General

Malware Config

Signatures

Files

• 03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012

  .dll windows x64

  334aaafc61c117c1ed56745f0a48ebd9

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  CreateFileMappingW

  MapViewOfFile

  FlushFileBuffers

  GetProcAddress

  GetSystemTime

  GlobalSize

  GlobalLock

  GlobalUnlock

  lstrcmpW

  CreatePipe

  RtlAddFunctionTable

  DeleteFileW

  RtlDeleteFunctionTable

  GetLastError

  GetComputerNameW

  GetVolumeInformationW

  CreateMutexW

  OpenMutexW

  UnmapViewOfFile

  Process32Next

  SetHandleInformation

  lstrcpyW

  GetModuleHandleW

  Sleep

  QueryFullProcessImageNameA

  CreateToolhelp32Snapshot

  Process32First

  WaitForSingleObject

  CreateProcessW

  lstrlenW

  MultiByteToWideChar

  VirtualFree

  RtlZeroMemory

  GetFileSize

  ReadFile

  CloseHandle

  CreateFileW

  OutputDebugStringA

  WriteFile

  lstrcpyA

  lstrlenA

  VirtualAlloc

  user32

  wsprintfW

  GetSystemMetrics

  ReleaseDC

  GetDC

  OemToCharBuffA

  gdi32

  CreateCompatibleDC

  DeleteObject

  SelectObject

  CreateCompatibleBitmap

  BitBlt

  advapi32

  RegQueryValueExW

  RegEnumKeyExA

  GetTokenInformation

  RegQueryValueExA

  RegDeleteKeyW

  RegDeleteTreeW

  RegDeleteValueW

  RegEnumValueW

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  CryptReleaseContext

  RegCreateKeyExW

  RegEnumKeyExW

  RegCloseKey

  RegSetValueExW

  RegSetValueExA

  RegOpenKeyExW

  RegDeleteValueA

  RegOpenKeyExA

  OpenProcessToken

  GetSidSubAuthority

  GetSidSubAuthorityCount

  LookupAccountSidW

  shell32

  SHGetFolderPathW

  SHGetSpecialFolderPathW

  ole32

  StringFromGUID2

  CreateStreamOnHGlobal

  GetHGlobalFromStream

  CoUninitialize

  CoInitialize

  ntdll

  NtSetContextThread

  NtWriteVirtualMemory

  NtResumeThread

  RtlImageDirectoryEntryToData

  NtTerminateThread

  NtGetContextThread

  NtFreeVirtualMemory

  ZwClose

  ZwMapViewOfSection

  ZwCreateSection

  ZwUnmapViewOfSection

  ZwReadFile

  NtTerminateProcess

  NtClose

  RtlCreateUserThread

  LdrLoadDll

  LdrGetDllHandle

  LdrGetProcedureAddress

  NtAllocateVirtualMemory

  wininet

  InternetCloseHandle

  HttpOpenRequestA

  InternetCrackUrlA

  InternetSetOptionA

  HttpAddRequestHeadersA

  InternetReadFile

  InternetConnectA

  HttpSendRequestA

  InternetOpenA

  HttpQueryInfoA

  urlmon

  ObtainUserAgentString

  gdiplus

  GdiplusStartup

  GdipSaveImageToStream

  GdipGetImageEncodersSize

  GdipDisposeImage

  GdipGetImageEncoders

  GdipCreateBitmapFromHBITMAP

  GdiplusShutdown

  Sections

  .text

  Size: 29KB - Virtual size: 29KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 176B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1024B - Virtual size: 732B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ