Extracted

• ad22f4731ab228a8b63510a3ab6c1de5760182a7fe9ff98a8e9919b0cf100c58.bin.sample.gz

  .gz
• sample

  .dll windows x86

  79b69049ea0a2862439e1c91c1e4ab41

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  TerminateProcess

  WriteFile

  WideCharToMultiByte

  WaitForSingleObject

  ReadFile

  PeekNamedPipe

  lstrcatW

  GetWindowsDirectoryW

  GlobalFree

  GetTickCount

  Sleep

  LoadLibraryW

  FreeLibrary

  GetVersionExW

  WritePrivateProfileStructW

  GetModuleFileNameW

  LeaveCriticalSection

  lstrcmpA

  EnterCriticalSection

  GetPrivateProfileStructW

  DeleteCriticalSection

  InitializeCriticalSection

  WinExec

  GetModuleFileNameA

  GlobalMemoryStatusEx

  MultiByteToWideChar

  InterlockedIncrement

  InterlockedDecrement

  CreateThread

  GetStartupInfoW

  CreateProcessW

  CloseHandle

  DeleteFileW

  GetModuleHandleW

  GetDiskFreeSpaceExW

  GetProcAddress

  GetVolumeInformationW

  FindFirstFileW

  lstrcmpW

  lstrlenW

  FindNextFileW

  FindClose

  lstrcpyW

  GetDriveTypeW

  advapi32

  SetServiceStatus

  RegOpenKeyExW

  RegQueryValueExW

  RegCloseKey

  GetUserNameW

  RegisterServiceCtrlHandlerW

  shell32

  ShellExecuteW

  ws2_32

  connect

  gethostname

  gethostbyname

  socket

  closesocket

  shutdown

  WSAIoctl

  setsockopt

  htons

  select

  WSAGetLastError

  send

  recv

  WSAStartup

  WSACleanup

  inet_addr

  shlwapi

  PathRenameExtensionW

  PathGetArgsW

  PathRemoveArgsW

  PathUnquoteSpacesW

  PathAppendW

  PathIsDirectoryW

  PathFindFileNameW

  PathRemoveFileSpecW

  PathFileExistsW

  StrStrIA

  PathIsRelativeW

  msvcrt

  _fileno

  _filelength

  ??2@YAPAXI@Z

  __CxxFrameHandler

  fread

  fclose

  fflush

  fwrite

  fseek

  _wfopen

  _adjust_fdiv

  _initterm

  fwprintf

  memmove

  atoi

  wcsncpy

  ??3@YAXPAX@Z

  _snprintf

  free

  strncpy

  srand

  rand

  wcscpy

  malloc

  netapi32

  NetUserGetInfo

  NetApiBufferFree

  DsRoleFreeMemory

  DsRoleGetPrimaryDomainInformation

  iphlpapi

  GetAdaptersInfo

  winhttp

  WinHttpGetIEProxyConfigForCurrentUser

  Exports

  Exports

  ServiceMain

  installA

  uninstallA

  Sections

  .text

  Size: 14KB - Virtual size: 13KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 271KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ