73a5277a49220fc191179258f7749eb94a6f0105730537ec255abf020d62dc4f

Sharing

Copy URL Twitter E-mail

General

Target

73a5277a49220fc191179258f7749eb94a6f0105730537ec255abf020d62dc4f
Size

91KB
MD5

378009ce9d82eada61a880bd57e11737
SHA1

8591d68e955b8e13f0fd223efb5b0c21759292e2
SHA256

73a5277a49220fc191179258f7749eb94a6f0105730537ec255abf020d62dc4f
SHA512

57158fb2766e6e6685a847686874d2e7d7752ff1d93db24bf1e3a0fe1888a449b8e7825eed01ebff4df2afc78f3b1843044e69f0337f30881c2e77de9420a759
SSDEEP

1536:EfIrb9/fYr0uw1Gx1yrRP1JnpoSjBC04fPgydvXfskJcP3sy:939zcvyrZ1JpoS1C04fPLYp

Score

N/A

Malware Config

Signatures

Files

73a5277a49220fc191179258f7749eb94a6f0105730537ec255abf020d62dc4f
.dll windows x86

31ec5cd4a5ac0a22b280a5f9b0502c0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueueApcThread
ZwAllocateVirtualMemory
ZwWriteVirtualMemory
RtlGetCurrentPeb
RtlPrefixUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
ZwWaitForSingleObject
ZwOpenProcessToken
ZwQueryInformationToken
ZwFreeVirtualMemory
ZwDeleteFile
ZwImpersonateThread
ZwOpenThreadTokenEx
ZwAdjustPrivilegesToken
ZwQueryVirtualMemory
wcstol
ZwQueryKey
ZwCreateEvent
RtlTimeToTimeFields
RtlComputeCrc32
LdrFindResource_U
LdrAccessResource
sprintf
RtlTimeToSecondsSince1970
RtlStringFromGUID
RtlNtStatusToDosError
RtlIpv4StringToAddressW
ZwEnumerateKey
RtlIpv4AddressToStringA
LdrGetProcedureAddress
ZwAllocateLocallyUniqueId
strtoul
RtlIpv4StringToAddressExA
strchr
ZwResumeThread
ZwLoadDriver
ZwCreateSymbolicLinkObject
ZwUnmapViewOfSection
ZwFlushVirtualMemory
RtlImageNtHeader
ZwMapViewOfSection
ZwCreateSection
ZwFsControlFile
ZwOpenFile
ZwSetValueKey
ZwCreateKey
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_wcsicmp
wcsrchr
swprintf
strlen
memcpy
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwClose
ZwOpenProcess
LdrFindEntryForAddress
RtlAdjustPrivilege
RtlTimeToSecondsSince1980
ZwSetInformationFile
memset
wcslen
ZwQueryDirectoryFile
ZwQueryVolumeInformationFile
ZwWriteFile
ZwCreateFile
strrchr
ZwQueryInformationFile
ZwReadFile
RtlIpv4StringToAddressA
ZwSetSecurityObject
ZwSuspendThread
ZwQueryInformationThread
ZwOpenThread
ZwDelayExecution
_stricmp
_allshr

kernel32

GetProcAddress
FreeLibrary
InterlockedExchange
RaiseException
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
BindIoCompletionCallback
Sleep
GetSystemDefaultLangID
GetVersion
ExitProcess
QueueUserWorkItem
DisableThreadLibraryCalls
GetCommandLineW
CreateThread
SwitchToThread
FreeLibraryAndExitThread
CopyFileW
GetModuleHandleW
LocalFree
LocalAlloc
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA

advapi32

MD5Update
MD5Final
MD5Init

ws2_32

setsockopt
WSASend
WSARecv
WSAIoctl
WSASendTo
closesocket
WSAGetLastError
WSASocketW
WSAStartup
bind
WSARecvFrom

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31ec5cd4a5ac0a22b280a5f9b0502c0c

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 688B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 688B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB