Kemove
Ketup
Ktart
KtartWithCommandLine
KIsAssertEtwEnabled@0
KSetOnAssertCallback@4
KWriteAssertEtwEventA@24
KWriteAssertEtwEventW@24
KWriteEtwEventForZwAllocateVirtualMemory@12
N115
Static task
static1
Behavioral task
behavioral1
Sample
boris_is_back_in_town.dll
Resource
win7-20230220-en
Target
boris_is_back_in_town.dll
Size
595KB
MD5
aed7110a64e1a7be0cda22a92c43bab3
SHA1
6ea4805f92a9c2a8205977c774649522a7f7e00a
SHA256
ff0730a8693c2dea990402e8f5ba3f9a9c61df76602bc6d076ddbc3034d473c0
SHA512
fa339d91ab8b90ab17466f3d908e8605bef35bdc9348e72f98e1a2440bebb9259cbc7a82b4fe49afe42fc7b67f1cd5f879b5c0c8c21ed49e6877a8654da846ed
SSDEEP
12288:dt1VOakzj7hpQynG+6g1zJACP406bvcgW+oYfu+3:dt/xk37hyyzl1BP4fto6u+3
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptDestroyKey
CryptReleaseContext
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueA
RegEnumKeyExA
RegDeleteTreeA
RegDeleteValueA
RegDeleteKeyExW
RegDeleteKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegLoadAppKeyW
RegDeleteTreeW
RegEnumValueW
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureW
EventProviderEnabled
EventWrite
EventRegister
EventUnregister
CryptDestroyHash
RegDeleteKeyA
RegDeleteKeyValueW
RegDeleteKeyValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyW
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetKeySecurity
RegSaveKeyW
RegQueryInfoKeyA
CreateFileA
GetACP
IsValidCodePage
GetFileSize
FlushFileBuffers
ReleaseMutex
CreateMutexW
lstrlenW
ReleaseSemaphore
CreateSemaphoreW
CopyFileW
GetTempFileNameW
GetTempPathW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
FindFirstFileExW
GetFileAttributesExW
FileTimeToSystemTime
AddAtomW
DeleteAtom
SetLastError
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
FlushViewOfFile
GetCurrentThread
OpenEventW
LocalFree
SetFilePointer
DeleteFileW
GetModuleHandleA
HeapLock
HeapUnlock
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
MapViewOfFile
CreateFileMappingW
GlobalFree
UnmapViewOfFile
GlobalUnlock
GlobalLock
EncodePointer
SetThreadStackGuarantee
VirtualQueryEx
WerRegisterFile
OpenProcess
WaitForSingleObject
CreateThread
ResumeThread
SetThreadPriority
GetSystemInfo
DuplicateHandle
SetEvent
ResetEvent
CreateEventW
OpenMutexW
GetUserDefaultUILanguage
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
CompareFileTime
CreateProcessW
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
Sleep
lstrlenA
WideCharToMultiByte
GetStdHandle
GetTickCount
LoadLibraryW
WriteFile
ReadFile
CreateFileW
CloseHandle
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CompareStringA
InitializeCriticalSection
MulDiv
CompareStringW
GetPrivateProfileStringW
VerSetConditionMask
GetSystemDefaultUILanguage
GetSystemPreferredUILanguages
MoveFileW
SwitchToThread
VerifyVersionInfoW
CreateDirectoryW
GlobalAlloc
GetModuleHandleExW
FindResourceExW
DecodePointer
GetCommandLineW
LoadLibraryExW
RaiseException
lstrcmpiW
FreeLibrary
GetVersionExA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableW
GetEnvironmentVariableW
SetUnhandledExceptionFilter
SetDllDirectoryW
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindAtomW
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
SuspendThread
GetDeviceCaps
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
DeleteDC
CryptUnprotectData
LoadStringW
LoadImageW
GetSystemMetrics
SystemParametersInfoA
CharNextW
UnregisterClassW
MessageBoxW
SetForegroundWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
DestroyWindow
RegisterClassW
CreateWindowExW
ShowWindow
IsWindowVisible
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
DefWindowProcW
GetDC
ReleaseDC
LoadStringW
LoadImageW
GetSystemMetrics
SystemParametersInfoA
CharNextW
UnregisterClassW
MessageBoxW
SetForegroundWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
DestroyWindow
RegisterClassW
CreateWindowExW
ShowWindow
IsWindowVisible
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
DefWindowProcW
GetDC
ReleaseDC
SHCreateDirectoryExW
SHGetFileInfoW
SHGetFolderPathW
SHFileOperationW
CLSIDFromString
CoInitialize
CoCreateGuid
CoGetCurrentLogicalThreadId
CoDisconnectObject
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree
StringFromCLSID
IIDFromString
CoUninitialize
CoInitializeEx
StrCmpIW
StrToInt64ExW
PathMatchSpecW
StrToIntExW
PathIsRelativeW
SHCreateStreamOnFileEx
PathIsFileSpecW
SHDeleteKeyW
PathAddBackslashW
PathRemoveFileSpecW
PathCombineW
PathRemoveBackslashW
PathFileExistsW
PathCanonicalizeW
PathAppendW
PathFindFileNameW
PathRemoveBlanksW
PathFindExtensionW
PathIsDirectoryW
PathStripPathW
AssocQueryStringW
PathRemoveExtensionW
PathRenameExtensionW
StrStrIW
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameSignatureVerificationEx
StrongNameTokenFromAssemblyEx
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGraphicsClear
GdipCreateBitmapFromStream
Kemove
Ketup
Ktart
KtartWithCommandLine
KIsAssertEtwEnabled@0
KSetOnAssertCallback@4
KWriteAssertEtwEventA@24
KWriteAssertEtwEventW@24
KWriteEtwEventForZwAllocateVirtualMemory@12
N115
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ