a49d5f279f9c4d556adc029ee1a9f9e07e85d09ac07a8370ee395a1960b132b7

Sharing

Copy URL Twitter E-mail

General

Target

a49d5f279f9c4d556adc029ee1a9f9e07e85d09ac07a8370ee395a1960b132b7
Size

39KB
MD5

f8ac9d95e1c5f36e0512e1ff73bca010
SHA1

d646bdf1e6814f2642e5eaf68ed047aa1803e052
SHA256

a49d5f279f9c4d556adc029ee1a9f9e07e85d09ac07a8370ee395a1960b132b7
SHA512

bce05cadfa92d88b0926cd368afa187099cbe523ead09f99da6491eeae822e8dfe5604e772ec32ddc273149a7852cf0cd10450d92566b8acb47688d9a6d466fa
SSDEEP

768:BT5GtoBABcesAOnZHCdlBm8AQ0fi+cCHGF8:TGtRe0OVAJC

Score

N/A

Malware Config

Signatures

Files

a49d5f279f9c4d556adc029ee1a9f9e07e85d09ac07a8370ee395a1960b132b7
.dll windows x64

19ad12e123aa894ec315671757553702

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwQueueApcThread
ZwCreateEvent
wcschr
LdrGetProcedureAddress
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
memcpy
ZwQueryVolumeInformationFile
ZwOpenFile
ZwDeleteFile
ZwQuerySystemInformation
RtlExitUserThread
ZwAdjustPrivilegesToken
ZwOpenThreadTokenEx
ZwImpersonateThread
ZwOpenThread
ZwCreateSection
ZwWriteFile
ZwCreateFile
strcpy
memset
ZwClose
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
swprintf
ZwSetLowEventPair
RtlNtStatusToDosError
RtlComputeCrc32
ZwReadFile
RtlAddressInSectionTable
wcscpy
ZwSetInformationFile
ZwSetEaFile
wcstoul
ZwQueryDirectoryFile
ZwQueryEaFile
qsort
RtlTimeToSecondsSince1980
ZwUnmapViewOfSection
RtlAdjustPrivilege
ZwMapViewOfSection
__chkstk
__C_specific_handler

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
LocalFree
LocalAlloc
Sleep
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserAPC
DisableThreadLibraryCalls
CreateThread
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
VirtualFree

advapi32

CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureW
CryptSetHashParam
CryptCreateHash
CryptReleaseContext
MD5Init
CryptGenRandom
CryptImportKey
CryptAcquireContextW
MD5Final
MD5Update

mswsock

AcceptEx

ws2_32

setsockopt
WSASend
WSARecv
WSAIoctl
listen
WSASendTo
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
bind
WSARecvFrom

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19ad12e123aa894ec315671757553702

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

mswsock

ws2_32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 276B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 276B