General

Malware Config

Signatures

Files

• cl.dll

  .dll windows x64

  64fb42731fb3b42c8520455306b157a2

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  Process32First

  CreateToolhelp32Snapshot

  Process32Next

  UnmapViewOfFile

  DeleteFileW

  CreateFileMappingW

  MapViewOfFile

  FlushFileBuffers

  GetProcAddress

  Process32NextW

  Process32FirstW

  WideCharToMultiByte

  GetSystemTime

  GlobalSize

  GlobalUnlock

  lstrcmpW

  CreatePipe

  RtlAddFunctionTable

  RtlDeleteFunctionTable

  GetLastError

  GetComputerNameW

  GetVolumeInformationW

  CreateMutexW

  OpenMutexW

  SetHandleInformation

  GetComputerNameA

  ProcessIdToSessionId

  GetModuleHandleA

  WaitForSingleObject

  CreateProcessW

  Sleep

  QueryFullProcessImageNameA

  lstrcpyW

  GetModuleHandleW

  lstrlenW

  VirtualFree

  MultiByteToWideChar

  RtlZeroMemory

  GetFileSize

  ReadFile

  GetCurrentProcessId

  CloseHandle

  CreateFileW

  OutputDebugStringA

  WriteFile

  lstrcpyA

  lstrlenA

  VirtualAlloc

  GlobalLock

  user32

  OemToCharBuffA

  ReleaseDC

  EnumWindows

  SendMessageA

  GetDC

  GetWindowThreadProcessId

  GetSystemMetrics

  wsprintfW

  gdi32

  CreateCompatibleDC

  DeleteObject

  SelectObject

  CreateCompatibleBitmap

  BitBlt

  advapi32

  RegOpenKeyExW

  RegDeleteKeyW

  RegDeleteTreeW

  RegDeleteValueW

  RegEnumValueW

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  CryptReleaseContext

  RegCreateKeyExW

  RegEnumKeyExW

  RegQueryValueExW

  RegCloseKey

  RegSetValueExW

  RegSetValueExA

  RegDeleteValueA

  GetTokenInformation

  RegEnumKeyExA

  LookupAccountSidW

  RegOpenKeyExA

  OpenProcessToken

  GetSidSubAuthority

  GetSidSubAuthorityCount

  RegQueryValueExA

  shell32

  SHGetSpecialFolderPathW

  SHGetFolderPathW

  ole32

  StringFromGUID2

  CreateStreamOnHGlobal

  GetHGlobalFromStream

  CoUninitialize

  CoInitialize

  ntdll

  NtGetContextThread

  NtTerminateThread

  NtAllocateVirtualMemory

  NtSetContextThread

  NtWriteVirtualMemory

  NtResumeThread

  RtlImageDirectoryEntryToData

  ZwReadFile

  NtTerminateProcess

  NtClose

  RtlCreateUserThread

  NtMapViewOfSection

  NtReadVirtualMemory

  NtCreateSection

  NtQueryVirtualMemory

  LdrLoadDll

  LdrGetDllHandle

  LdrGetProcedureAddress

  NtFreeVirtualMemory

  wininet

  InternetCloseHandle

  HttpOpenRequestA

  InternetCrackUrlA

  InternetSetOptionA

  HttpAddRequestHeadersA

  InternetReadFile

  InternetConnectA

  HttpSendRequestA

  InternetOpenA

  HttpQueryInfoA

  urlmon

  ObtainUserAgentString

  gdiplus

  GdiplusStartup

  GdipDisposeImage

  GdipGetImageEncodersSize

  GdiplusShutdown

  GdipGetImageEncoders

  GdipCreateBitmapFromHBITMAP

  GdipSaveImageToStream

  Sections

  .text

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 176B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1024B - Virtual size: 792B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ