General

Malware Config

Signatures

Files

• 19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

  .dll windows x86

  c79d6e739deafe01017851b6a29e283c

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  VirtualProtectEx

  CloseHandle

  LoadLibraryA

  Sleep

  GetCurrentThreadId

  WaitForSingleObject

  RaiseException

  DecodePointer

  EncodePointer

  ReadConsoleW

  ReadFile

  SetEndOfFile

  SetFilePointerEx

  SetStdHandle

  CreateFileW

  CreateThread

  WaitForSingleObjectEx

  WriteConsoleW

  OutputDebugStringW

  OutputDebugStringA

  HeapQueryInformation

  HeapSize

  HeapReAlloc

  HeapFree

  GetCommandLineW

  GetCommandLineA

  GetProcessHeap

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  GetTimeZoneInformation

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  GetModuleHandleW

  GetLastError

  GetModuleFileNameW

  InterlockedFlushSList

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  LoadLibraryExW

  RtlUnwind

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  ExitProcess

  GetModuleHandleExW

  MultiByteToWideChar

  WideCharToMultiByte

  HeapAlloc

  HeapValidate

  GetSystemInfo

  GetModuleFileNameA

  GetStringTypeW

  GetACP

  GetStdHandle

  GetFileType

  FlushFileBuffers

  WriteFile

  GetConsoleCP

  GetConsoleMode

  CompareStringW

  LCMapStringW

  GetEnvironmentVariableA

  advapi32

  SystemFunction036

  CreateServiceA

  SetSecurityDescriptorDacl

  SetEntriesInAclA

  AdjustTokenPrivileges

  RegEnumKeyA

  RegCloseKey

  StartServiceCtrlDispatcherA

  CloseServiceHandle

  GetTokenInformation

  RegOpenKeyExA

  InitializeSecurityDescriptor

  FreeSid

  OpenProcessToken

  RegSetValueExA

  ControlService

  DeleteService

  RegisterServiceCtrlHandlerA

  SetServiceStatus

  LookupPrivilegeValueA

  AllocateAndInitializeSid

  RegQueryValueExA

  mscms

  CreateDeviceLinkProfile

  GetColorProfileFromHandle

  GetColorProfileElementTag

  GetCountColorProfileElements

  GetColorProfileHeader

  SelectCMM

  GetPS2ColorRenderingDictionary

  GetPS2ColorSpaceArray

  EnumColorProfilesA

  InstallColorProfileA

  CloseColorProfile

  ConvertColorNameToIndex

  IsColorProfileValid

  GetNamedProfileInfo

  DeleteColorTransform

  DisassociateColorProfileFromDeviceA

  GetStandardColorSpaceProfileA

  CreateColorTransformA

  RegisterCMMA

  CreateProfileFromLogColorSpaceA

  IsColorProfileTagPresent

  SetColorProfileElement

  GetPS2ColorRenderingIntent

  OpenColorProfileA

  GetColorProfileElement

  ConvertIndexToColorName

  GetColorDirectoryA

  GetCMMInfo

  CreateMultiProfileTransform

  Sections

  .text

  Size: 361KB - Virtual size: 360KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 201KB - Virtual size: 200KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 56KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 216B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ