dd0f0d5c8e39bdcb3904c12feee20e7a756285e1bb9b443cf6794369cb13156b

Sharing

Copy URL Twitter E-mail

General

Target

dd0f0d5c8e39bdcb3904c12feee20e7a756285e1bb9b443cf6794369cb13156b
Size

36KB
MD5

af523af544965b275007fc2344af1beb
SHA1

82084580a4a04577468647472d01bdfcfb50cfef
SHA256

dd0f0d5c8e39bdcb3904c12feee20e7a756285e1bb9b443cf6794369cb13156b
SHA512

cb4cb688a671d517bf8e5e21609d7ec6dbde4a08c8177f30f5c07819ccb00cc654c7acb092740b4772bf81b4dce2fe44642c02a36856b59c96d4a00ccf178754
SSDEEP

768:HBCLejn23ooO60vqfDzu2xGHNBvrkP6fPnUqsArr5nU9FA:HsLej23TO60yftxGtBjkP6nnU5Ar5

Score

N/A

Malware Config

Signatures

Files

dd0f0d5c8e39bdcb3904c12feee20e7a756285e1bb9b443cf6794369cb13156b
.dll windows x86

a0c5812388af9a9c9f8f914de18cbcae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwSetValueKey
RtlTimeToSecondsSince1970
RtlNtStatusToDosError
RtlHashUnicodeString
ZwGetContextThread
ZwWriteVirtualMemory
ZwSetContextThread
ZwResumeThread
RtlDeleteElementGenericTableAvl
ZwProtectVirtualMemory
strcmp
RtlImageDirectoryEntryToData
_stricmp
LdrGetDllHandle
RtlInsertElementGenericTableAvl
ZwTestAlert
NtWriteFile
ZwSetInformationFile
ZwCreateKey
wcsrchr
RtlEqualUnicodeString
RtlEqualString
LdrGetProcedureAddress
ZwSetEvent
RtlImageNtHeader
RtlIpv4AddressToStringExA
memmove
ZwWaitForSingleObject
ZwReplyWaitReceivePortEx
ZwCreatePort
ZwQueryInformationProcess
RtlGetCurrentPeb
ZwRequestWaitReplyPort
memset
strtoul
memcmp
LdrFindEntryForAddress
memcpy
strchr
ZwQueryKey
RtlFormatCurrentUserKeyPath
ZwQueryDirectoryFile
wcslen
strstr
RtlComputeCrc32
RtlInitUnicodeString
swprintf
ZwQueryValueKey
ZwOpenKey
wcscmp
RtlGetFrame
RtlLookupElementGenericTableAvl
_wcsicmp
RtlInitializeGenericTableAvl
ZwReadFile
ZwOpenFile
RtlFreeUnicodeString
sprintf
RtlUnwind
_alldiv
RtlStringFromGUID
ZwWriteFile
ZwDeleteFile
ZwRequestPort
ZwClose
ZwQueryInformationFile
ZwCreateFile
RtlPushFrame
ZwQuerySystemInformation
strlen
NtQueryVirtualMemory

kernel32

InitializeCriticalSection
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateThread
ExitThread
CreateRemoteThread
GetLastError
BindIoCompletionCallback
WideCharToMultiByte
GetSystemTimeAsFileTime
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
DisableThreadLibraryCalls
GetTickCount
VirtualProtect
LoadLibraryExW

ws2_32

WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
shutdown
gethostbyname

advapi32

MD5Init
MD5Final
MD5Update

ole32

CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
LoadTypeLibEx
SysAllocStringLen
SysFreeString
VariantClear

rpcrt4

UuidCreateSequential

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0c5812388af9a9c9f8f914de18cbcae

Headers

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

ole32

oleaut32

rpcrt4

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB