General

Malware Config

Signatures

Files

• 6c426cc675d38fb863f8b756bcd20dd6ff16e09bb4d5eebe328b10e08f1aeb82

  .dll windows x86

  79de0723562b8fe6caec8750aff5c6f4

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ReadFile

  CreateFileA

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  ExitProcess

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  WaitForSingleObject

  CloseHandle

  CreateEventA

  DisableThreadLibraryCalls

  lstrcatA

  IsBadReadPtr

  lstrlenA

  VirtualProtect

  Sleep

  SetEvent

  SetEnvironmentVariableA

  GetCurrentProcessId

  InterlockedExchange

  MultiByteToWideChar

  GetModuleHandleA

  GetLastError

  InterlockedIncrement

  LocalFree

  InterlockedDecrement

  SetFilePointer

  SizeofResource

  LockResource

  LoadResource

  FindResourceA

  FindResourceExA

  IsBadWritePtr

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetModuleFileNameA

  GetCurrentProcess

  WideCharToMultiByte

  VirtualQuery

  LCMapStringA

  FlushFileBuffers

  SetStdHandle

  GetTickCount

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetConsoleMode

  GetConsoleCP

  HeapCreate

  VirtualFree

  GetOEMCP

  GetCPInfo

  GetStartupInfoA

  GetFileType

  SetHandleCount

  HeapDestroy

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  GetProcessHeap

  GetACP

  GetLocaleInfoA

  GetThreadLocale

  GetVersionExA

  RaiseException

  RtlUnwind

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  ExitThread

  ResumeThread

  CreateThread

  VirtualAlloc

  GetCurrentThreadId

  GetCommandLineA

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  WriteFile

  GetStdHandle

  user32

  MessageBoxA

  wsprintfA

  UnregisterClassA

  advapi32

  RegQueryValueExA

  RegCreateKeyExA

  RegCloseKey

  RegSetValueExA

  oleaut32

  SafeArrayGetDim

  SafeArrayGetElemsize

  SafeArrayGetElement

  SafeArrayDestroyDescriptor

  SysStringByteLen

  SysAllocStringByteLen

  SafeArrayDestroy

  SafeArrayCreate

  VariantCopyInd

  VariantChangeType

  VariantClear

  VariantInit

  SysFreeString

  SysStringLen

  SafeArrayLock

  SafeArrayGetUBound

  SafeArrayGetLBound

  GetErrorInfo

  SysAllocString

  SafeArrayUnlock

  version

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  VerQueryValueA

  Exports

  Exports

  CheckRuntime

  DNG_Runtime

  GetUserString

  RunHVM

  Sections

  .text

  Size: 164KB - Virtual size: 163KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 52KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .hvm

  Size: 4KB - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .hvm0

  Size: 344KB - Virtual size: 342KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 20KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rmnet

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE