44be64a058e9b57fa7a1e93f9a8fbae5d4e9a4219fc19a6817cfbc590881275a

Sharing

Copy URL Twitter E-mail

General

Target

44be64a058e9b57fa7a1e93f9a8fbae5d4e9a4219fc19a6817cfbc590881275a
Size

45KB
MD5

78ab96ce06f95bc79ed20bfd2fd4a8e0
SHA1

cb4a1f0ba4ba4c436d3577f2d581d50464b1fe92
SHA256

44be64a058e9b57fa7a1e93f9a8fbae5d4e9a4219fc19a6817cfbc590881275a
SHA512

9ca135f6c80ba8de2ceb496f55f733b6fadf8424bbeaa208917af8308f28d95fcf7463bdd334c568e1ac90d9eb35062a94b0243269d88be6c436c9964b7913be
SSDEEP

768:8NjviUWGWx1jIqcWJA/JmW3wE6iV83OLSP0XHva8qqKVF7M6MbADIO2Q5FH8i:CbZo6wjOgyqnEJQb8i

Score

N/A

Malware Config

Signatures

Files

44be64a058e9b57fa7a1e93f9a8fbae5d4e9a4219fc19a6817cfbc590881275a
.dll windows x64

fb12b7a49e78d90535c07b551f762ee8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwMakeTemporaryObject
LdrLoadDll
ZwCreateSymbolicLinkObject
RtlAddressInSectionTable
ZwDeviceIoControlFile
RtlNtStatusToDosError
RtlRandom
ZwReadFile
ZwQueryInformationFile
RtlSecondsSince1970ToTime
ZwWriteFile
RtlInitUnicodeString
swprintf
ZwSetInformationFile
ZwCreateFile
strlen
memset
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
RtlTimeToSecondsSince1970
RtlUnicodeStringToInteger
RtlTimeToTimeFields
ZwQueryDirectoryFile
ZwOpenFile
qsort
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwAlertThread
ZwWaitForSingleObject
RtlComputeCrc32
ZwAllocateLocallyUniqueId
ZwDelayExecution
ZwCreateEvent
ZwAdjustPrivilegesToken
ZwOpenProcessToken
ZwSetValueKey
memcmp
wcsstr
RtlIpv4StringToAddressA
RtlIpv4AddressToStringA
ZwClose
ZwEnumerateKey
ZwOpenKey
RtlIpv4StringToAddressW
ZwQueryValueKey
memcpy
RtlExitUserThread
ZwDeleteFile
LdrUnloadDll
__chkstk
__C_specific_handler

kernel32

DeleteTimerQueueTimer
GetLastError
BindIoCompletionCallback
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
CreateThread
LoadLibraryA
VirtualAlloc
VirtualFree
SwitchToThread
GetTickCount
LoadLibraryW
GetProcAddress
CreateTimerQueueTimer
LocalFree
LocalAlloc

advapi32

ControlService
MD5Update
MD5Final
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureW
CryptDestroyHash
CryptReleaseContext
MD5Init

ws2_32

WSAStartup
WSACleanup
WSASocketW
WSAGetLastError
closesocket
bind
listen
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

Exports

Exports

ConServerDllInitialization

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb12b7a49e78d90535c07b551f762ee8

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 1008B

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 258B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 258B