Loading.... 363e542e35a5b45cf88f1204958b03b2cb56189e
Date: 16/06/2015
Type: Demande
UID: DLAM-******
Unpacked: SBOX_598C1CEC.EXE ( Win32/Dridex.P )http://virusscan.jotti.org/en/scanresult/7781518f0e2744625133b6708b24a169bec7cc1c


<config botnet="220">
   <server_list>
71.14.1.139:8443
173.230.130.172:2443
94.23.53.23:2443
176.99.6.10:8443

   </server_list>
</config>

→ msorc32r.dllhttp://virusscan.jotti.org/en/scanresult/9f7dedbbe81fcaa7674615051f5154901b2f4223

Export Table
   TimeDateStamp:          0x557EF5C6  (GMT: Mon Jun 15 15:56:54 2015)
   Name:                   0x0004D25C  ("worker_x32.dll")
   Base:                   0x00000001
   NumberOfFunctions:      0x00000002
   NumberOfNames:          0x00000002
   AddressOfFunctions:     0x0004D248
   AddressOfNames:         0x0004D250
   AddressOfNameOrdinals:  0x0004D258

   Ordinal RVA        Symbol Name
   ------- ---------- ----------------------------------
   0x0001  0x0001B97A "DllRegisterServer"
   0x0002  0x00018996 "DllUnregisterServer"