General

Malware Config

Signatures

Files

• zDefend.asi

  .dll windows x86

  950a6b771ae3d3cfc1b8edadb5ea6021

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  WSACleanup

  kernel32

  AreFileApisANSI

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetMessageA

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  CreateCompatibleBitmap

  advapi32

  LookupPrivilegeValueA

  msvcp140

  ??Bid@locale@std@@QAEIXZ

  wininet

  FtpPutFileA

  shlwapi

  PathFindExtensionA

  gdiplus

  GdipCreateBitmapFromHBITMAP

  psapi

  EnumProcessModules

  vcruntime140

  memchr

  api-ms-win-crt-runtime-l1-1-0

  _resetstkoflw

  api-ms-win-crt-stdio-l1-1-0

  fclose

  api-ms-win-crt-string-l1-1-0

  _strnicmp

  api-ms-win-crt-convert-l1-1-0

  atoi

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-filesystem-l1-1-0

  _unlock_file

  api-ms-win-crt-heap-l1-1-0

  malloc

  api-ms-win-crt-locale-l1-1-0

  ___lc_codepage_func

  api-ms-win-crt-math-l1-1-0

  _libm_sse2_sqrt_precise

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  ���N���#:1+~��6\�}5|O��|����B�yc��� DB�7P VLMrE��<%/a�fX�E��م���c$��l��CW�*y�욘���9r���G�>W&)�+_��Nߪ8HO�Q���і�dk-wB���k5i(�%7�؍��Ӏ�) �"A/\A��������i_���H�B@��-�|K�X���H)�����1<3�j,H�HC����iN�:5I/�g@c��nE�7�P�o�+%[L�o�����)*���$Ba�B�Y0B��*us����b���c-�f���ݎ@���d���xrMT�I@�3H2q���d�YV؉&� �m���FA��h�ij~@rؼ�#�)K<g<_�����Q�U&*�/�$�.�5 ϸ΀���#�-.L�[X3�a'�-�t�ss=B�_q}�$ 0,Br��������KH+˂��*���"i��o¸�/� {�c�"�ua�����˪n�%V���ݵ��(y����Bk�a���_�%o�=�H�g����.#Q�Q���X���m v�f�S���
  �r�`ӣ8�t�W��/���Ϡ<1p��-F��=���^���<������H�8�/i �[�M���w֒��������bj�y�� _AG�BR�K�C�>����-/�NJ��P�?���O�?��d�xaH�juC�����H��2��l�!?��O�X�;SP]w;a`�`��`(��;?�^C1׷�)�� ����
  :4�$�gV-BD8���C@?��Aj �@����}N -W�yADf���f�U���{���ڗp���|2WE���4���%],��c�w6]u&C���u2{����m� �s�=]�D��+ Ĝ�1X�WIaEp�}��.� J!�¤�b�sH�b�������'sz&$�r- T���8Q�+Mb�r�>�2A������-�U,�=cv*.8`tq�����GD����o�ގ�{�8X�`�惀����V"�4
  �K#"6Uy�ƺ����̖��\�P�tS��rwr�)��%����L�����J!"/���It��ۦ���1�o��P���OMT��J��ƄZ�5������" �[$�:<��w��]~�V
  }b��M�T���iR�{J]տ�"�.���-�LL�`���a�R����h�>�����P��9jD�}KD1�+^wS@O�ʘ+N$5��[���s,s_a�-�-��/@X(F�邓3�E�B��Ou��e'*1�k��<s����>z�T@˾����פ�� �xO��r����O钶
  ���D1�6A�UA�Q7����8�xFh�������z�|���_\F�}�ɾYzp:���G]�(8���f�Ճ�>T����n������V�ɬO�
  �� �����͆Ha�\�j{&mfڻ�)z���ö����.&�f������6o�ie�����j���u:Oȏ��T���.N�t�q�&K�a�q��%s��m5���/+�[��W"��VJ5�ݍ�o�m�J���k�E��YŻuPK��Wj�6|TDZ�Vld�0 ��0�In?'�׶��^;����Ǘe&{�<U��$?���Z8Bl��`08I������� F�6ڀ?r�0>����f�&�qD�u9RG�E4�b�G����(j�������~5Xz��<c��� ��UI�t��/����3����윖
  �n�%�0������F�&uK77��������J�_�EE?�i�)fYD�{���2Qt1W�����h{ 6�a�ݯ`q�%��=�����>�2�-�+m�E���Z5 &�~
  �u�ݬ��9� :ks���\�iY^x�Zt��v9][�27�k��Y�XW5�u������9@��UE_d"�N�T͆��f� ������������4���q4��>�6�:S�T�z�VYRT��7������^Ә� ���uڥ~
  e�V_�t��d6��Y�CÑ���8�F�;nCG�_ �୔rl�kޡ;fP- �C��
  �.���9a��UI��xs��N��e#�n�/U�����e<���v*�i8�$?@c�!���f���LG����չ9������mBЫ�w�{P(W \����^��~��v�Ja�Fdb=�0}Uh���Q��҃M\�@�����e|�)��q����V40�^G+ �ٰ��N5���2�)������ �p��p������@��2X V�-�hM�% f���?��E��\\�2�.��������F�]�|Z)H�գT���)ܰ(�'��_��ƟR��s� �c� �T�٣<�SLp��c���t��F���d�s# ������'w�&%��K�Vka��^ϐ�1 Exł͚+9�����h����e?���. �3\��&'1�6��HS`J��hV�U��q�f�:\�#Wƞ
  DL�K�J�Y }���/��· �Cʼn�%���P]�$cp�ݖ�A����ô�)L�p������~����zQ{uUr,2 ٭��4H��Aug�x��ޘ���>-u����c�;��� kb��p:@��A�A�J�kxA�^u�u����H��mg*���A(�EϠn@����/�sV ӹ8n��ǧ��n+�M��@� yz�GjVr��+ `��SYx����.w�����~���y�܈T��[�>8�k�t'�;j��8��s.�k&h�D��Λd��X�˕5An�!n$��~5�����!�I-�Uv7���Xͱv�� rn�G���3�[,Ow�s� ӏB��Q���,�_��)���E"5�i��'K���V�E�H�䤨KE��C�'�����1 ؞��������ZhA�����V�qQbu�D�F�z��ߦ h��G>n�Sq@��*�;"
  �G�\xt��Wl��}�c���t��;�T ��JaTv�E=d-*�j��%���X�S�(�y���S��=t+���hQ����v Bk�ޖ<�
  ���QH�s��!�R"����.����/�'ȷ|b�4��ʧ �A��1��ɀ�դ��gw˘f�1���1�5��>*�_�L�(�I֚��U}�!�v�1@��9HI���P��b�CBbB�����m

  Sections

  .text

  Size: - Virtual size: 202KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 3.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 5.5MB - Virtual size: 5.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 469B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ