General

Malware Config

Signatures

Files

• wps_0000000001AA0000.dll

  .dll windows x64

  cbac7ca641fd61e7ae8b266a3078d6c4

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  ResumeThread

  CreateFileMappingW

  MapViewOfFile

  VirtualProtect

  GetFileAttributesW

  SetErrorMode

  OpenFileMappingW

  SetFilePointer

  SetEndOfFile

  GlobalLock

  GetLocalTime

  GlobalUnlock

  QueryDosDeviceW

  GetDriveTypeW

  GetVolumeInformationW

  GetDiskFreeSpaceExW

  FindFirstFileW

  FindClose

  FindNextFileW

  FlushFileBuffers

  SetFileTime

  GetFileTime

  CreateDirectoryW

  ExpandEnvironmentStringsW

  GetProcessHeap

  HeapFree

  CopyFileW

  CreateThread

  WritePrivateProfileStringW

  ProcessIdToSessionId

  lstrcpyW

  QueryPerformanceFrequency

  QueryPerformanceCounter

  CreateNamedPipeW

  ConnectNamedPipe

  GetOverlappedResult

  GetConsoleCP

  FreeConsole

  GetModuleHandleA

  GetConsoleWindow

  AllocConsole

  SetConsoleCtrlHandler

  SetConsoleScreenBufferSize

  GetStdHandle

  WriteConsoleInputW

  GenerateConsoleCtrlEvent

  GetConsoleMode

  GetConsoleDisplayMode

  GetConsoleCursorInfo

  GetConsoleScreenBufferInfo

  ReadConsoleOutputW

  GetSystemDirectoryW

  GetWindowsDirectoryW

  GetModuleFileNameW

  GetModuleHandleW

  RemoveDirectoryW

  VirtualFreeEx

  lstrcpynA

  ResetEvent

  DisconnectNamedPipe

  lstrcmpA

  ExitThread

  LocalAlloc

  lstrcatW

  OutputDebugStringA

  LocalFree

  LocalLock

  LocalUnlock

  PostQueuedCompletionStatus

  LocalReAlloc

  CreateIoCompletionPort

  TerminateThread

  GetCurrentThread

  GetQueuedCompletionStatus

  QueueUserAPC

  GlobalMemoryStatus

  DeleteFileW

  WriteProcessMemory

  ReadProcessMemory

  OpenProcess

  GetVersionExW

  GetCurrentThreadId

  SetUnhandledExceptionFilter

  DeleteCriticalSection

  InitializeCriticalSection

  MultiByteToWideChar

  WideCharToMultiByte

  lstrlenA

  lstrlenW

  WriteFile

  SetFileAttributesW

  ReadFile

  GetFileSize

  CreateFileW

  lstrcpyA

  lstrcmpW

  lstrcpynW

  WaitForMultipleObjects

  GetTickCount

  CreateEventW

  CreateProcessW

  GetCurrentProcessId

  lstrcmpiW

  ExitProcess

  GetCurrentProcess

  TerminateProcess

  GetLastError

  CreateRemoteThread

  VirtualAllocEx

  GetExitCodeThread

  VirtualFree

  VirtualAlloc

  LeaveCriticalSection

  EnterCriticalSection

  GetPrivateProfileIntW

  GetSystemDefaultLCID

  GetSystemInfo

  GetComputerNameW

  GetSystemTime

  CreateMutexW

  GetCommandLineW

  CloseHandle

  WaitForSingleObject

  SetEvent

  GetProcAddress

  LoadLibraryA

  GetConsoleOutputCP

  Sleep

  user32

  GetAsyncKeyState

  GetWindowThreadProcessId

  GetClassNameW

  GetWindowTextW

  GetForegroundWindow

  CallNextHookEx

  UnhookWindowsHookEx

  SetWindowsHookExW

  CloseDesktop

  GetKeyState

  KillTimer

  DispatchMessageW

  TranslateMessage

  GetIconInfo

  DestroyIcon

  LoadCursorW

  GetMessageW

  SetTimer

  SetClipboardViewer

  CreateWindowExW

  CloseClipboard

  GetClipboardData

  WindowFromPoint

  SetCapture

  SetCursorPos

  mouse_event

  keybd_event

  OpenWindowStationW

  GetProcessWindowStation

  SetProcessWindowStation

  OpenInputDesktop

  GetThreadDesktop

  SetThreadDesktop

  CloseWindowStation

  PostMessageA

  ShowWindow

  wsprintfA

  CreateDesktopW

  IsClipboardFormatAvailable

  OpenClipboard

  DefWindowProcW

  SendMessageW

  PostQuitMessage

  ChangeClipboardChain

  GetSystemMetrics

  ExitWindowsEx

  MessageBoxW

  wsprintfW

  SetWindowLongPtrW

  gdi32

  CreateDIBSection

  CreateCompatibleDC

  CreateCompatibleBitmap

  GdiFlush

  BitBlt

  GetDeviceCaps

  DeleteDC

  DeleteObject

  GetDIBits

  CreateDCW

  SelectObject

  advapi32

  InitiateSystemShutdownA

  QueryServiceStatusEx

  CloseServiceHandle

  StartServiceW

  ChangeServiceConfig2W

  CreateServiceW

  OpenServiceW

  OpenSCManagerW

  RegOpenKeyExW

  RegCloseKey

  RegCreateKeyExW

  RegSetValueExW

  RegEnumKeyExW

  RegQueryValueExW

  EnumServicesStatusExW

  QueryServiceConfigW

  QueryServiceConfig2W

  ControlService

  ChangeServiceConfigW

  OpenProcessToken

  GetTokenInformation

  AllocateAndInitializeSid

  EqualSid

  FreeSid

  RegDeleteValueW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetUserNameW

  LookupAccountSidW

  GetLengthSid

  CheckTokenMembership

  DuplicateTokenEx

  SetTokenInformation

  CreateProcessAsUserW

  RegEnumValueA

  ImpersonateLoggedOnUser

  RegOpenCurrentUser

  RegOverridePredefKey

  RevertToSelf

  RegEnumValueW

  DeleteService

  shell32

  SHFileOperationW

  CommandLineToArgvW

  ExtractIconExW

  ole32

  CoSetProxyBlanket

  CoCreateInstance

  CoInitializeSecurity

  CoInitializeEx

  CoUninitialize

  oleaut32

  VariantClear

  odbc32

  ord136

  ord43

  ord13

  ord127

  ord18

  ord61

  ord111

  ord9

  ord141

  ord75

  ord24

  ord171

  ord31

  ord157

  ord2

  wtsapi32

  WTSEnumerateProcessesW

  WTSFreeMemory

  WTSQuerySessionInformationW

  WTSUnRegisterSessionNotification

  WTSRegisterSessionNotification

  ws2_32

  WSASocketA

  WSAIoctl

  setsockopt

  closesocket

  WSARecvFrom

  bind

  WSASendTo

  WSACleanup

  WSAGetLastError

  WSAStartup

  getsockname

  Sections

  .text

  Size: 165KB - Virtual size: 164KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ