x1000307c"
- },
- {
- "name": "realloc",
- "address": "0x10003080"
- },
- {
- "name": "memset",
- "address": "0x10003084"
- },
- {
- "name": "sprintf",
- "address": "0x10003088"
- },
- {
- "name": "strtok",
- "address": "0x1000308c"
- },
- {
- "name": "srand",
- "address": "0x10003090"
- },
- {
- "name": "rand",
- "address": "0x10003094"
- }
- ],
- "dll": "msvcrt.dll"
- },
- {
- "imports": [
- {
- "name": "ioctlsocket",
- "address": "0x10003048"
- },
- {
- "name": "send",
- "address": "0x1000304c"
- },
- {
- "name": "sendto",
- "address": "0x10003050"
- },
- {
- "name": "WSAStartup",
- "address": "0x10003054"
- },
- {
- "name": "htons",
- "address": "0x10003058"
- },
- {
- "name": "socket",
- "address": "0x1000305c"
- },
- {
- "name": "connect",
- "address": "0x10003060"
- },
- {
- "name": "closesocket",
- "address": "0x10003064"
- },
- {
- "name": "inet_addr",
- "address": "0x10003068"
- },
- {
- "name": "gethostbyname",
- "address": "0x1000306c"
- }
- ],
- "dll": "WS2_32.dll"
- },
- {
- "imports": [
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x10003000"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x10003004"
- },
- {
- "name": "TerminateProcess",
- "address": "0x10003008"
- },
- {
- "name": "RtlUnwind",
- "address": "0x1000300c"
- },
- {
- "name": "CreateThread",
- "address": "0x10003010"
- },
- {
- "name": "lstrcmpA",
- "address": "0x10003014"
- },
- {
- "name": "lstrcpynA",
- "address": "0x10003018"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x1000301c"
- },
- {
- "name": "CloseHandle",
- "address": "0x10003020"
- },
- {
- "name": "lstrlenA",
- "address": "0x10003024"
- },
- {
- "name": "lstrcpyA",
- "address": "0x10003028"
- },
- {
- "name": "GetTickCount",
- "address": "0x1000302c"
- },
- {
- "name": "Sleep",
- "address": "0x10003030"
- },
- {
- "name": "GetProcessHeap",
- "address": "0x10003034"
- },
- {
- "name": "HeapFree",
- "address": "0x10003038"
- },
- {
- "name": "HeapAlloc",
- "address": "0x1000303c"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x10003040"
- }
- ],
- "dll": "KERNEL32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": "ddos.dll",
- "actual_checksum": "0x0000c9fa",
- "overlay": null,
- "imagebase": "0x10000000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x100016e8",
- "timestamp": "2011-01-30 20:42:30",
- "osversion": "5.1",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00001200",
- "entropy": "5.98",
- "raw_address": "0x00000400",
- "virtual_size": "0x00001074",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00003000",
- "size_of_data": "0x00000600",
- "entropy": "4.44",
- "raw_address": "0x00001600",
- "virtual_size": "0x00000547",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00004000",
- "size_of_data": "0x00000400",
- "entropy": "5.75",
- "raw_address": "0x00001c00",
- "virtual_size": "0x00000858",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00005000",
- "size_of_data": "0x00000600",
- "entropy": "1.86",
- "raw_address": "0x00002000",
- "virtual_size": "0x00000464",
- "characteristics_raw": "0x42000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x000034c0",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000087"
- },
- {
- "virtual_address": "0x00003244",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000050"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00005000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000013c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000031d8",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00003000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x0000009c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [
- {
- "ordinal": 1,
- "name": "GetState",
- "address": "0x10001776"
- },
- {
- "ordinal": 2,
- "name": "SpyEye_Init",
- "address": "0x100016ee"
- },
- {
- "ordinal": 3,
- "name": "SpyEye_Start",
- "address": "0x1000191e"
- },
- {
- "ordinal": 4,
- "name": "SpyEye_Stop",
- "address": "0x10001736"
- }
- ],
- "guest_signers": {},
- "imphash": "6dc4401b4cfbfd191184a56946f37307",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 3,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement