PluginRegisterCallbacks
VncStartServer
VncStopServer
Behavioral task
behavioral1
Sample
628bc58.dll
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
628bc58.dll
Resource
win10v2004-20220722-en
Target
628bc58.dll
Size
508KB
MD5
04ead173ffdf29ace7c7e338d917021f
SHA1
aa1e2cf23558741994d101333d8030b05f663a1a
SHA256
5409ba01037c586c729d8bda05492461ce1c88e565a13c181b7f5cb49bb5902e
SHA512
96dd5f7bffb4bb2123d1ab614635e92bbc76805f252a2c26300c8ae68a4e492de87a494fca79a9d596e905c760b9d7d617743a5b50fa5c9c124c5aa9fecc7798
SSDEEP
12288:YFXq3xMvvrRs73Mc144gwTAYpBJ7PgyciQh+02mELRvbMZBsP:YZ4xMvjC3Mc144gwTzTrcbhLILRvbYsP
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
_strnicmp
memcmp
memset
ZwQueryInformationProcess
ZwQueryKey
NtSuspendProcess
NtSetContextThread
RtlNtStatusToDosError
NtResumeProcess
NtGetContextThread
NtSetInformationProcess
_wcsnicmp
NtMapViewOfSection
NtUnmapViewOfSection
ZwClose
NtCreateSection
memmove
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationFile
NtQueryInformationProcess
NtQueryDirectoryFile
NtQueryObject
ZwOpenProcessToken
ZwOpenProcess
ZwQueryInformationToken
RtlEqualUnicodeString
LdrFindEntryForAddress
_strupr
strcpy
memcpy
_alldiv
_chkstk
RtlUnwind
NtQueryVirtualMemory
VirtualAllocEx
SystemTimeToFileTime
RaiseException
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchange
GetSystemInfo
GetQueuedCompletionStatus
HeapReAlloc
RemoveVectoredExceptionHandler
HeapAlloc
HeapFree
SetEvent
CreateEventA
HeapDestroy
HeapCreate
GetLastError
AddVectoredExceptionHandler
GetCurrentThreadId
GetVersion
SwitchToThread
lstrlenA
WideCharToMultiByte
lstrcatA
MultiByteToWideChar
lstrlenW
SetLastError
lstrcmpiW
lstrcatW
LocalFree
lstrcpyW
lstrcpyA
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
CloseHandle
CreateThread
GetComputerNameW
CreateMutexA
GetCurrentProcessId
lstrcpynA
lstrcpynW
lstrcmpiA
SetEnvironmentVariableW
SetErrorMode
SetUnhandledExceptionFilter
OpenProcess
Sleep
TerminateProcess
GetProcAddress
WaitForMultipleObjects
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
ReleaseMutex
GlobalDeleteAtom
GlobalAddAtomA
IsBadReadPtr
IsBadStringPtrA
FreeLibrary
lstrcmpA
VirtualQuery
GetCurrentProcess
VirtualProtect
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetVersionExW
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateFileW
GetTempPathW
GetLongPathNameW
VirtualFree
ReadProcessMemory
VirtualAlloc
LocalAlloc
GetModuleFileNameA
WriteProcessMemory
GetThreadContext
VirtualProtectEx
SuspendThread
ResumeThread
CopyFileW
GetFileAttributesExW
FindFirstFileW
CompareFileTime
lstrcmpW
FindClose
FindNextFileW
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
OpenEventA
GetSystemWindowsDirectoryA
SetFilePointerEx
GetFileInformationByHandleEx
SetFileInformationByHandle
GetProcessId
RemoveDirectoryW
DuplicateHandle
DeleteFileW
MulDiv
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
GetLocaleInfoW
VerLanguageNameW
SetWaitableTimer
CancelWaitableTimer
WaitForSingleObjectEx
ResetEvent
OpenThread
CreateWaitableTimerA
GetSystemTime
AcceptEx
GetAcceptExSockaddrs
PluginRegisterCallbacks
VncStartServer
VncStopServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ