bfb34a0e607b2576358e4ef00441bf5de0d0409cd1638a0a986911ca2298049a

General

Target

bfb34a0e607b2576358e4ef00441bf5de0d0409cd1638a0a986911ca2298049a
Size

16KB
MD5

539d7d10523cd5c519551230cef0a2a0
SHA1

6793556690d72831aac6565919e488d9fc482f94
SHA256

bfb34a0e607b2576358e4ef00441bf5de0d0409cd1638a0a986911ca2298049a
SHA512

d6e17ca75ec19769fae9a16f22984a841f25c73521260deb5f3b4b0993284b48ca98f5313693a448e2ed9a471f263dfdf1e18b116e2d000862033aa443d75f9d
SSDEEP

384:k/kx48PtfiRvMALu9Vpk/2VBvrCtzh8BQjlKClUS7N:WonOMRxHBvrCtzhq2JZ

Score

N/A

Malware Config

Signatures

Files

bfb34a0e607b2576358e4ef00441bf5de0d0409cd1638a0a986911ca2298049a
.dll windows x64

ba3779af02dea67501c9b1c68c704d62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwOpenFile
ZwQueryEaFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
LdrAccessResource
ZwClose
ZwSetEaFile
memcpy
ZwAlertThread
ZwQueryInformationToken
ZwOpenProcessToken
ZwDelayExecution
ZwSetLowEventPair
ZwWaitHighEventPair
RtlNtStatusToDosError
memset
RtlInterlockedPushEntrySList
RtlInterlockedPopEntrySList
RtlIpv4StringToAddressA
ZwCreateEventPair
wcscat
LdrFindResource_U
ZwSetHighWaitLowEventPair
RtlTimeToSecondsSince1980
RtlRandomEx
RtlExitUserThread
RtlComputeCrc32

kernel32

BindIoCompletionCallback
GetLastError
CreateThread
CreateTimerQueueTimer
DeleteTimerQueueTimer
Sleep
LoadLibraryW
FreeLibrary
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetTickCount
VirtualFree
GetVersion

ws2_32

WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
WSASocketW
WSAGetLastError
closesocket
WSAStartup
WSACleanup
WSARecvFrom

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba3779af02dea67501c9b1c68c704d62

Headers

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 368B

.pdata Size: 1024B - Virtual size: 636B

.rsrc Size: 512B - Virtual size: 224B

.reloc Size: 512B - Virtual size: 114B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 368B

.pdata
Size: 1024B - Virtual size: 636B

.rsrc
Size: 512B - Virtual size: 224B

.reloc
Size: 512B - Virtual size: 114B