General

Malware Config

Signatures

Files

• mem.dll

  .dll windows x86

  f6b9da75db5d2c401c5f7c4963f36b23

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  ZwQueryInformationProcess

  RtlNtStatusToDosError

  ZwClose

  NtQueryVirtualMemory

  RtlUnwind

  NtUnmapViewOfSection

  memcpy

  memset

  shlwapi

  StrChrA

  StrRChrA

  PathCombineW

  psapi

  GetModuleFileNameExA

  EnumProcessModules

  kernel32

  VirtualAlloc

  MapViewOfFile

  CreateFileA

  LoadLibraryA

  FreeLibrary

  lstrcmpA

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  VirtualProtect

  CreateFileW

  GetModuleFileNameA

  lstrlenA

  lstrcatA

  LocalAlloc

  LocalReAlloc

  LocalFree

  CloseHandle

  CreateEventA

  OpenEventA

  GetModuleHandleA

  CreateProcessW

  GetComputerNameW

  SwitchToThread

  GetLastError

  ResumeThread

  Sleep

  GetModuleHandleW

  GetVersion

  GetCurrentProcessId

  GetProcAddress

  lstrcpyA

  VirtualFree

  VirtualAllocEx

  OpenProcess

  GetCurrentProcess

  CreateRemoteThread

  ReadProcessMemory

  WriteProcessMemory

  WaitForSingleObject

  GetFileSize

  ReadFile

  SetFilePointer

  lstrcmpiA

  CreateFileMappingW

  user32

  wsprintfA

  shell32

  ShellExecuteA

  SHGetFolderPathW

  Sections

  .text

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 509KB - Virtual size: 509KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ