General

Malware Config

Signatures

Files

• 219594d5b634d5f95904376a1cbd8ecde93b8cdd6cfb785069e51e7eccc78baa

  .dll windows x86

  e64c32f3a37318b9e8abaea37baa966b

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  GetSecurityInfo

  IsValidSid

  BuildImpersonateTrusteeW

  RegCloseKey

  ProcessTrace

  GetTokenInformation

  LookupPrivilegeDisplayNameA

  GetEventLogInformation

  SystemFunction006

  WmiMofEnumerateResourcesW

  RegQueryValueExW

  SystemFunction012

  RegQueryValueExA

  SystemFunction016

  LsaQueryInfoTrustedDomain

  GetSecurityDescriptorOwner

  ObjectCloseAuditAlarmA

  LookupPrivilegeDisplayNameW

  SaferCreateLevel

  RegOpenKeyExA

  gdi32

  CreateSolidBrush

  SelectPalette

  StretchBlt

  SelectObject

  SetTextColor

  GetDeviceCaps

  ExtTextOutW

  DeleteObject

  BitBlt

  CreateCompatibleDC

  SetBkColor

  DeleteDC

  RealizePalette

  iphlpapi

  SendARP

  GetBestInterface

  DeleteIpNetEntry

  GetAdaptersInfo

  GetInterfaceInfo

  kernel32

  SetLocalPrimaryComputerNameW

  CallNamedPipeA

  CreateThread

  GetMailslotInfo

  GetSystemTimeAsFileTime

  lstrlenW

  BindIoCompletionCallback

  ExpandEnvironmentStringsA

  WaitForSingleObject

  LoadLibraryA

  PeekNamedPipe

  VirtualProtect

  FormatMessageA

  FreeLibrary

  GetVersion

  WriteFile

  GetWindowsDirectoryA

  GetCurrentThreadId

  LoadResource

  SetThreadPriority

  GetDriveTypeA

  GlobalGetAtomNameA

  lstrcmpA

  UnlockFile

  GetModuleHandleA

  FindResourceExW

  GetDriveTypeW

  GetProcAddress

  CreateDirectoryA

  GetCurrentProcessId

  GlobalUnlock

  GetCurrentProcess

  MulDiv

  LeaveCriticalSection

  DeleteCriticalSection

  WideCharToMultiByte

  IsWow64Process

  SetComputerNameW

  SetLastError

  AddRefActCtx

  LoadLibraryW

  SetNamedPipeHandleState

  InterlockedIncrement

  GetExitCodeProcess

  lstrlenA

  InterlockedDecrement

  CreateFileMappingA

  SetVolumeLabelW

  WaitNamedPipeA

  SizeofResource

  ReleaseActCtx

  CreateMailslotA

  InitializeCriticalSection

  GetComputerNameA

  CreateEventA

  MultiByteToWideChar

  GetLastError

  ReadFile

  GetTickCount

  SetUnhandledExceptionFilter

  EnterCriticalSection

  DeleteFileW

  GetOverlappedResult

  CreateFileA

  QueryPerformanceCounter

  GetNamedPipeHandleStateA

  GetTempPathA

  UnhandledExceptionFilter

  LocalAlloc

  CloseHandle

  TransactNamedPipe

  GetVersionExA

  lstrcpynW

  WritePrivateProfileStringA

  WaitForMultipleObjects

  SetComputerNameA

  SetEvent

  lstrcmpiA

  SetMailslotInfo

  LocalFree

  LoadLibraryExA

  SetThreadPriorityBoost

  LocalReAlloc

  Sleep

  ResetEvent

  GetNamedPipeInfo

  lstrcpyW

  SetFileAttributesA

  GetComputerNameW

  LockResource

  GlobalGetAtomNameW

  TerminateProcess

  CreateProcessA

  msvcrt

  wcslen

  isdigit

  wcscmp

  _strnicmp

  free

  wcscpy

  wcschr

  wcsncpy

  wcscat

  getenv

  strncpy

  toupper

  strchr

  memmove

  malloc

  _stricmp

  _vsnprintf

  _initterm

  _strupr

  netapi32

  NetapipBufferAllocate

  NetApiBufferFree

  Netbios

  NetWkstaUserGetInfo

  NetWkstaGetInfo

  ntdll

  RtlInitUnicodeString

  RtlUnicodeToOemN

  NlsMbOemCodePageTag

  RtlFreeHeap

  NtOpenThreadToken

  NtOpenProcessToken

  NtImpersonateAnonymousToken

  RtlCopyLuid

  RtlOemToUnicodeN

  NtClose

  RtlUnicodeStringToAnsiString

  RtlInitAnsiString

  RtlUnicodeToMultiByteN

  RtlNtStatusToDosError

  NtCreateFile

  RtlAnsiStringToUnicodeString

  NtSetInformationThread

  RtlAllocateHeap

  NtQueryInformationToken

  NtFsControlFile

  RtlxUnicodeStringToOemSize

  RtlUnicodeStringToOemString

  RtlFreeUnicodeString

  ole32

  CoTaskMemFree

  CoCreateInstance

  StringFromGUID2

  CLSIDFromString

  CoInitialize

  CoUninitialize

  polstore

  IPSecAssignPolicy

  IPSecClosePolicyStore

  IPSecCreateFilterData

  shell32

  SHChangeNotifySuspendResume

  SHGetPathFromIDListA

  SHCreateQueryCancelAutoPlayMoniker

  SHGetDesktopFolder

  SHBindToParent

  SHGetMalloc

  SHGetFolderPathAndSubDirW

  ShellExecuteExA

  DragAcceptFiles

  SHFileOperationA

  SHGetUnreadMailCountW

  FindExecutableW

  SHBrowseForFolderA

  SHAppBarMessage

  SHGetSpecialFolderLocation

  SHFormatDrive

  DragQueryFileA

  SHGetFolderPathA

  SHChangeNotify

  shlwapi

  StrCmpW

  StrToIntW

  StrCmpIW

  StrCpyNW

  StrChrW

  StrCpyW

  StrStrW

  tapi32

  lineOpenW

  lineGetCallInfoW

  lineClose

  lineInitializeExW

  lineGetNewCalls

  lineGetAddressCapsW

  lineShutdown

  lineNegotiateAPIVersion

  urlmon

  CreateURLMoniker

  user32

  ChangeClipboardChain

  SendMessageW

  CreateIconFromResourceEx

  InvalidateRect

  CopyRect

  MapVirtualKeyExA

  SetRect

  GetDC

  RegisterRawInputDevices

  IsWindowVisible

  SetForegroundWindow

  wvsprintfA

  GetMenuItemID

  GrayStringA

  GetSystemMetrics

  IsIconic

  TranslateMessage

  SetFocus

  DestroyIcon

  RemovePropA

  ReleaseDC

  SendNotifyMessageW

  RegisterDeviceNotificationW

  GetClientRect

  GetSysColor

  CallNextHookEx

  SetWindowPos

  MapWindowPoints

  EndPaint

  SendInput

  MessageBoxA

  GetTaskmanWindow

  GetQueueStatus

  IsWindow

  UnhookWindowsHookEx

  GetParent

  CreateWindowExA

  ShowWindow

  GetPropA

  BeginPaint

  FillRect

  ClientToScreen

  SetPropA

  SetCursor

  DispatchMessageA

  LoadStringA

  OffsetRect

  MsgWaitForMultipleObjects

  GetWindowRect

  LoadIconA

  EnableWindow

  wininet

  InternetSetOptionW

  InternetCloseHandle

  InternetOpenW

  Exports

  Exports

  sICEsYfI

  drukal

  eUQJMVA

  EHGGU

  kefNSAD

  WkIdRAfmr

  JUyUB

  NbuDTQMA

  FEDJsB

  Sections

  .text

  Size: 268KB - Virtual size: 268KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ