51db3dda5d356df6d178670a831482ad19264b6e0969c9e9c260e622591d0fd4

Sharing

Copy URL Twitter E-mail

General

Target

51db3dda5d356df6d178670a831482ad19264b6e0969c9e9c260e622591d0fd4
Size

52KB
MD5

d477c9b0e23df670a42bd9fc366652c0
SHA1

9b46f1740cb599760aebddaa960848b6d851d7f7
SHA256

51db3dda5d356df6d178670a831482ad19264b6e0969c9e9c260e622591d0fd4
SHA512

29b7fa0a3c98a66d98ac091e1fee2fc1fd221f00558313e4922cdb89865d98121884728bbec739fd0b88917a254555036be132f819e475635ab0f7cbf9e751f5
SSDEEP

384:2Hic3MQ4d2nI+fEvbbulMSxblmZ11lxM03qIk1+o+3F6kBvDuq949p9X92b4bqe/:2HiccQpCvuyLxM03qIk11/UDw/X

Score

N/A

Malware Config

Signatures

Files

51db3dda5d356df6d178670a831482ad19264b6e0969c9e9c260e622591d0fd4
.dll windows x64

a5d4290c3025fd88b44944caf77ef3a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwQueryEaFile
ZwOpenFile
RtlDosPathNameToNtPathName_U
ZwAlertThread
ZwQueryInformationToken
RtlNtStatusToDosError
ZwOpenProcessToken
ZwDelayExecution
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
wcscat
RtlIpv4StringToAddressA
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
RtlFreeUnicodeString
memcpy
memset
LdrFindResource_U
LdrAccessResource
ZwClose
ZwSetEaFile
RtlTimeToSecondsSince1980
RtlRandomEx
RtlExitUserThread
RtlComputeCrc32

kernel32

BindIoCompletionCallback
IsDebuggerPresent
CreateThread
GetLastError
CreateTimerQueueTimer
DeleteTimerQueueTimer
Sleep
LoadLibraryW
FreeLibrary
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetTickCount
VirtualFree
GetVersion

ws2_32

WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
WSASocketW
closesocket
WSAStartup
WSACleanup
WSAGetLastError

advapi32

OpenSCManagerW
OpenServiceW
ControlService
ChangeServiceConfigW
DeleteService
CloseServiceHandle
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5d4290c3025fd88b44944caf77ef3a6

Headers

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 376B

.pdata Size: 1024B - Virtual size: 648B

.rsrc Size: 512B - Virtual size: 224B

.reloc Size: 512B - Virtual size: 114B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 376B

.pdata
Size: 1024B - Virtual size: 648B

.rsrc
Size: 512B - Virtual size: 224B

.reloc
Size: 512B - Virtual size: 114B