zloader | 3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd

Sharing

Copy URL

Twitter E-mail

General

Target

3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
Size

364KB
MD5

c8492a0451b8379fcf2d0134a787b79a
SHA1

5ee7bc744232d53edd327fdbd8a7a77561857738
SHA256

3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
SHA512

3e97bcf4223d3f0b3743069154a072778ce0a41af8a93ac2c4d8fe44cbce9ea9224f1d3d8886c64cb95d42a289cc3ac0ca788ad2e4316f22a55298d92498b4b5
SSDEEP

6144:FA2PUDTWlo29fRxV6uPQ8jDoDGnHDOc86Ouj40/h/bnmlCn5pI5dumuDgc4r:FA2PUDTWloofRxV6uPQ8PJHFlswhjmoq

Score

10^/10

bot5 bot5 zloader

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

https://militanttra.at/owg.php

Attributes

build_id
15

rc4.plain

rsa_pubkey.plain

Signatures

Zloader family
zloader

Files

3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
.dll regsvr32 windows x86

dd2d13ba8ef798c612804c658c4fad5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
DeleteCriticalSection
EnterCriticalSection
EnumSystemLocalesW
ExitThread
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetDateFormatW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetSystemTime
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
IsValidLocale
LCMapStringW
LeaveCriticalSection
ReadFile
ResetEvent
SetEndOfFile
SetEvent
SystemTimeToFileTime
VirtualAlloc
WaitForSingleObject
WideCharToMultiByte
lstrcmpW

advapi32

GetTokenInformation

user32

CheckMenuItem
CheckRadioButton
CreateDialogParamW
CreateMenu
CreateWindowExW
DestroyIcon
DestroyWindow
DrawMenuBar
DrawTextW
EnableMenuItem
EnableWindow
EqualRect
GetClassNameW
GetClassWord
GetClientRect
GetDlgItem
GetFocus
GetMenu
GetParent
GetSubMenu
GetSysColor
GetSysColorBrush
GetWindowRect
InflateRect
InsertMenuItemW
InvalidateRgn
IsDialogMessageW
IsDlgButtonChecked
IsWindowEnabled
KillTimer
LoadCursorW
LoadIconA
LoadImageW
LoadStringW
MapWindowPoints
OffsetRect
RedrawWindow
ScreenToClient
SendDlgItemMessageW
SetCursor
SetDlgItemInt
SetTimer
SetWindowPlacement
ShowWindow
TrackPopupMenu
UnregisterClassW
UpdateWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
CreateSolidBrush
GetBkColor
GetObjectW
GetRgnBox
GetTextExtentPoint32W
GetTextExtentPointW
LineTo
MoveToEx
SetBkMode
SetTextColor
StartDocA
StartPage

ole32

CoCreateInstance
CoInitialize

Exports

Exports

DllRegisterServer

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dd2d13ba8ef798c612804c658c4fad5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB