c80fb89fa70a84538848a594a17ec2eb4639d8d6debd2106d26e9dae3627d42f

Sharing

Copy URL Twitter E-mail

General

Target

c80fb89fa70a84538848a594a17ec2eb4639d8d6debd2106d26e9dae3627d42f
Size

55KB
MD5

7250038b53f5128aca6a55a1b0aed092
SHA1

8ddb43aefddfc2396919825befc284f8b00548f4
SHA256

c80fb89fa70a84538848a594a17ec2eb4639d8d6debd2106d26e9dae3627d42f
SHA512

c12c8011aa5a22440c0069d9bacf8e0bc916b79965ca2466cd12dc3902e1f97bee6d7367a9b5e00772ebac8d90afb61f7c03cb9f2875e8b8773eb4a7d59e0a49
SSDEEP

768:qGyYSMJkpCq7J2/GcSrmq1aJnLZSP6S2nw1iZbbeqRTrEY5CS:q2J6n7JoGctwaVZSybnwMZb7T4aCS

Score

N/A

Malware Config

Signatures

Files

c80fb89fa70a84538848a594a17ec2eb4639d8d6debd2106d26e9dae3627d42f
.dll windows x86

0b866745da3d25bd934d97542d9cd768

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwWriteFile
RtlSecondsSince1970ToTime
ZwQueryInformationFile
ZwReadFile
RtlIpv4AddressToStringA
ZwFlushVirtualMemory
RtlAddressInSectionTable
DbgPrint
qsort
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
memcpy
RtlNtStatusToDosError
memset
RtlTimeToSecondsSince1970
RtlUnicodeStringToInteger
RtlTimeToTimeFields
ZwQueryDirectoryFile
ZwSetInformationFile
ZwCreateFile
ZwWaitForSingleObject
RtlComputeCrc32
ZwAllocateLocallyUniqueId
ZwMakeTemporaryObject
ZwCreateSymbolicLinkObject
ZwDeviceIoControlFile
ZwSetEvent
RtlTimeToSecondsSince1980
ZwQueryEaFile
ZwSetEaFile
strcpy
ZwQueueApcThread
ZwCreateEvent
LdrUnloadDll
LdrGetProcedureAddress
LdrLoadDll
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwNotifyChangeKey
ZwSetInformationObject
ZwSetValueKey
RtlEqualUnicodeString
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
RtlFreeUnicodeString
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
swprintf
RtlFormatCurrentUserKeyPath
wcslen
ZwQueryVolumeInformationFile
ZwClose
ZwOpenFile
RtlRandom
RtlExitUserThread
RtlUnwind
NtQueryVirtualMemory

kernel32

GetLastError
BindIoCompletionCallback
GetTickCount
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
QueueUserWorkItem
CreateThread
FreeLibrary
SwitchToThread
VirtualFree
LoadLibraryA
VirtualAlloc
SleepEx
LocalFree
LocalAlloc

advapi32

CloseServiceHandle
MD5Update
MD5Final
OpenSCManagerW
OpenServiceW
ControlService
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureW
CryptDestroyHash
CryptReleaseContext
MD5Init

mswsock

AcceptEx

ws2_32

WSAStartup
WSACleanup
WSASocketW
WSAGetLastError
closesocket
bind
listen
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b866745da3d25bd934d97542d9cd768

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

mswsock

ws2_32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 868B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 868B

.reloc
Size: 1KB - Virtual size: 1KB