General

Malware Config

Signatures

Files

• 9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3

  .dll windows x86

  d4b28d936a605186a8abc2838e5d8af1

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualAlloc

  DisableThreadLibraryCalls

  GetModuleFileNameA

  GetModuleHandleA

  CreateMutexA

  CloseHandle

  GetCurrentProcessId

  DeleteFileA

  CreateThread

  lstrcpyA

  GlobalAlloc

  GlobalFree

  LoadLibraryW

  VirtualFree

  ExpandEnvironmentStringsW

  GetProcAddress

  VirtualProtect

  GetTempPathA

  WritePrivateProfileStringA

  GetComputerNameA

  GetLastError

  WriteProfileStringA

  GetPrivateProfileStringA

  GetProfileStringA

  WideCharToMultiByte

  OutputDebugStringA

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  TerminateProcess

  OpenProcess

  UnmapViewOfFile

  IsBadReadPtr

  LoadLibraryA

  ExitThread

  GetLocalTime

  FormatMessageA

  LocalFree

  TerminateThread

  GetCommandLineA

  WinExec

  lstrcatA

  GetSystemDirectoryA

  ReadFile

  Sleep

  WriteFile

  GetTickCount

  ExitProcess

  FreeLibrary

  SetFilePointer

  GetFileSize

  CreateFileA

  lstrlenA

  user32

  wsprintfA

  GetWindowLongA

  CharLowerA

  GetKeyboardState

  MessageBoxA

  GetMessageW

  MapVirtualKeyA

  ToAscii

  FindWindowA

  PostMessageA

  DefWindowProcA

  PostQuitMessage

  SendMessageA

  DispatchMessageA

  TranslateMessage

  GetMessageA

  UpdateWindow

  ShowWindow

  CreateWindowExW

  RegisterClassW

  wsprintfW

  LoadIconA

  LoadCursorA

  GetWindowTextA

  gdi32

  GetStockObject

  shell32

  ShellExecuteA

  ws2_32

  closesocket

  sendto

  gethostbyname

  setsockopt

  recvfrom

  WSAAsyncSelect

  htonl

  bind

  listen

  WSACleanup

  connect

  WSAConnect

  ntohs

  getsockname

  accept

  WSAGetLastError

  WSARecv

  WSAAsyncGetHostByName

  getpeername

  WSASend

  select

  __WSAFDIsSet

  ioctlsocket

  htons

  inet_addr

  WSAStartup

  recv

  send

  WSCGetProviderPath

  WSCEnumProtocols

  inet_ntoa

  socket

  msvcrt

  memcpy

  wcsstr

  _itoa

  sprintf

  atoi

  srand

  rand

  strncmp

  strncpy

  ??2@YAPAXI@Z

  ??3@YAXPAX@Z

  _errno

  _stricmp

  _strnicmp

  memset

  strstr

  shlwapi

  PathFileExistsA

  PathRemoveFileSpecA

  wininet

  InternetOpenUrlA

  InternetOpenA

  InternetCloseHandle

  InternetReadFile

  Exports

  Exports

  GetNeedSock

  WSPStartup

  Sections

  .text

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  sp

  Size: 1024B - Virtual size: 897B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ