ee3e3596c4ff85b83f8e5d6ff3b3bc7d2a174787770092392a8e0ba0e7d87907

Sharing

Copy URL Twitter E-mail

General

Target

ee3e3596c4ff85b83f8e5d6ff3b3bc7d2a174787770092392a8e0ba0e7d87907
Size

32KB
MD5

34b768af08830f7da1a0783e8eb5e0a1
SHA1

f30143eb34c6a401afebc9d04fc63b98121bf567
SHA256

ee3e3596c4ff85b83f8e5d6ff3b3bc7d2a174787770092392a8e0ba0e7d87907
SHA512

2e19e47b496e9df1ad3c7cb0a9601f82deec64f6d7ecdc848786a4ace918551f6f89174cb474794dc480da80f950c24373bfdbb545b36cc363cecd843a47b116
SSDEEP

384:o7ILWRvAO+7lDa6n5m0QOTpwO1jymi6/EIVuMe5JOXSY4zV:osLFOgVN5VfwEi6JZkJgU

Score

N/A

Malware Config

Signatures

Files

ee3e3596c4ff85b83f8e5d6ff3b3bc7d2a174787770092392a8e0ba0e7d87907
.dll windows x86

3ee4dfe3dd4a58721816f32a60a752e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwMapViewOfSection
ZwCreateSection
memcpy
RtlNtStatusToDosError
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
memset
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwUnmapViewOfSection
RtlInitUnicodeString
ZwCreateEvent
wcschr
LdrGetProcedureAddress
swprintf
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwClose
ZwQueryVolumeInformationFile
ZwOpenFile
RtlTimeToSecondsSince1980
qsort
ZwQueryEaFile
RtlExitUserThread
ZwQueryDirectoryFile
wcstoul
ZwDeleteFile
ZwCreateFile
ZwWriteFile
ZwSetEaFile
RtlComputeCrc32
ZwReadFile
RtlAddressInSectionTable
wcscpy
ZwQueueApcThread
ZwSetInformationFile
RtlUnwind
NtQueryVirtualMemory

kernel32

FreeLibrary
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
LocalFree
LocalAlloc
Sleep
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserAPC
DisableThreadLibraryCalls
CreateThread
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
VirtualAlloc
VirtualFree

advapi32

CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureW
CryptSetHashParam
CryptCreateHash
CryptReleaseContext
MD5Init
CryptGenRandom
CryptImportKey
CryptAcquireContextW
MD5Final
MD5Update

mswsock

AcceptEx

ws2_32

setsockopt
WSASend
WSARecv
WSAIoctl
listen
WSASendTo
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
bind
WSARecvFrom

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ee4dfe3dd4a58721816f32a60a752e8

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

mswsock

ws2_32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB