General

Malware Config

Signatures

Files

• sample.zip

  .zip

  Password: infected

• nerol3.dll

  .dll windows x64

  Password: infected

  4bb28c546bbb522d27d1dea91bc98797

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  uxtheme

  GetThemeBitmap

  GetThemeTextMetrics

  DrawThemeTextEx

  EnableTheming

  SetThemeAppProperties

  GetThemeSysBool

  GetThemeBool

  HitTestThemeBackground

  BufferedPaintClear

  rasapi32

  RasSetCredentialsW

  RasGetEntryPropertiesW

  RasGetEntryPropertiesA

  RasSetEntryDialParamsW

  RasSetEntryDialParamsA

  RasHangUpA

  RasSetAutodialParamA

  Exports

  Exports

  AIbiK6eNQMI

  E6qZ9H8

  EIb3u6

  LCY0JWOkQ

  PluginInit

  PqcZwQT

  SLxwd046MP

  TalBe3Ao

  UZ5qSiZDS

  YnbZXgetS34

  aflgBRhSKpq

  bXxLjYhUpHH

  jIq2bPgf

  oTSwTtd8C

  piD3XV9l9nV

  xbr1Caglbpp

  yEWJB77Wyc

  yMVdWcp2

  Sections

  .text

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 540KB - Virtual size: 539KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE