General

Malware Config

Signatures

Files

• 99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

  .dll windows x64

  1e757709ceb1787cc53882e57b128e4c

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  CreateToolhelp32Snapshot

  Process32Next

  UnmapViewOfFile

  DeleteFileW

  CreateFileMappingW

  MapViewOfFile

  FlushFileBuffers

  GetProcAddress

  GetSystemTime

  GlobalSize

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  Process32First

  RtlAddFunctionTable

  RtlDeleteFunctionTable

  GetComputerNameA

  GetVolumeInformationW

  CreateMutexW

  GetLastError

  OpenMutexW

  GetCurrentDirectoryA

  CreatePipe

  QueryFullProcessImageNameA

  WaitForSingleObject

  CreateProcessA

  CreateProcessW

  SetHandleInformation

  lstrcpyW

  GetModuleHandleW

  Sleep

  GlobalFree

  MultiByteToWideChar

  lstrlenW

  RtlZeroMemory

  VirtualFree

  GetFileSize

  ReadFile

  GetCurrentProcessId

  LocalFree

  CloseHandle

  lstrcmpA

  GetCurrentThreadId

  CreateFileW

  LocalAlloc

  OutputDebugStringA

  WriteFile

  lstrcpyA

  lstrlenA

  VirtualAlloc

  lstrcmpW

  user32

  GetSystemMetrics

  ReleaseDC

  GetDC

  wsprintfA

  wsprintfW

  gdi32

  CreateCompatibleDC

  DeleteObject

  SelectObject

  CreateCompatibleBitmap

  BitBlt

  advapi32

  RegQueryValueExW

  RegOpenKeyExA

  RegEnumKeyExA

  GetTokenInformation

  RegDeleteKeyW

  RegDeleteTreeW

  RegDeleteValueW

  RegEnumValueW

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  CryptReleaseContext

  RegCreateKeyExW

  RegCloseKey

  RegSetValueExW

  RegOpenKeyExW

  GetUserNameA

  GetSidSubAuthority

  GetSidSubAuthorityCount

  OpenProcessToken

  shell32

  SHGetSpecialFolderPathW

  ole32

  StringFromGUID2

  CreateStreamOnHGlobal

  GetHGlobalFromStream

  CoUninitialize

  CoInitialize

  ntdll

  LdrLoadDll

  NtWriteVirtualMemory

  NtResumeThread

  RtlImageDirectoryEntryToData

  NtTerminateThread

  LdrGetDllHandle

  LdrGetProcedureAddress

  NtGetContextThread

  NtFreeVirtualMemory

  ZwClose

  ZwMapViewOfSection

  ZwCreateSection

  ZwUnmapViewOfSection

  NtAllocateVirtualMemory

  ZwReadFile

  NtTerminateProcess

  NtClose

  RtlCreateUserThread

  NtSetContextThread

  crypt32

  CryptBinaryToStringA

  wininet

  InternetCloseHandle

  HttpQueryInfoA

  HttpOpenRequestA

  InternetCrackUrlA

  InternetSetOptionA

  HttpAddRequestHeadersA

  InternetReadFile

  InternetConnectA

  HttpSendRequestA

  InternetOpenA

  urlmon

  ObtainUserAgentString

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipSaveImageToStream

  GdipGetImageEncodersSize

  GdipCreateBitmapFromHBITMAP

  GdipGetImageEncoders

  GdipDisposeImage

  Sections

  .text

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 176B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1024B - Virtual size: 588B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ