General

Malware Config

Signatures

Files

• emotet_epoch4.dll

  .dll regsvr32 windows x86

  469516b9b57873e6d83de55890911a6d

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcessHeap

  RtlUnwind

  RaiseException

  ExitThread

  CreateThread

  HeapSize

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  HeapDestroy

  HeapCreate

  VirtualFree

  FatalAppExitA

  Sleep

  GetStdHandle

  GetTimeZoneInformation

  GetACP

  SetHandleCount

  GetFileType

  GetStartupInfoA

  GetCommandLineA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  SetConsoleCtrlHandler

  LCMapStringA

  LCMapStringW

  GetConsoleCP

  GetConsoleMode

  GetStringTypeA

  GetStringTypeW

  GetUserDefaultLCID

  EnumSystemLocalesA

  IsValidLocale

  IsValidCodePage

  GetLocaleInfoW

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  GetDateFormatA

  GetTimeFormatA

  GetDriveTypeA

  SetEnvironmentVariableA

  HeapReAlloc

  VirtualQuery

  GetSystemInfo

  VirtualAlloc

  VirtualProtect

  SetCurrentDirectoryA

  HeapAlloc

  HeapFree

  GetProfileIntA

  GetTickCount

  SetErrorMode

  GetCurrentDirectoryA

  SetFileAttributesA

  LocalFileTimeToFileTime

  CreateFileA

  GetShortPathNameA

  GetVolumeInformationA

  GetCurrentProcess

  DuplicateHandle

  GetFileSize

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  DeleteFileA

  MoveFileA

  GetOEMCP

  GetCPInfo

  InterlockedIncrement

  SystemTimeToFileTime

  GetThreadLocale

  GetAtomNameA

  GlobalFlags

  TlsFree

  DeleteCriticalSection

  LocalReAlloc

  TlsSetValue

  TlsAlloc

  InitializeCriticalSection

  GlobalHandle

  GlobalReAlloc

  EnterCriticalSection

  TlsGetValue

  LeaveCriticalSection

  LocalAlloc

  CreateEventA

  SuspendThread

  SetEvent

  WaitForSingleObject

  ResumeThread

  SetThreadPriority

  CloseHandle

  GetPrivateProfileStringA

  WritePrivateProfileStringA

  GetPrivateProfileIntA

  GetCurrentProcessId

  GetCurrentThread

  ConvertDefaultLocale

  GetModuleFileNameA

  EnumResourceLanguagesA

  GetLocaleInfoA

  lstrcmpA

  GetDiskFreeSpaceA

  GetFullPathNameA

  GetTempFileNameA

  GetFileTime

  SetFileTime

  GetFileAttributesA

  FreeResource

  GetCurrentThreadId

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  lstrcmpW

  GetVersionExA

  GlobalFree

  CopyFileA

  GlobalSize

  GlobalAlloc

  FormatMessageA

  LocalFree

  GlobalLock

  GlobalUnlock

  MulDiv

  FindFirstFileA

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  FindNextFileA

  FindClose

  FreeLibrary

  InterlockedDecrement

  GetModuleFileNameW

  LockResource

  SizeofResource

  LoadResource

  FindResourceA

  ExitProcess

  GetVersion

  CompareStringA

  GetModuleHandleA

  lstrcmpiW

  LoadLibraryA

  GetProcAddress

  lstrcmpiA

  SetLastError

  GetLastError

  InterlockedExchange

  GetStringTypeExA

  lstrlenW

  MultiByteToWideChar

  CompareStringW

  GetEnvironmentVariableA

  GetStringTypeExW

  WideCharToMultiByte

  lstrlenA

  GetEnvironmentVariableW

  FreeEnvironmentStringsA

  GetComputerNameA

  user32

  CopyAcceleratorTableA

  CreateMenu

  PostThreadMessageA

  GetTabbedTextExtentA

  IsClipboardFormatAvailable

  WaitMessage

  SendNotifyMessageA

  RegisterClipboardFormatA

  GetSysColorBrush

  UnregisterClassA

  LoadCursorA

  DestroyCursor

  SetCursorPos

  SetCapture

  RedrawWindow

  InflateRect

  UnpackDDElParam

  ReuseDDElParam

  LoadMenuA

  DestroyMenu

  ReleaseCapture

  LoadAcceleratorsA

  InsertMenuItemA

  CreatePopupMenu

  BringWindowToTop

  SetMenu

  TranslateAcceleratorA

  IsZoomed

  WindowFromPoint

  KillTimer

  SetTimer

  SetRect

  SetParent

  GetSystemMenu

  DeleteMenu

  SetRectEmpty

  IsRectEmpty

  GetDesktopWindow

  CreateDialogIndirectParamA

  GetNextDlgTabItem

  EndDialog

  GetMessageA

  TranslateMessage

  GetActiveWindow

  GetCursorPos

  ValidateRect

  GetWindowThreadProcessId

  ShowOwnedPopups

  SetCursor

  PostQuitMessage

  ScrollWindowEx

  IsWindowEnabled

  MoveWindow

  SetWindowTextA

  IsDialogMessageA

  IsDlgButtonChecked

  SetDlgItemTextA

  SetDlgItemInt

  GetDlgItemTextA

  GetDlgItemInt

  CheckRadioButton

  CheckDlgButton

  RegisterWindowMessageA

  LoadIconA

  SendDlgItemMessageA

  WinHelpA

  GetCapture

  SetWindowsHookExA

  CallNextHookEx

  WindowFromDC

  GetClassNameA

  SetPropA

  GetPropA

  RemovePropA

  SetFocus

  GetWindowTextLengthA

  GetWindowTextA

  GetLastActivePopup

  SetActiveWindow

  DispatchMessageA

  BeginDeferWindowPos

  EndDeferWindowPos

  GetDlgItem

  GetTopWindow

  DestroyWindow

  GetMessageTime

  GetMessagePos

  PeekMessageA

  MapWindowPoints

  ScrollWindow

  TrackPopupMenuEx

  TrackPopupMenu

  GetKeyState

  SetScrollRange

  GetScrollRange

  SetScrollPos

  GetScrollPos

  SetForegroundWindow

  ShowScrollBar

  IsWindowVisible

  GetMenu

  PostMessageA

  MessageBoxA

  CreateWindowExA

  GetClassInfoExA

  GetClassInfoA

  RegisterClassA

  EqualRect

  DeferWindowPos

  GetScrollInfo

  SetScrollInfo

  PtInRect

  SetWindowPlacement

  DefWindowProcA

  CallWindowProcA

  SetWindowPos

  OffsetRect

  IntersectRect

  SystemParametersInfoA

  GetWindowPlacement

  GetWindowRect

  GetSystemMetrics

  GetWindow

  GetMenuStringA

  AppendMenuA

  GetMenuItemID

  InsertMenuA

  GetMenuItemCount

  GetSubMenu

  RemoveMenu

  GetSysColor

  EndPaint

  BeginPaint

  GetWindowDC

  ClientToScreen

  ScreenToClient

  GrayStringA

  DrawTextExA

  DrawTextA

  TabbedTextOutA

  FillRect

  InSendMessage

  SetWindowRgn

  DrawIcon

  FindWindowA

  UnionRect

  LockWindowUpdate

  GetDCEx

  GetDialogBaseUnits

  DestroyIcon

  GetClassLongA

  GetMenuItemInfoA

  GetDlgCtrlID

  IsChild

  InvalidateRect

  IsIconic

  AdjustWindowRectEx

  MapVirtualKeyA

  GetKeyNameTextA

  ReleaseDC

  GetDC

  GetClientRect

  CopyRect

  IsWindow

  SetMenuItemBitmaps

  GetMenuCheckMarkDimensions

  GetFocus

  GetParent

  ModifyMenuA

  GetMenuState

  EnableMenuItem

  CheckMenuItem

  UnhookWindowsHookEx

  ShowWindow

  UpdateWindow

  LoadBitmapA

  CharUpperA

  SendMessageA

  CharLowerW

  SetWindowLongA

  CharLowerA

  GetWindowLongA

  CharUpperW

  EnableWindow

  GetForegroundWindow

  gdi32

  PolyBezierTo

  ExtSelectClipRgn

  DeleteDC

  CreateDIBPatternBrushPt

  CreatePatternBrush

  CreateCompatibleDC

  GetStockObject

  SelectPalette

  PlayMetaFileRecord

  GetObjectType

  EnumMetaFile

  PlayMetaFile

  GetDeviceCaps

  TextOutA

  CreatePen

  ExtCreatePen

  CreateSolidBrush

  CreateHatchBrush

  CopyMetaFileA

  CreateDCA

  GetDCOrgEx

  GetBkColor

  GetTextMetricsA

  GetTextExtentPoint32A

  GetCharWidthA

  CreateFontA

  StretchDIBits

  CreateCompatibleBitmap

  GetViewportOrgEx

  DPtoLP

  Rectangle

  PolylineTo

  EndPage

  SetAbortProc

  AbortDoc

  EndDoc

  CreateFontIndirectA

  SetRectRgn

  CombineRgn

  GetMapMode

  CreateEllipticRgn

  LPtoDP

  Ellipse

  GetNearestColor

  GetBkMode

  GetPolyFillMode

  GetROP2

  GetStretchBltMode

  GetTextColor

  GetTextAlign

  GetTextFaceA

  GetWindowOrgEx

  CreateMetaFileA

  CloseMetaFile

  DeleteMetaFile

  RectVisible

  PtVisible

  StartDocA

  GetPixel

  BitBlt

  GetWindowExtEx

  GetViewportExtEx

  PolyDraw

  ArcTo

  GetCurrentPositionEx

  ScaleWindowExtEx

  SetWindowExtEx

  OffsetWindowOrgEx

  SetWindowOrgEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  SelectObject

  Escape

  StartPage

  CreateBitmap

  GetObjectA

  SelectClipPath

  CreateRectRgn

  GetClipRgn

  SelectClipRgn

  DeleteObject

  SetColorAdjustment

  SetArcDirection

  SetMapperFlags

  SetTextCharacterExtra

  SetTextJustification

  SetTextAlign

  MoveToEx

  LineTo

  OffsetClipRgn

  IntersectClipRect

  ExcludeClipRect

  GetClipBox

  SetMapMode

  ModifyWorldTransform

  SetWorldTransform

  SetGraphicsMode

  SetTextColor

  SetStretchBltMode

  SetROP2

  SetPolyFillMode

  SetBkMode

  SetBkColor

  RestoreDC

  SaveDC

  PatBlt

  CreateRectRgnIndirect

  ExtTextOutA

  comdlg32

  GetFileTitleA

  winspool.drv

  ClosePrinter

  DocumentPropertiesA

  OpenPrinterA

  GetJobA

  advapi32

  RegDeleteValueA

  RegSetValueExA

  RegCreateKeyExA

  RegQueryValueA

  RegEnumKeyA

  RegDeleteKeyA

  RegOpenKeyExA

  RegQueryValueExA

  GetFileSecurityA

  SetFileSecurityA

  RegOpenKeyA

  RegSetValueA

  RegCloseKey

  RegCreateKeyA

  shell32

  DragQueryFileA

  SHGetFileInfoA

  ExtractIconA

  DragFinish

  shlwapi

  PathRemoveExtensionA

  PathFindFileNameA

  PathStripToRootA

  PathFindExtensionA

  PathIsUNCA

  ole32

  OleGetIconOfClass

  CreateItemMoniker

  CreateGenericComposite

  OleIsRunning

  GetRunningObjectTable

  CoLockObjectExternal

  OleRun

  CreateFileMoniker

  CoGetMalloc

  StgCreateDocfile

  StgOpenStorage

  StgIsStorageFile

  CreateOleAdviseHolder

  CreateDataAdviseHolder

  OleGetClipboard

  OleSetClipboard

  OleIsCurrentClipboard

  OleFlushClipboard

  OleSetMenuDescriptor

  OleQueryCreateFromData

  OleQueryLinkFromData

  DoDragDrop

  OleUninitialize

  CoFreeUnusedLibraries

  OleInitialize

  CoGetClassObject

  CoRegisterClassObject

  CoRevokeClassObject

  CoRegisterMessageFilter

  CLSIDFromProgID

  OleCreateLinkToFile

  OleCreateLinkFromData

  OleCreateFromData

  OleLockRunning

  CreateStreamOnHGlobal

  OleSaveToStream

  WriteClassStm

  OleSave

  CreateILockBytesOnHGlobal

  StgCreateDocfileOnILockBytes

  OleDestroyMenuDescriptor

  OleCreateMenuDescriptor

  IsAccelerator

  OleTranslateAccelerator

  OleRegGetMiscStatus

  OleRegEnumVerbs

  CoDisconnectObject

  CLSIDFromString

  StringFromGUID2

  CoCreateInstance

  OleDuplicateData

  CoTaskMemAlloc

  ReleaseStgMedium

  CreateBindCtx

  CoTreatAsClass

  StringFromCLSID

  ReadClassStg

  ReadFmtUserTypeStg

  OleRegGetUserType

  WriteClassStg

  WriteFmtUserTypeStg

  SetConvertStg

  CoTaskMemFree

  OleCreateFromFile

  OleSetContainedObject

  GetHGlobalFromILockBytes

  StgOpenStorageOnILockBytes

  OleLoad

  OleCreateStaticFromData

  OleCreate

  oleaut32

  LoadTypeLi

  SysAllocString

  VarBstrFromDate

  VarCyFromStr

  VarDecFromStr

  VarBstrFromDec

  VarBstrFromCy

  VarDateFromStr

  SysReAllocStringLen

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SafeArrayDestroyDescriptor

  SafeArrayDestroyData

  SafeArrayDestroy

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayPutElement

  SafeArrayPtrOfIndex

  SafeArrayGetElement

  SafeArrayCopy

  SafeArrayAllocDescriptor

  SafeArrayAllocData

  VariantCopy

  SafeArrayRedim

  SafeArrayCreate

  SafeArrayGetDim

  SafeArrayGetElemsize

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayAccessData

  SafeArrayUnaccessData

  SysAllocStringLen

  VariantInit

  VariantChangeType

  VariantClear

  SysStringByteLen

  SysAllocStringByteLen

  SysFreeString

  SysStringLen

  oledlg

  ord8

  Exports

  Exports

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 612KB - Virtual size: 609KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 140KB - Virtual size: 136KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 176KB - Virtual size: 174KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 68KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ