1877096434311ec8948e14aa53fbbc851a62182ecfea90ad01767f96175f082e

Sharing

Copy URL Twitter E-mail

General

Target

1877096434311ec8948e14aa53fbbc851a62182ecfea90ad01767f96175f082e
Size

44KB
MD5

5592cb49e1b44c37544d3322099944e0
SHA1

5be5031536f022e5a9d532b19747152b3ac7f5d8
SHA256

1877096434311ec8948e14aa53fbbc851a62182ecfea90ad01767f96175f082e
SHA512

bb50e41850557ad22bb4778eca40619c1397e4dd5590601c2e8000e437787bd8685a65f3ba00e10efb763bc80f072f25ba1a642449e52d0ff6eec4988f01e56b
SSDEEP

384:DaIRRsFhAZTbz5U9WUJh4uQOa51BDe81OLkc8VCTH:DvsFhaBU4U31O9Dex4c8ET

Score

N/A

Malware Config

Signatures

Files

1877096434311ec8948e14aa53fbbc851a62182ecfea90ad01767f96175f082e
.dll windows x86

11fd72d6e9e428226f337b0500b403ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcscpy
RtlPushFrame
RtlPopFrame
RtlAddressInSectionTable
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwSetInformationFile
ZwQueryInformationFile
RtlInsertElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlComputeCrc32
RtlUnwind
NtQueryVirtualMemory
ZwSetEaFile
ZwCreateFile
ZwDeleteFile
wcstoul
ZwQueryDirectoryFile
ZwQueryEaFile
qsort
RtlTimeToSecondsSince1980
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
RtlNtStatusToDosError
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
memset
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
strcmp
_stricmp
ZwCreateEvent
ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenEvent
ZwWriteFile
ZwReadFile
wcsrchr
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
memcpy
ZwQueryVolumeInformationFile
ZwOpenFile
RtlExpandEnvironmentStrings_U
RtlFreeUnicodeString
ZwClose
ZwQueryValueKey
ZwOpenKey
swprintf
RtlFormatCurrentUserKeyPath
wcslen
RtlPrefixUnicodeString
RtlGetCurrentPeb
RtlExitUserThread
ZwProtectVirtualMemory
LdrGetProcedureAddress
RtlInitAnsiString
LdrLoadDll
RtlInitUnicodeString
RtlAddVectoredExceptionHandler
RtlInitializeGenericTableAvl
RtlGetFrame

kernel32

CreateThread
DeleteCriticalSection
LocalAlloc
InitializeCriticalSection
SleepEx
Sleep
FreeLibrary
VirtualFree
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
VirtualAlloc
GetVersion
LoadLibraryW
QueueUserWorkItem
GetModuleHandleW
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
DeleteTimerQueueTimer
CreateTimerQueueTimer
LocalFree

advapi32

MD5Final
MD5Update
CryptAcquireContextW
CryptImportKey
CryptGenRandom
CryptDestroyKey
CryptReleaseContext
CryptCreateHash
CryptSetHashParam
CryptVerifySignatureW
CryptDestroyHash
MD5Init

mswsock

AcceptEx

ws2_32

WSAStartup
WSACleanup
WSASocketW
WSAGetLastError
closesocket
bind
listen
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11fd72d6e9e428226f337b0500b403ff

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

mswsock

ws2_32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB