ServiceMain
__dbk_fcall_wrapper
dbkFCallWrapperAddr
f0
f1
f2
f3
f4
f5
f6
f7
f8
f9
t1
Behavioral task
behavioral1
Sample
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d.dll
Resource
win10v2004-20220414-en
Target
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d
Size
671KB
MD5
109e2f5c7ce023d6b0eb6b4f049eb547
SHA1
a7a9f41567bff15b0622930da7cbe5d33fb8f2d8
SHA256
b0ea572735d5ed53cab38cbb61682355fcc951df7e411a532f56f236a3ad5f3d
SHA512
13cb3ed3a6648857e6a1320021e45be33bbdd3119ab6bde1a53d93791ffa8c357f98614f74f4f365144b956d625b828c0aaff7fc9c8fdbb4d2d088aeeca69f52
SSDEEP
12288:92FwyHl26LGEkIjRpnmW5rDhhUncBrN2lp1O/Ek2h4JqJ11/9f//L2o:gFfl2Q2lp1OMLh4Je11/9f//L2o
danabot
224.233.78.25
56.240.227.37
96.59.105.177
253.78.52.99
149.154.159.213
89.217.209.119
195.123.220.45
177.223.102.4
6.164.247.12
250.48.199.39
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupAccountSidW
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetCurrentHwProfileW
FreeSid
EqualSid
AllocateAndInitializeSid
AddAccessAllowedAce
CreateWellKnownSid
CryptVerifySignatureW
CryptDecrypt
CryptImportKey
CryptEncrypt
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CharNextW
LoadStringW
CreateWindowExW
UpdateWindow
TranslateMessage
ShowWindow
SendMessageA
RegisterClassW
MessageBoxW
LoadStringW
LoadIconW
LoadCursorW
IsWindowVisible
GetWindowThreadProcessId
GetSystemMetrics
GetWindow
GetMessageW
FindWindowA
FindWindowW
DispatchMessageW
DefWindowProcW
CharUpperBuffW
CharUpperW
CharLowerBuffW
Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
SwitchToThread
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TerminateThread
TerminateProcess
SetLastError
SetFileAttributesW
SetEvent
ResetEvent
ReadProcessMemory
ReadFile
QueryPerformanceCounter
OpenProcess
MultiByteToWideChar
LocalFree
LocalAlloc
LoadLibraryA
LoadLibraryW
IsValidLocale
IsBadReadPtr
HeapFree
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetTickCount
GetThreadLocale
GetSystemDirectoryW
GetStdHandle
GetShortPathNameW
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileSizeEx
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineW
GetCPInfo
FreeLibrary
FormatMessageW
FindFirstFileW
EnumSystemLocalesW
EnumCalendarInfoW
DeleteFileW
CreateThread
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep
GetStockObject
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
WSASend
WSAIoctl
WSAEventSelect
WSAStartup
socket
shutdown
send
recv
inet_addr
htons
ioctlsocket
connect
closesocket
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
InternetSetOptionW
InternetOpenW
NetApiBufferFree
NetWkstaGetInfo
URLDownloadToFileW
CoCreateInstance
CoInitialize
RtlAllocateHeap
ServiceMain
__dbk_fcall_wrapper
dbkFCallWrapperAddr
f0
f1
f2
f3
f4
f5
f6
f7
f8
f9
t1
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ