General

Malware Config

Signatures

Files

• 07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked

  .dll windows x86

  35212937cf992eb0dea0131f7c9437be

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  sprintf

  isxdigit

  strstr

  sscanf

  _memicmp

  strncpy

  memmove

  memcmp

  RtlRandomEx

  ZwQueryInformationToken

  ZwOpenProcess

  ZwOpenProcessToken

  strcpy

  ZwQueryInformationProcess

  NtQuerySystemInformation

  wcscat

  ZwClose

  RtlNtStatusToDosError

  NtUnmapViewOfSection

  NtMapViewOfSection

  memcpy

  _snprintf

  _wcsupr

  _strupr

  wcscpy

  memset

  ZwQueryKey

  RtlFreeUnicodeString

  RtlUpcaseUnicodeString

  RtlImageNtHeader

  wcstombs

  RtlAdjustPrivilege

  mbstowcs

  strlen

  wcslen

  wcsncmp

  NtCreateSection

  _chkstk

  _allmul

  _aulldiv

  _allshl

  _alldiv

  RtlUnwind

  NtQueryVirtualMemory

  kernel32

  GetEnvironmentVariableW

  ResetEvent

  GetComputerNameW

  SetFilePointerEx

  SystemTimeToTzSpecificLocalTime

  TerminateThread

  IsBadReadPtr

  QueueUserWorkItem

  FileTimeToLocalFileTime

  SystemTimeToFileTime

  MultiByteToWideChar

  CreateFileA

  lstrlenA

  HeapAlloc

  HeapFree

  WriteFile

  lstrcatA

  CreateDirectoryA

  GetLastError

  RemoveDirectoryA

  LoadLibraryA

  CloseHandle

  DeleteFileA

  lstrcpyA

  HeapReAlloc

  InterlockedIncrement

  InterlockedDecrement

  SetEvent

  GetTickCount

  HeapDestroy

  HeapCreate

  SetWaitableTimer

  CreateDirectoryW

  GetCurrentThread

  GetSystemTimeAsFileTime

  GetWindowsDirectoryA

  OpenProcess

  Sleep

  CopyFileW

  CreateEventA

  CreateFileW

  lstrlenW

  InterlockedExchange

  GetModuleHandleA

  lstrcatW

  GetCurrentThreadId

  DuplicateHandle

  DeleteFileW

  GetTempPathA

  SuspendThread

  ResumeThread

  lstrcpyW

  CreateThread

  SwitchToThread

  lstrcmpA

  MapViewOfFile

  UnmapViewOfFile

  WaitForSingleObject

  LeaveCriticalSection

  SetLastError

  lstrcmpiA

  EnterCriticalSection

  OpenWaitableTimerA

  OpenMutexA

  WaitForMultipleObjects

  CreateMutexA

  ReleaseMutex

  CreateWaitableTimerA

  InitializeCriticalSection

  SetEnvironmentVariableW

  TlsGetValue

  LoadLibraryExW

  TlsSetValue

  VirtualAlloc

  RegisterWaitForSingleObject

  VirtualProtect

  TlsAlloc

  GetProcAddress

  GetFileSize

  GetDriveTypeW

  GetLogicalDriveStringsW

  WideCharToMultiByte

  GetExitCodeProcess

  CreateProcessA

  CreateFileMappingA

  OpenFileMappingA

  LocalFree

  lstrcpynA

  GlobalLock

  GlobalUnlock

  Thread32First

  Thread32Next

  QueueUserAPC

  OpenThread

  CreateToolhelp32Snapshot

  CallNamedPipeA

  WaitNamedPipeA

  ConnectNamedPipe

  ReadFile

  GetOverlappedResult

  FlushFileBuffers

  CreateNamedPipeA

  CancelIo

  GetSystemTime

  RemoveVectoredExceptionHandler

  SleepEx

  AddVectoredExceptionHandler

  OpenEventA

  LocalAlloc

  FreeLibrary

  RaiseException

  QueryPerformanceFrequency

  GetModuleFileNameA

  GetLocalTime

  GetModuleFileNameW

  FileTimeToSystemTime

  VirtualFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetVersion

  DeleteCriticalSection

  ExpandEnvironmentStringsW

  FindNextFileW

  RemoveDirectoryW

  FindClose

  GetTempFileNameA

  GetFileAttributesW

  SetEndOfFile

  SetFilePointer

  FindFirstFileW

  VirtualProtectEx

  LoadLibraryW

  lstrcmpiW

  UnregisterWait

  DisconnectNamedPipe

  iphlpapi

  GetAdaptersAddresses

  GetIpAddrTable

  GetBestRoute

  oleaut32

  VariantInit

  VariantClear

  SysAllocString

  SysFreeString

  Sections

  .text

  Size: 237KB - Virtual size: 237KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 22KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 13KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ