General

Malware Config

Signatures

Files

• 305f2634325220221d799665a2386f67236f6602158b0ff4957b6a8c5a90f4bd

  .dll windows x86

  3c95b2d730ddee88d3f32d275de0dfcb

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  _snprintf

  NtCreateSection

  NtMapViewOfSection

  NtUnmapViewOfSection

  ZwClose

  ZwQueryInformationToken

  ZwOpenProcessToken

  ZwOpenProcess

  strcpy

  RtlNtStatusToDosError

  NtQuerySystemInformation

  ZwQueryInformationProcess

  mbstowcs

  _wcsupr

  _strupr

  memmove

  memset

  wcscpy

  ZwQueryKey

  RtlFreeUnicodeString

  RtlUpcaseUnicodeString

  wcstombs

  memcpy

  RtlImageNtHeader

  RtlAdjustPrivilege

  sprintf

  _aulldiv

  _allmul

  _chkstk

  RtlUnwind

  NtQueryVirtualMemory

  kernel32

  QueueUserWorkItem

  ExpandEnvironmentStringsA

  FindFirstFileA

  GetFileTime

  FindNextFileA

  CompareFileTime

  Wow64EnableWow64FsRedirection

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetModuleFileNameW

  GetModuleFileNameA

  CreateDirectoryA

  HeapAlloc

  CloseHandle

  GetLastError

  RemoveDirectoryA

  HeapFree

  DeleteFileA

  LoadLibraryA

  lstrcpyA

  CreateFileA

  lstrcatA

  lstrlenA

  WriteFile

  GetSystemTimeAsFileTime

  InterlockedIncrement

  InterlockedDecrement

  HeapDestroy

  HeapCreate

  SetEvent

  HeapReAlloc

  GetCommandLineW

  GetCurrentThreadId

  DuplicateHandle

  SetWaitableTimer

  Sleep

  GetTickCount

  CopyFileW

  GetCurrentThread

  lstrlenW

  CreateEventA

  DeleteFileW

  GetWindowsDirectoryA

  InterlockedExchange

  GetTempPathA

  CreateDirectoryW

  SuspendThread

  ResumeThread

  WaitForSingleObject

  lstrcpyW

  lstrcmpiW

  GetModuleHandleA

  OpenProcess

  CreateThread

  SwitchToThread

  lstrcatW

  CreateFileW

  ExitProcess

  WaitForMultipleObjects

  SetLastError

  lstrcmpiA

  CreateMutexA

  ResetEvent

  lstrcmpA

  OpenWaitableTimerA

  OpenMutexA

  ReleaseMutex

  VirtualProtectEx

  UnmapViewOfFile

  CreateWaitableTimerA

  LeaveCriticalSection

  InitializeCriticalSection

  EnterCriticalSection

  RegisterWaitForSingleObject

  TlsGetValue

  TlsSetValue

  LoadLibraryExW

  VirtualAlloc

  VirtualProtect

  UnregisterWait

  TlsAlloc

  OpenEventA

  GetProcAddress

  GetDriveTypeW

  WideCharToMultiByte

  OpenFileMappingA

  LocalFree

  GetLogicalDriveStringsW

  GetExitCodeProcess

  CreateFileMappingA

  GetFileSize

  lstrcpynA

  CreateToolhelp32Snapshot

  QueueUserAPC

  Thread32First

  OpenThread

  Thread32Next

  ReadFile

  CancelIo

  ConnectNamedPipe

  GetOverlappedResult

  DisconnectNamedPipe

  GetSystemTime

  FlushFileBuffers

  CreateNamedPipeA

  CallNamedPipeA

  WaitNamedPipeA

  AddVectoredExceptionHandler

  SleepEx

  RemoveVectoredExceptionHandler

  ExitThread

  LocalAlloc

  FreeLibrary

  RaiseException

  IsWow64Process

  GetLocalTime

  VirtualFree

  GetCurrentProcessId

  GetVersion

  DeleteCriticalSection

  RemoveDirectoryW

  GetTempFileNameA

  SetEndOfFile

  ExpandEnvironmentStringsW

  SetFilePointer

  FindNextFileW

  FindClose

  GetFileAttributesW

  SetFilePointerEx

  FindFirstFileW

  GetComputerNameW

  MapViewOfFile

  CreateProcessA

  GetVersionExA

  dnsapi

  DnsQuery_A

  DnsFree

  Sections

  .text

  Size: 145KB - Virtual size: 144KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 11KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ