General

Malware Config

Signatures

Files

• 8403373515.zip

  .zip

  Password: infected

• 0551ca07f05c2a8278229c1dc651a2b1273a39914857231b075733753cb2b988

  .dll windows x64

  fd89e2529304e87ca50b37f4be45f7ee

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ws2_32

  socket

  setsockopt

  connect

  htons

  send

  recv

  WSAStartup

  WSAAddressToStringW

  GetNameInfoW

  closesocket

  ioctlsocket

  bind

  listen

  accept

  gethostbyname

  inet_addr

  rpcrt4

  UuidToStringW

  UuidFromStringA

  RpcStringFreeW

  kernel32

  LoadLibraryW

  GetTempPathW

  GetTempFileNameW

  LocalFree

  VerSetConditionMask

  VerifyVersionInfoW

  LocalAlloc

  GetComputerNameW

  GetModuleFileNameW

  GetFinalPathNameByHandleW

  lstrcpynW

  ProcessIdToSessionId

  GetCurrentThreadId

  VirtualProtectEx

  GetStdHandle

  CreatePipe

  FindFirstFileW

  GetFileAttributesExW

  FindNextFileW

  FindClose

  GetLogicalDriveStringsW

  GetDiskFreeSpaceExW

  GetDriveTypeW

  SetFilePointerEx

  lstrcpyW

  DuplicateHandle

  CreateNamedPipeW

  WriteFile

  lstrlenW

  SetLastError

  VirtualProtect

  GetLocalTime

  GetModuleHandleW

  ReadProcessMemory

  lstrcatW

  PeekNamedPipe

  SetHandleInformation

  ExpandEnvironmentStringsW

  GetExitCodeProcess

  CreateProcessW

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  MoveFileW

  DeleteFileW

  CopyFileW

  InitializeProcThreadAttributeList

  UpdateProcThreadAttribute

  VirtualAllocEx

  WriteProcessMemory

  CreateRemoteThread

  QueueUserAPC

  GetThreadContext

  SetThreadContext

  GetSystemTimeAsFileTime

  HeapSize

  HeapReAlloc

  HeapCreate

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  lstrcmpiA

  EncodePointer

  DecodePointer

  VirtualQuery

  LoadLibraryExW

  FreeLibrary

  CreateThread

  SuspendThread

  HeapLock

  GetThreadId

  HeapUnlock

  GetProcessHeaps

  HeapWalk

  Thread32First

  OpenThread

  Thread32Next

  FlushInstructionCache

  HeapAlloc

  DisconnectNamedPipe

  ConnectNamedPipe

  SetNamedPipeHandleState

  GetSystemTime

  SystemTimeToFileTime

  GetVersionExW

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  GetFileType

  Process32NextW

  ExitProcess

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  InterlockedFlushSList

  RaiseException

  RtlPcToFileHeader

  RtlUnwindEx

  InitializeSListHead

  GetStartupInfoW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  lstrcmpiW

  Process32FirstW

  CreateToolhelp32Snapshot

  GetLastError

  ReadFile

  GetFileSize

  CreateFileW

  GetProcAddress

  LoadLibraryA

  VirtualFree

  RemoveVectoredExceptionHandler

  GetExitCodeThread

  AddVectoredExceptionHandler

  VirtualAlloc

  GetProcessId

  CreateProcessA

  ResumeThread

  GetCurrentProcessId

  GetCurrentThread

  TerminateThread

  Sleep

  GetTickCount64

  GetCurrentProcess

  TerminateProcess

  CloseHandle

  WaitForSingleObject

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  GetConsoleMode

  GetFileSizeEx

  FindFirstFileExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  GetStringTypeW

  GetCPInfo

  CompareStringEx

  LCMapStringEx

  WideCharToMultiByte

  MultiByteToWideChar

  FlushFileBuffers

  GetConsoleOutputCP

  OpenProcess

  GetTimeFormatW

  GetDateFormatW

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  HeapFree

  GetModuleHandleExW

  GetProcessHeap

  QueryPerformanceCounter

  DeleteCriticalSection

  TryEnterCriticalSection

  InitializeCriticalSectionEx

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  InitializeSRWLock

  SleepConditionVariableSRW

  SleepConditionVariableCS

  WriteConsoleW

  GetTickCount

  WakeAllConditionVariable

  WakeConditionVariable

  InitializeConditionVariable

  FormatMessageA

  user32

  GetMessageW

  SetWindowsHookExW

  GetKeyNameTextW

  UnhookWindowsHookEx

  ShowWindow

  EnumWindows

  GetClassNameW

  GetDC

  GetWindowRect

  ReleaseDC

  IsWindow

  GetDesktopWindow

  ToUnicode

  PostThreadMessageW

  GetKeyState

  GetWindowThreadProcessId

  GetKeyboardState

  CallNextHookEx

  GetWindowTextW

  GetForegroundWindow

  gdi32

  CreateCompatibleDC

  CreateCompatibleBitmap

  SelectObject

  BitBlt

  DeleteObject

  GetDeviceCaps

  advapi32

  PrivilegeCheck

  RevertToSelf

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryValueExW

  RegCloseKey

  OpenProcessToken

  CheckTokenMembership

  LookupPrivilegeValueW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  LookupPrivilegeDisplayNameW

  CreateProcessWithTokenW

  RegLoadMUIStringW

  CreateProcessWithLogonW

  ConvertStringSidToSidW

  LookupPrivilegeNameW

  ConvertSidToStringSidW

  FreeSid

  SetTokenInformation

  CreateWellKnownSid

  AllocateAndInitializeSid

  LogonUserW

  ImpersonateNamedPipeClient

  CloseServiceHandle

  QueryServiceStatusEx

  OpenServiceW

  OpenSCManagerW

  LookupAccountSidW

  GetUserNameW

  GetSidSubAuthorityCount

  GetSidSubAuthority

  GetTokenInformation

  AdjustTokenPrivileges

  OpenThreadToken

  ImpersonateLoggedOnUser

  DuplicateTokenEx

  SetThreadToken

  ole32

  CoInitializeEx

  CoCreateGuid

  StringFromGUID2

  oleaut32

  VariantClear

  SafeArrayCreateVector

  SafeArrayDestroy

  SysAllocString

  SafeArrayPutElement

  SysFreeString

  VariantInit

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayGetElement

  SafeArrayAccessData

  SafeArrayUnaccessData

  SafeArrayCreate

  bcrypt

  BCryptDestroyHash

  BCryptCloseAlgorithmProvider

  BCryptDestroyKey

  BCryptVerifySignature

  BCryptOpenAlgorithmProvider

  BCryptFinishHash

  BCryptHashData

  BCryptCreateHash

  BCryptGetProperty

  crypt32

  CryptImportPublicKeyInfoEx2

  CryptDecodeObject

  CryptUnprotectData

  netapi32

  NetWkstaUserGetInfo

  NetApiBufferFree

  shlwapi

  ord12

  PathCanonicalizeW

  StrStrIW

  iphlpapi

  GetExtendedTcpTable

  GetExtendedUdpTable

  GetOwnerModuleFromTcpEntry

  GetOwnerModuleFromTcp6Entry

  GetIpAddrTable

  winhttp

  WinHttpQueryDataAvailable

  WinHttpReceiveResponse

  WinHttpSetOption

  WinHttpOpen

  WinHttpReadData

  WinHttpQueryHeaders

  WinHttpConnect

  WinHttpOpenRequest

  WinHttpAddRequestHeaders

  WinHttpSendRequest

  WinHttpCloseHandle

  dnsapi

  DnsQuery_A

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  psapi

  GetMappedFileNameW

  GetProcessMemoryInfo

  QueryWorkingSetEx

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipGetImageEncoders

  GdipGetImageEncodersSize

  GdipDisposeImage

  GdipSaveImageToStream

  GdipCreateBitmapFromHBITMAP

  credui

  CredUIParseUserNameW

  Exports

  Exports

  ReadFile

  Sections

  .text

  Size: 688KB - Virtual size: 687KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 169KB - Virtual size: 169KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .detourc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .detourd

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .profile

  Size: 4KB - Virtual size: 773B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE