ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc

Sharing

Copy URL

Twitter E-mail

General

Target

ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc
Size

4.9MB
MD5

1c4087ef9d965705c2677399b3604bbc
SHA1

41b0db5350c7d90675e64634b2bb688b4dcf95e2
SHA256

ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc
SHA512

aca1141fef756ca5ed1dc17527087e406fda9ee8afa566292ffb1634d5e034799e49f0a6c378bf040850dff683445201d90dcf593561934b77fd1146b7c6d320
SSDEEP

98304:RcD7ZudP8yqlboyy2b9yNBg1XKHuTfrbDLio2gVQy5jwNmhzQEPd:uDkEyqlbDfb9yrOzHiold/J

Score

N/A

Malware Config

Signatures

Files

ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc
.7z
L2NPC/HFExt.dll
.dll windows x64

e2bc98dd5893026f99704f98df8f1016

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetPrivateProfileStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
ReadFile
CreateFileW
OpenProcess
GetCurrentProcessId
DisableThreadLibraryCalls
GetTickCount
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
Sleep
DeleteCriticalSection
GetLocaleInfoA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
GetModuleFileNameW
GetModuleHandleA
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
CompareStringA
CompareStringW
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RtlVirtualUnwind
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
HeapSize
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapReAlloc

user32

GetActiveWindow
wsprintfW
MessageBoxW
CreateWindowExW

shell32

ShellExecuteW

odbc32

ord72
ord119

iphlpapi

GetAdaptersInfo

Exports

Exports

DllMain
GetAdaptersInfo

Sections

.text
Size: 804KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
L2NPC/L2NPC.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1009KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 46.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
L2NPC/L2NPC.ini
L2NPC/LinError.txt
L2NPC/Secure.ini
L2NPC/log/err/2022-10-29-10006-00-npc-err1.log
L2NPC/log/err/2022-10-29-10006-01-npc-err1.log
L2NPC/log/err/2022-10-29-10007-01-npc-err0.log
L2NPC/log/in/2022-10-29-10006-01-npc-in1.log
L2NPC/log/system/2022-10-29-10006-00-npc-system1.log
L2NPC/log/system/2022-10-29-10006-01-npc-system1.log
L2NPC/log/system/2022-10-29-10007-01-npc-system0.log
L2Server/Csauth2.cfg
L2Server/GGauth70.dll
.dll windows x64

5d181fa341c49fda7bc5d47eb0ab881f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemTime
CompareStringW
CompareStringA
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
GetLastError
GetCurrentThread
FlsAlloc
HeapFree
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA

user32

SetTimer

Exports

Exports

PrtcCheckAuthAnswer
PrtcCheckValidAnswer
PrtcDecryptAnswer
PrtcEncryptQuery
PrtcGetAuthQuery
PrtcGetInformation
PrtcGetVersion
PrtcLoopAuth
PrtcUpdateTimer

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
L2Server/HFExt.dll
.dll windows x64

e2bc98dd5893026f99704f98df8f1016

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetPrivateProfileStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
ReadFile
CreateFileW
OpenProcess
GetCurrentProcessId
DisableThreadLibraryCalls
GetTickCount
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
Sleep
DeleteCriticalSection
GetLocaleInfoA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
GetModuleFileNameW
GetModuleHandleA
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
CompareStringA
CompareStringW
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RtlVirtualUnwind
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
HeapSize
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapReAlloc

user32

GetActiveWindow
wsprintfW
MessageBoxW
CreateWindowExW

shell32

ShellExecuteW

odbc32

ord72
ord119

iphlpapi

GetAdaptersInfo

Exports

Exports

DllMain
GetAdaptersInfo

Sections

.text
Size: 804KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
L2Server/HFExt.ini
L2Server/L2Server.exe
.exe windows x64

1b66f5253a4d835b34d732a381f78ace

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htons
bind
socket
closesocket
setsockopt
WSARecv
WSASend
inet_addr
send
getsockname
WSACleanup
recv
gethostbyname
WSAStartup
WSACloseEvent
WSAResetEvent
WSAGetLastError
accept
WSAEventSelect
WSACreateEvent
listen
htonl
inet_ntoa
connect

imagehlp

SymCleanup
SymGetModuleBase64
SymFunctionTableAccess64
SymSetOptions
SymInitialize
StackWalk64

pdh

PdhOpenQueryW
PdhCollectQueryData
PdhMakeCounterPathW
PdhEnumObjectItemsW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhAddCounterW

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW

xmllite

CreateXmlReader

kernel32

RtlVirtualUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
HeapCreate
HeapSetInformation
FlsAlloc
TlsSetValue
SetLastError
SetHandleCount
GetTickCount
PostQueuedCompletionStatus
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileW
__C_specific_handler
MapViewOfFile
UnmapViewOfFile
Sleep
GetLastError
CreateIoCompletionPort
CompareFileTime
SystemTimeToFileTime
GetLocalTime
DeleteFileW
lstrcpyW
ResumeThread
CreateEventW
WaitForSingleObject
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetPrivateProfileStringW
FileTimeToLocalFileTime
ReadFile
SuspendThread
SetUnhandledExceptionFilter
lstrlenW
GetFileSize
GetModuleFileNameW
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
GetLocaleInfoW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GetCurrentThread
SetEndOfFile
OpenFileMappingW
CreateDirectoryW
FormatMessageW
FindNextFileW
FindFirstFileW
SwitchToThread
GetPrivateProfileIntW
GetQueuedCompletionStatus
SetThreadAffinityMask
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
CreateMutexW
ReleaseMutex
OpenMutexW
GetNumaHighestNodeNumber
HeapAlloc
GetProcessHeap
MultiByteToWideChar
OpenProcess
GlobalMemoryStatusEx
CreateSemaphoreW
ReleaseSemaphore
FileTimeToSystemTime
QueryPerformanceCounter
WritePrivateProfileStringW
FreeLibrary
GetProcAddress
LoadLibraryA
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetModuleHandleA
GetStartupInfoA
GetVersionExA
GetCommandLineA
GetFileType
GetDriveTypeW
FindClose
MoveFileW
RtlCaptureContext
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetFileAttributesW
CreateThread
ExitThread
HeapFree
GetTimeZoneInformation
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
GetComputerNameW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
OutputDebugStringW
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetComputerNameA
GetConsoleMode
GetConsoleCP
CreateFileMappingW
GetModuleFileNameA
GetOEMCP
GetACP
HeapSize
GetStdHandle

user32

GetClientRect
BeginPaint
FillRect
EndPaint
InvalidateRect
LoadAcceleratorsW
MessageBoxW
LoadIconW
LoadCursorW
RegisterClassExW
LoadStringW
DialogBoxParamW
EnableMenuItem
wvsprintfW
GetWindowInfo
PostQuitMessage
CreateWindowExW
ShowWindow
UpdateWindow
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SendDlgItemMessageW
EndDialog
GetMenu
CheckMenuItem
wsprintfW
MoveWindow
SetTimer
DefWindowProcW

gdi32

GetStockObject
SelectObject
GetTextExtentPoint32W
SetTextColor
TextOutW
GetTextMetricsW

advapi32

CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

SHCreateStreamOnFileW

dbghelp

MiniDumpWriteDump

hfext

GetAdaptersInfo

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 741.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
L2Server/L2Server.ini
L2Server/LinError.txt
L2Server/Loader.exe
.exe windows x64

38d2aa69b58d04a82de45d914982882f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htons
bind
socket
closesocket
setsockopt
WSASend
WSARecv
inet_addr
send
getsockname
WSACleanup
recv
gethostbyname
WSAStartup
connect
accept
WSAGetLastError
WSAResetEvent
WSACloseEvent

pdh

PdhRemoveCounter
PdhOpenQueryW
PdhCloseQuery

xmllite

CreateXmlReader

kernel32

RtlVirtualUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetFullPathNameW
SetStdHandle
LoadLibraryA
HeapCreate
HeapSetInformation
GetStdHandle
FlsAlloc
SetHandleCount
GetConsoleMode
GetTickCount
PostQueuedCompletionStatus
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileW
__C_specific_handler
Sleep
GetLastError
CreateIoCompletionPort
CompareFileTime
SystemTimeToFileTime
GetLocalTime
DeleteFileW
lstrcpyW
ResumeThread
CreateEventW
WaitForSingleObject
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetPrivateProfileStringW
FileTimeToLocalFileTime
ReadFile
SuspendThread
SetUnhandledExceptionFilter
GetFileSize
GetModuleFileNameW
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
SetEndOfFile
ExitProcess
MapViewOfFile
CreateDirectoryW
FormatMessageW
FindNextFileW
FindFirstFileW
SwitchToThread
InitializeCriticalSectionAndSpinCount
ReleaseMutex
OpenMutexW
CreateMutexW
GetNumaHighestNodeNumber
UnmapViewOfFile
HeapAlloc
GetProcessHeap
MultiByteToWideChar
CreateSemaphoreW
ReleaseSemaphore
FileTimeToSystemTime
WritePrivateProfileStringW
QueryPerformanceCounter
TlsSetValue
SetLastError
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoA
GetVersionExA
GetCommandLineA
GetFileType
GetDriveTypeW
FindClose
GetModuleHandleA
GetProcAddress
CreateThread
ExitThread
HeapFree
GetTimeZoneInformation
RtlUnwindEx
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetDriveTypeA
CompareStringA
CompareStringW
GetComputerNameA
SetEnvironmentVariableA
GetConsoleCP
GetOEMCP
RtlLookupFunctionEntry
RtlPcToFileHeader
GetACP
HeapSize
CreateFileMappingW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
GetModuleFileNameA

user32

GetClientRect
BeginPaint
FillRect
EndPaint
InvalidateRect
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
wvsprintfW
PostQuitMessage
CreateWindowExW
ShowWindow
UpdateWindow
TranslateMessage
DispatchMessageW
GetMessageW
MessageBoxW
wsprintfW
GetWindowInfo

gdi32

GetStockObject
SelectObject
GetTextExtentPoint32W
SetTextColor
TextOutW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegCloseKey

shlwapi

SHCreateStreamOnFileW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 810KB - Virtual size: 749.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
L2Server/Perfmon.ini
L2Server/RaidServerData.xml
L2Server/RaidServerData.xsd
L2Server/Secure.ini
L2Server/ServerStartCompleted.txt
L2Server/Serverdata.dat
L2Server/status.txt

Sharing

General

Malware Config

Signatures

Files

e2bc98dd5893026f99704f98df8f1016

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

odbc32

iphlpapi

Exports

Exports

Sections

.text Size: 804KB - Virtual size: 804KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 48KB - Virtual size: 92KB

.pdata Size: 52KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 176B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1009KB - Virtual size: 1008KB

.data Size: 51KB - Virtual size: 46.5MB

.pdata Size: 125KB - Virtual size: 125KB

.tls Size: 218KB - Virtual size: 218KB

.rsrc Size: 12KB - Virtual size: 12KB

5d181fa341c49fda7bc5d47eb0ab881f

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 10KB - Virtual size: 13KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 754B

e2bc98dd5893026f99704f98df8f1016

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

odbc32

iphlpapi

Exports

Exports

Sections

.text Size: 804KB - Virtual size: 804KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 48KB - Virtual size: 92KB

.pdata Size: 52KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 176B

1b66f5253a4d835b34d732a381f78ace

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

imagehlp

pdh

psapi

xmllite

kernel32

user32

gdi32

advapi32

.text
Size: 804KB - Virtual size: 804KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 48KB - Virtual size: 92KB

.pdata
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 176B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1009KB - Virtual size: 1008KB

.data
Size: 51KB - Virtual size: 46.5MB

.pdata
Size: 125KB - Virtual size: 125KB

.tls
Size: 218KB - Virtual size: 218KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 10KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 754B

.text
Size: 804KB - Virtual size: 804KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 48KB - Virtual size: 92KB

.pdata
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 176B

.text
Size: 7.1MB - Virtual size: 7.1MB

TEXT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 4.8MB - Virtual size: 4.8MB

.data
Size: 171KB - Virtual size: 741.8MB

.pdata
Size: 443KB - Virtual size: 443KB

.tls
Size: 86KB - Virtual size: 85KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 4.2MB - Virtual size: 4.2MB

TEXT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 810KB - Virtual size: 749.6MB

.pdata
Size: 240KB - Virtual size: 240KB

.tls
Size: 86KB - Virtual size: 85KB

.rsrc
Size: 8KB - Virtual size: 7KB