General

Malware Config

Signatures

Files

• 026fd6ab8b5f12d1ae0795f7ad79b05a7ca1dc83e996cb7ee37f1b417d66de44_unpacked

  .dll windows x86

  05d99b87213d8d84e30ca00aee5b0e01

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  NtCreateSection

  ZwOpenProcessToken

  ZwOpenProcess

  ZwClose

  RtlNtStatusToDosError

  NtQuerySystemInformation

  ZwQueryInformationProcess

  RtlAdjustPrivilege

  _wcsupr

  NtMapViewOfSection

  wcscpy

  memset

  ZwQueryKey

  RtlFreeUnicodeString

  RtlUpcaseUnicodeString

  sprintf

  _snprintf

  wcstombs

  strcpy

  memcpy

  RtlImageNtHeader

  mbstowcs

  NtUnmapViewOfSection

  _strupr

  ZwQueryInformationToken

  _aulldiv

  _allmul

  _chkstk

  RtlUnwind

  NtQueryVirtualMemory

  kernel32

  lstrcpynA

  lstrcmpiW

  VirtualProtectEx

  FileTimeToLocalFileTime

  QueueUserWorkItem

  GetVersion

  GetCurrentProcessId

  GetModuleFileNameW

  FileTimeToSystemTime

  GetModuleFileNameA

  OpenProcess

  CreateRemoteThread

  GetLocalTime

  VirtualFree

  CreateDirectoryA

  CloseHandle

  GetLastError

  HeapAlloc

  RemoveDirectoryA

  DeleteFileA

  HeapFree

  lstrcpyA

  LoadLibraryA

  CreateFileA

  lstrcatA

  lstrlenA

  WriteFile

  InterlockedIncrement

  InterlockedDecrement

  HeapDestroy

  HeapCreate

  SetEvent

  HeapReAlloc

  GetTickCount

  GetSystemTimeAsFileTime

  CreateThread

  GetWindowsDirectoryA

  SwitchToThread

  lstrcatW

  CreateDirectoryW

  GetCurrentThreadId

  CreateFileW

  Sleep

  DeleteFileW

  CopyFileW

  lstrlenW

  GetTempPathA

  SetWaitableTimer

  GetCurrentThread

  CreateEventA

  SuspendThread

  ResumeThread

  lstrcpyW

  InterlockedExchange

  EnterCriticalSection

  MapViewOfFile

  UnmapViewOfFile

  CreateMutexA

  OpenWaitableTimerA

  OpenMutexA

  ReleaseMutex

  CreateWaitableTimerA

  WaitForSingleObject

  GetComputerNameW

  SetLastError

  lstrcmpA

  WaitForMultipleObjects

  lstrcmpiA

  LeaveCriticalSection

  InitializeCriticalSection

  LoadLibraryExW

  GetModuleHandleA

  VirtualAlloc

  VirtualProtect

  UnregisterWait

  RegisterWaitForSingleObject

  GetProcAddress

  CreateFileMappingA

  CreateProcessA

  GetFileSize

  GetDriveTypeW

  OpenFileMappingA

  WideCharToMultiByte

  LocalFree

  GetLogicalDriveStringsW

  GetExitCodeProcess

  TlsGetValue

  TlsSetValue

  TlsAlloc

  GlobalUnlock

  GlobalLock

  CreateToolhelp32Snapshot

  QueueUserAPC

  Thread32First

  OpenThread

  Thread32Next

  ReadFile

  CancelIo

  ConnectNamedPipe

  GetOverlappedResult

  DisconnectNamedPipe

  GetSystemTime

  FlushFileBuffers

  CreateNamedPipeA

  CallNamedPipeA

  WaitNamedPipeA

  AddVectoredExceptionHandler

  OpenEventA

  SleepEx

  RemoveVectoredExceptionHandler

  ResetEvent

  LocalAlloc

  FreeLibrary

  RaiseException

  DeleteCriticalSection

  GetTempFileNameA

  SetEndOfFile

  ExpandEnvironmentStringsW

  SetFilePointer

  RemoveDirectoryW

  GetFileAttributesW

  SetFilePointerEx

  FindFirstFileW

  FindNextFileW

  FindClose

  oleaut32

  SysFreeString

  VariantClear

  SysAllocString

  VariantInit

  Sections

  .text

  Size: 118KB - Virtual size: 118KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 10KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ