Extracted

• 1698855365a738fe5bf028798f4c898a5c26a6beaec785f238cb730d8b1e4cc1f70c0e5974436.dat-decoded.exe

  .exe windows:6 windows x86

  570db8ef63a92b7fa4b4955d1d36a178

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  winmm

  waveInStart

  waveInClose

  waveInAddBuffer

  waveInStop

  waveInPrepareHeader

  waveInUnprepareHeader

  waveInOpen

  webservices

  WsFileTimeToDateTime

  bcrypt

  BCryptDecrypt

  BCryptSetProperty

  BCryptGenerateSymmetricKey

  BCryptOpenAlgorithmProvider

  kernel32

  lstrcpyW

  GetTickCount

  HeapAlloc

  GetProcessHeap

  GetCommandLineA

  GetStartupInfoA

  HeapFree

  VirtualAlloc

  HeapReAlloc

  VirtualQuery

  LocalAlloc

  LocalFree

  SystemTimeToFileTime

  TerminateThread

  CreateThread

  WriteProcessMemory

  GetCurrentProcess

  OpenProcess

  GetWindowsDirectoryA

  VirtualProtectEx

  VirtualAllocEx

  CreateRemoteThread

  GetModuleHandleW

  IsWow64Process

  WriteFile

  WaitForSingleObject

  CreateFileW

  LoadLibraryW

  GetLocalTime

  GetCurrentThreadId

  GetCurrentProcessId

  ReadFile

  FindFirstFileA

  GetBinaryTypeW

  WideCharToMultiByte

  GetFullPathNameA

  CreateFileA

  GlobalAlloc

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetFileSize

  FreeLibrary

  SetDllDirectoryW

  GetFileSizeEx

  WaitForMultipleObjects

  CreatePipe

  PeekNamedPipe

  DuplicateHandle

  SetEvent

  CreateProcessW

  CreateEventA

  GetModuleFileNameW

  LoadResource

  FindResourceW

  GetComputerNameW

  GlobalMemoryStatusEx

  LoadLibraryExW

  FindFirstFileW

  FindNextFileW

  SetFilePointer

  GetLogicalDriveStringsW

  CopyFileW

  GetDriveTypeW

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  DeleteCriticalSection

  CreateMutexA

  ReleaseMutex

  TerminateProcess

  K32GetModuleFileNameExW

  CreateToolhelp32Snapshot

  Process32NextW

  Process32FirstW

  DeleteFileW

  SizeofResource

  VirtualProtect

  GetSystemDirectoryW

  LockResource

  GetWindowsDirectoryW

  GlobalLock

  GlobalUnlock

  Process32First

  Process32Next

  lstrcpyA

  Sleep

  MultiByteToWideChar

  lstrcatA

  lstrcmpA

  lstrlenA

  ExpandEnvironmentStringsW

  lstrlenW

  lstrcmpW

  CreateProcessA

  WinExec

  ExitProcess

  GetProcAddress

  CloseHandle

  lstrcatW

  LoadLibraryA

  GetLastError

  GetPrivateProfileStringW

  GetModuleHandleA

  GetTempPathW

  VirtualFree

  SetLastError

  GetModuleFileNameA

  CreateDirectoryW

  FindNextFileA

  user32

  GetLastInputInfo

  GetForegroundWindow

  ToUnicode

  wsprintfW

  CharLowerW

  TranslateMessage

  RegisterRawInputDevices

  PostQuitMessage

  DefWindowProcA

  MapVirtualKeyA

  GetRawInputData

  RegisterClassW

  GetAsyncKeyState

  GetKeyboardState

  CreateWindowExW

  SetClipboardViewer

  DispatchMessageA

  MapVirtualKeyW

  GetMessageA

  GetKeyState

  ReleaseDC

  OpenClipboard

  CloseClipboard

  GetClipboardData

  GetDC

  GetWindowTextW

  GetSystemMetrics

  advapi32

  RegQueryValueExW

  AdjustTokenPrivileges

  AllocateAndInitializeSid

  OpenProcessToken

  FreeSid

  LookupAccountSidW

  GetTokenInformation

  RegQueryInfoKeyA

  RegOpenKeyW

  CloseServiceHandle

  OpenSCManagerW

  SetSecurityDescriptorDacl

  RegDeleteKeyA

  InitializeSecurityDescriptor

  RegDeleteKeyW

  RegCreateKeyExW

  RegSetValueExA

  RegDeleteValueW

  RegOpenKeyExW

  RegOpenKeyExA

  RegEnumKeyExW

  RegQueryValueExA

  RegQueryInfoKeyW

  RegCloseKey

  OpenServiceW

  ChangeServiceConfigW

  QueryServiceConfigW

  EnumServicesStatusExW

  StartServiceW

  RegSetValueExW

  RegCreateKeyExA

  LookupPrivilegeValueW

  shell32

  ord680

  SHGetKnownFolderPath

  SHFileOperationW

  SHGetSpecialFolderPathW

  SHCreateDirectoryExW

  SHGetFolderPathW

  ShellExecuteW

  urlmon

  URLDownloadToFileW

  gdiplus

  GdipGetImageEncodersSize

  GdiplusStartup

  GdiplusShutdown

  GdipSaveImageToFile

  GdipDisposeImage

  GdipCreateBitmapFromHBITMAP

  GdipGetImageEncoders

  ws2_32

  socket

  send

  WSAConnect

  WSAStartup

  shutdown

  closesocket

  WSACleanup

  connect

  InetNtopW

  recv

  gethostbyname

  htons

  freeaddrinfo

  setsockopt

  getaddrinfo

  inet_addr

  ole32

  CoTaskMemFree

  CreateStreamOnHGlobal

  CoInitialize

  CoInitializeSecurity

  CoUninitialize

  CoCreateInstance

  shlwapi

  StrStrW

  PathRemoveFileSpecA

  PathCombineA

  PathFindFileNameW

  PathFileExistsW

  PathFindExtensionW

  AssocQueryStringW

  StrStrA

  netapi32

  NetUserAdd

  NetLocalGroupAddMembers

  oleaut32

  VariantInit

  crypt32

  CryptStringToBinaryW

  CryptStringToBinaryA

  CryptUnprotectData

  wininet

  InternetTimeToSystemTimeA

  gdi32

  CreateCompatibleDC

  SelectObject

  CreateCompatibleBitmap

  BitBlt

  DeleteObject

  Sections

  .text

  Size: 100KB - Virtual size: 99KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .bss

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ