General

Malware Config

Signatures

Files

• a0b9376d1a46e876fe056dd89b79dfca.bin

  .zip

  Password: infected

• e1179516c0fe8cbf69566d5db63c6d1d7d02d67b04eae5800f9a950fb07fee81.dll

  .dll windows:6 windows x86 arch:x86

  Password: infected

  fc3b03af2d7d656c3fddb72d63bf5182

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  user32

  LoadImageW

  GetRawInputDeviceList

  GetAncestor

  IsIconic

  SetCursorPos

  ChildWindowFromPoint

  ReleaseDC

  GetCursorPos

  GetGUIThreadInfo

  BeginPaint

  GetNextDlgTabItem

  EndPaint

  SendInput

  EnableWindow

  InvalidateRect

  SetForegroundWindow

  GetWindowLongW

  GetWindowThreadProcessId

  GetWindowTextLengthW

  SetScrollInfo

  GetMessageW

  CreateDialogParamW

  RegisterClipboardFormatW

  DeferWindowPos

  DefWindowProcW

  GetSystemMenu

  AdjustWindowRectEx

  GetKeyState

  GetMessageA

  GetMessageExtraInfo

  ShowScrollBar

  CharLowerW

  GetMessagePos

  OpenIcon

  AllowSetForegroundWindow

  CallWindowProcW

  PostMessageW

  MapVirtualKeyW

  MonitorFromPoint

  GetWindow

  DispatchMessageA

  FindWindowExW

  LoadCursorFromFileA

  GetWindowRect

  GetMenuItemID

  GetMenu

  SendMessageTimeoutW

  GetFocus

  DestroyWindow

  InflateRect

  GetDC

  SetWindowPos

  MessageBoxW

  GetPropW

  MonitorFromWindow

  SetActiveWindow

  EnumDisplayMonitors

  FillRect

  CreateWindowExW

  GetIconInfo

  DeleteMenu

  ScreenToClient

  SendMessageW

  CallNextHookEx

  WaitForInputIdle

  EndDialog

  RemovePropW

  GetSystemMetrics

  UnregisterClassW

  SetWindowTextW

  MessageBeep

  CreatePopupMenu

  NotifyWinEvent

  GetScrollInfo

  GetShellWindow

  WaitMessage

  MsgWaitForMultipleObjects

  RegisterClassExW

  WindowFromPoint

  GetScrollPos

  GetWindowPlacement

  DrawIcon

  DestroyCursor

  TrackPopupMenu

  LoadStringW

  SetCaretPos

  GetActiveWindow

  ShowWindow

  GetClassInfoW

  SetClassLongW

  InvalidateRgn

  BeginDeferWindowPos

  GetAsyncKeyState

  OpenClipboard

  OffsetRect

  GetRawInputDeviceInfoW

  GetCapture

  DispatchMessageW

  SetTimer

  RedrawWindow

  IsDialogMessageW

  DestroyIcon

  IsHungAppWindow

  GetScrollRange

  GetWindowInfo

  GetMonitorInfoW

  CopyRect

  CreateIconIndirect

  GetDlgCtrlID

  ClientToScreen

  CloseClipboard

  DestroyAcceleratorTable

  EmptyClipboard

  ExitWindowsEx

  QueryDisplayConfig

  PeekMessageW

  IsChild

  CreateCaret

  SetDlgItemTextW

  RegisterClassW

  MapWindowPoints

  CallMsgFilterW

  CountClipboardFormats

  DrawStateW

  TrackMouseEvent

  FrameRect

  GetQueueStatus

  GetKeyboardLayout

  SetMenuDefaultItem

  GetWindowTextW

  GetDlgItemTextW

  SendDlgItemMessageW

  MessageBoxA

  GetSysColor

  GetForegroundWindow

  DialogBoxIndirectParamW

  MoveWindow

  EnumClipboardFormats

  IsDlgButtonChecked

  UnhookWindowsHookEx

  EnumWindows

  WinHelpW

  CreateAcceleratorTableW

  LoadBitmapW

  DestroyMenu

  DrawTextExW

  IsRectEmpty

  LockWindowUpdate

  SetLayeredWindowAttributes

  SetFocus

  CharNextW

  BringWindowToTop

  SetPropW

  GetUpdateRect

  TranslateMessage

  GetClipboardData

  GetDisplayConfigBufferSizes

  LoadIconW

  SetWindowContextHelpId

  DrawFocusRect

  ScrollWindowEx

  FindWindowW

  RemoveClipboardFormatListener

  EnumDisplayDevicesW

  LoadCursorW

  DestroyCaret

  GetClassNameW

  GetClipboardSequenceNumber

  SetParent

  SetCapture

  GetWindowDC

  AnimateWindow

  EndDeferWindowPos

  EnumThreadWindows

  SetWindowsHookExW

  InsertMenuW

  SetClipboardData

  SetCursor

  GetUserObjectInformationW

  wsprintfW

  SetRectEmpty

  EnableScrollBar

  GetDlgItemInt

  SetScrollRange

  MapDialogRect

  SetWindowLongW

  SystemParametersInfoA

  GetComboBoxInfo

  GetClientRect

  IsZoomed

  GetDlgItem

  AppendMenuW

  AddClipboardFormatListener

  GetClassLongW

  IsClipboardFormatAvailable

  UpdateLayeredWindow

  DrawTextW

  PostThreadMessageW

  SetRect

  DrawIconEx

  KillTimer

  CheckDlgButton

  PostQuitMessage

  GetDesktopWindow

  EnumDisplaySettingsW

  GetSysColorBrush

  GetNextDlgGroupItem

  SetScrollPos

  CreateDialogIndirectParamW

  EnableMenuItem

  DrawEdge

  SystemParametersInfoW

  SetWinEventHook

  CharLowerA

  GetClassInfoExW

  GetProcessWindowStation

  RegisterWindowMessageW

  DialogBoxParamW

  PtInRect

  UpdateWindow

  DrawFrameControl

  ReleaseCapture

  rpcrt4

  RpcServerUseProtseqEpW

  RpcIfInqId

  RpcObjectSetType

  UuidFromStringW

  RpcMgmtEpEltInqBegin

  RpcMgmtEpEltInqDone

  I_RpcBindingInqLocalClientPID

  RpcBindingToStringBindingW

  UuidToStringW

  RpcBindingFromStringBindingW

  RpcServerUnregisterIf

  RpcStringBindingComposeW

  RpcServerRegisterIf2

  RpcAsyncInitializeHandle

  RpcAsyncCompleteCall

  RpcStringFreeW

  UuidCreate

  RpcEpRegisterW

  RpcEpUnregister

  RpcBindingFree

  UuidFromStringA

  RpcRevertToSelf

  RpcImpersonateClient

  RpcAsyncCancelCall

  RpcStringBindingParseW

  RpcMgmtEpEltInqNextW

  ws2_32

  getsockopt

  recv

  WSACleanup

  __WSAFDIsSet

  htons

  bind

  closesocket

  gethostbyname

  select

  htonl

  sendto

  ioctlsocket

  setsockopt

  WSAGetLastError

  accept

  ntohl

  shutdown

  listen

  WSASetLastError

  WSAStartup

  getpeername

  getsockname

  send

  socket

  ntohs

  connect

  inet_ntoa

  recvfrom

  gethostname

  getservbyname

  advapi32

  CryptAcquireContextA

  GetSidIdentifierAuthority

  CryptReleaseContext

  LookupAccountNameW

  RegEnumKeyExA

  RegQueryValueExW

  CryptGetProvParam

  ReportEventW

  RegisterEventSourceW

  RegEnumValueW

  QueryServiceStatusEx

  LookupAccountSidW

  OpenThreadToken

  DuplicateTokenEx

  GetUserNameW

  CryptGetHashParam

  GetLengthSid

  OpenServiceW

  CryptSignHashW

  MapGenericMask

  QueryServiceConfig2W

  RegDeleteValueW

  ChangeServiceConfigW

  QueryServiceConfigW

  DuplicateToken

  CreateProcessAsUserW

  RegGetValueW

  RegOpenKeyExW

  InitializeAcl

  RegOpenKeyExA

  InitializeSecurityDescriptor

  CheckTokenMembership

  RegLoadKeyW

  RegUnLoadKeyW

  GetFileSecurityW

  EnumServicesStatusExW

  OpenEventLogW

  StartServiceW

  SetThreadToken

  FreeSid

  OpenProcessToken

  CryptDestroyHash

  AddAce

  RegSetValueExW

  IsValidSid

  RegDeleteTreeW

  EnumDependentServicesW

  CryptSetHashParam

  CryptHashData

  ImpersonateSelf

  CryptCreateHash

  RegEnumKeyExW

  GetSecurityDescriptorOwner

  CryptExportKey

  ControlService

  DeleteService

  CopySid

  GetSecurityDescriptorControl

  CloseEventLog

  RegCreateKeyExW

  CryptDecrypt

  LookupPrivilegeNameW

  ChangeServiceConfig2W

  GetSidSubAuthority

  GetSecurityDescriptorGroup

  AllocateAndInitializeSid

  RegDeleteKeyW

  GetSidSubAuthorityCount

  OpenSCManagerW

  CryptGenRandom

  ClearEventLogW

  RegQueryValueExA

  CloseServiceHandle

  EqualSid

  QueryServiceStatus

  CryptEnumProvidersW

  AccessCheck

  RegQueryInfoKeyW

  CryptAcquireContextW

  CryptDestroyKey

  LookupPrivilegeValueW

  DeregisterEventSource

  CryptGetUserKey

  RegQueryMultipleValuesW

  SetSecurityDescriptorDacl

  AdjustTokenPrivileges

  GetTokenInformation

  RevertToSelf

  RegNotifyChangeKeyValue

  GetSecurityDescriptorDacl

  CreateServiceW

  RegCloseKey

  RegDeleteKeyExW

  RegEnumKeyW

  kernel32

  SetFilePointerEx

  GlobalLock

  GetProcAddress

  WriteConsoleW

  GetWindowsDirectoryW

  SetCurrentDirectoryW

  SubmitThreadpoolWork

  ReadDirectoryChangesW

  GetThreadContext

  UnlockFile

  LocalSize

  HeapDestroy

  AddVectoredExceptionHandler

  DecodePointer

  UnregisterWaitEx

  SwitchToThread

  HeapCompact

  GetOverlappedResult

  SetStdHandle

  FillConsoleOutputAttribute

  GetCurrentDirectoryW

  GetLocalTime

  QueueUserAPC

  FileTimeToLocalFileTime

  GetCurrencyFormatW

  WriteConsoleInputW

  HeapAlloc

  FindResourceW

  LoadResource

  GetWindowsDirectoryA

  ResetEvent

  FindResourceExW

  CreateThread

  CancelIoEx

  LoadLibraryW

  ReadFileEx

  GetSystemInfo

  RaiseException

  GetNumberFormatW

  CompareStringEx

  GetNativeSystemInfo

  ReleaseSRWLockShared

  CloseHandle

  HeapReAlloc

  GlobalFree

  DeleteFileW

  GlobalAlloc

  DeleteFileA

  GetThreadPriority

  QueryPerformanceFrequency

  LockResource

  GetVersionExA

  TlsAlloc

  WaitForSingleObjectEx

  ReadConsoleW

  LoadLibraryA

  TerminateThread

  GetSystemDirectoryA

  AcquireSRWLockExclusive

  InitOnceComplete

  GetCurrentThread

  GetDiskFreeSpaceExW

  GetNamedPipeHandleStateW

  FileTimeToSystemTime

  SetEvent

  GetUserDefaultLCID

  CreateFileA

  GlobalSize

  FlushViewOfFile

  ReadConsoleInputW

  FillConsoleOutputCharacterW

  MoveFileExA

  OutputDebugStringW

  SetFileInformationByHandle

  GetBinaryTypeA

  ReleaseSRWLockExclusive

  GetFileAttributesExW

  SetConsoleCursorInfo

  TzSpecificLocalTimeToSystemTime

  GetFileAttributesA

  UpdateProcThreadAttribute

  GetLastError

  LCMapStringEx

  CompareStringA

  GetTickCount64

  GetDiskFreeSpaceA

  GetTimeZoneInformation

  FormatMessageW

  GetTempPathA

  GetFileInformationByHandle

  GetConsoleMode

  Sleep

  GetPrivateProfileStringW

  ProcessIdToSessionId

  GetExitCodeThread

  MultiByteToWideChar

  CreateEventW

  GetLogicalDriveStringsW

  IsValidCodePage

  SetFileAttributesW

  QueueUserWorkItem

  GetVolumeNameForVolumeMountPointW

  GetCommandLineA

  PostQueuedCompletionStatus

  GetVersion

  HeapSize

  OpenProcess

  CreateFileMappingA

  LocalFree

  GetTimeFormatW

  MoveFileExW

  GetThreadId

  LockFileEx

  AcquireSRWLockShared

  IsProcessorFeaturePresent

  WTSGetActiveConsoleSessionId

  GetFileSize

  DeleteCriticalSection

  ExitProcess

  VerSetConditionMask

  LCMapStringW

  ReadProcessMemory

  GetComputerNameW

  FindVolumeClose

  GetCurrentProcessId

  UnhandledExceptionFilter

  EnumSystemLocalesW

  GetProcessHeap

  SystemTimeToFileTime

  GetNumberOfConsoleInputEvents

  GlobalMemoryStatusEx

  CreateProcessW

  IsValidLocale

  GetModuleHandleW

  FreeLibrary

  CreateSemaphoreW

  TransactNamedPipe

  CopyFileW

  FlushInstructionCache

  WideCharToMultiByte

  GetVolumePathNamesForVolumeNameW

  lstrcpyW

  SleepEx

  SleepConditionVariableSRW

  VerifyVersionInfoW

  TlsGetValue

  GetThreadTimes

  SystemTimeToTzSpecificLocalTime

  QueryFullProcessImageNameW

  GetTempFileNameW

  GetSystemTimeAsFileTime

  GetFileType

  TerminateJobObject

  TlsFree

  GetComputerNameExA

  GetSystemTime

  FormatMessageA

  DebugBreak

  SetProcessWorkingSetSize

  GetTempFileNameA

  CreateFileMappingW

  BackupRead

  InterlockedPushEntrySList

  SetConsoleCursorPosition

  MapViewOfFile

  FindNextVolumeW

  lstrcmpiW

  BackupSeek

  QueryPerformanceCounter

  GetStringTypeW

  GetDateFormatW

  InitializeSListHead

  FreeLibraryWhenCallbackReturns

  CreateIoCompletionPort

  GetTickCount

  GetEnvironmentStringsW

  WaitNamedPipeW

  GlobalUnlock

  SetDllDirectoryW

  AllocConsole

  lstrcmpW

  GetProcessHandleCount

  MulDiv

  LocalUnlock

  MoveFileW

  VirtualQuery

  GetProcessTimes

  GetDriveTypeW

  InterlockedPopEntrySList

  OpenThread

  LoadLibraryExW

  IsDebuggerPresent

  ConnectNamedPipe

  VirtualQueryEx

  CheckRemoteDebuggerPresent

  SetUnhandledExceptionFilter

  IsBadStringPtrW

  FlushFileBuffers

  GetExitCodeProcess

  CreateThreadpoolWork

  VirtualProtectEx

  AreFileApisANSI

  SleepConditionVariableCS

  CreateDirectoryW

  GetStartupInfoW

  ReadFile

  GetModuleFileNameA

  InitializeSRWLock

  SizeofResource

  QueryDosDeviceW

  TryEnterCriticalSection

  SetConsoleCtrlHandler

  RemoveVectoredExceptionHandler

  GetVolumeInformationW

  SetInformationJobObject

  GetLogicalDrives

  CancelIo

  LocalLock

  CloseThreadpoolWork

  SetNamedPipeHandleState

  GetOEMCP

  GetFileInformationByHandleEx

  CompareFileTime

  InitOnceBeginInitialize

  GlobalHandle

  FindFirstFileW

  GetFileSizeEx

  InitOnceExecuteOnce

  SetHandleInformation

  HeapCreate

  WritePrivateProfileStringW

  FindFirstFileExW

  GetBinaryTypeW

  SetWaitableTimer

  CompareStringW

  TlsSetValue

  FindFirstVolumeW

  GetSystemDefaultLCID

  VirtualProtect

  GetConsoleScreenBufferInfo

  CreateNamedPipeA

  HeapFree

  SetLastError

  SetConsoleTextAttribute

  EnterCriticalSection

  VirtualFree

  GetCommandLineW

  GetFullPathNameW

  FindNextFileW

  GetLongPathNameW

  GetCurrentProcess

  GetConsoleOutputCP

  lstrlenW

  GetStdHandle

  CreateWaitableTimerW

  ReleaseSemaphore

  GetCPInfo

  WriteFile

  RegisterWaitForSingleObject

  GetModuleHandleExW

  ExpandEnvironmentStringsW

  GetSystemDefaultUILanguage

  UnregisterWait

  GetShortPathNameW

  GetDiskFreeSpaceW

  SetConsoleMode

  GetConsoleCursorInfo

  GetPrivateProfileIntW

  OutputDebugStringA

  DeviceIoControl

  VirtualAlloc

  AssignProcessToJobObject

  TerminateProcess

  RemoveDirectoryW

  GetProcessAffinityMask

  WakeAllConditionVariable

  LoadLibraryExA

  SetFileTime

  GetUserDefaultLangID

  GetModuleFileNameW

  WakeConditionVariable

  CreateNamedPipeW

  GetSystemTimes

  WaitForMultipleObjects

  InitializeProcThreadAttributeList

  SetEnvironmentVariableW

  GetThreadSelectorEntry

  GetLocaleInfoEx

  GetProcessId

  CreateJobObjectW

  EncodePointer

  LockFile

  SetThreadPriority

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  InitializeCriticalSection

  ExpandEnvironmentStringsA

  SetErrorMode

  InitializeConditionVariable

  SetFilePointer

  GetFullPathNameA

  GetQueuedCompletionStatus

  GetCompressedFileSizeW

  GetEnvironmentVariableW

  WriteFileEx

  SetEndOfFile

  UnlockFileEx

  PeekNamedPipe

  GetTempPathW

  CreateMutexW

  InitializeCriticalSectionEx

  GetPrivateProfileSectionW

  WaitForMultipleObjectsEx

  CreateHardLinkW

  GetEnvironmentVariableA

  FindClose

  GetLocaleInfoW

  GetVolumePathNameW

  WaitForSingleObject

  LocalAlloc

  CreateFileW

  GetFileAttributesW

  FreeLibraryAndExitThread

  GetCurrentThreadId

  lstrcmpA

  GetVersionExW

  GetPrivateProfileSectionNamesW

  QueryThreadCycleTime

  ReleaseMutex

  SuspendThread

  ReadConsoleA

  GetSystemDirectoryW

  FreeEnvironmentStringsW

  ResumeThread

  UnmapViewOfFile

  DuplicateHandle

  HeapValidate

  ExitThread

  GetModuleHandleA

  GetACP

  FreeResource

  gdi32

  CombineRgn

  SetTextAlign

  GetCurrentObject

  CreateFontIndirectW

  CreateBitmap

  SetMapMode

  CreateSolidBrush

  DeleteObject

  RestoreDC

  Ellipse

  SetBkColor

  MoveToEx

  ExcludeClipRect

  GetTextColor

  GetObjectW

  GetGlyphIndicesW

  SelectClipRgn

  SetViewportOrgEx

  Rectangle

  CreatePen

  LineTo

  SetBkMode

  EndPath

  SetTextColor

  GetTextExtentPoint32W

  TextOutW

  DeleteDC

  CreateRectRgn

  CreatePatternBrush

  ExtTextOutW

  GetDeviceCaps

  StrokeAndFillPath

  GetDIBits

  CreateRectRgnIndirect

  GetClipBox

  GetStockObject

  CreateFontW

  SetLayout

  CreateDCW

  StretchDIBits

  EndDoc

  BeginPath

  GetClipRgn

  StretchBlt

  EnumFontFamiliesExW

  PatBlt

  CreateCompatibleDC

  SetDIBColorTable

  GetDIBColorTable

  CreateDIBSection

  StartPage

  SelectObject

  SaveDC

  PolylineTo

  GetFontUnicodeRanges

  CreateCompatibleBitmap

  AddFontMemResourceEx

  BitBlt

  GetBkColor

  RoundRect

  StartDocW

  GetObjectA

  EndPage

  GetTextMetricsW

  UnrealizeObject

  comdlg32

  GetSaveFileNameW

  CommDlgExtendedError

  PrintDlgW

  GetOpenFileNameW

  ole32

  RegisterDragDrop

  CoSetProxyBlanket

  CoInitializeSecurity

  IIDFromString

  CoFreeUnusedLibraries

  CoTaskMemRealloc

  CLSIDFromString

  OleLockRunning

  CoInitializeEx

  RevokeDragDrop

  OleInitialize

  CreateStreamOnHGlobal

  DoDragDrop

  CoTaskMemFree

  CLSIDFromProgID

  StgIsStorageFile

  CoUninitialize

  ReleaseStgMedium

  OleUninitialize

  CoCreateGuid

  CoTaskMemAlloc

  OleDuplicateData

  PropVariantClear

  CoInitialize

  oleaut32

  VariantClear

  VariantChangeType

  SysAllocStringLen

  SysStringLen

  VariantTimeToSystemTime

  DispCallFunc

  VarBstrCmp

  VarBstrFromI4

  VarBstrFromR8

  VariantInit

  LoadTypeLi

  SysFreeString

  SysAllocString

  VarUI4FromStr

  bcrypt

  BCryptGenerateSymmetricKey

  BCryptSecretAgreement

  BCryptSetProperty

  BCryptImportKeyPair

  BCryptDestroySecret

  BCryptDeriveKey

  BCryptCloseAlgorithmProvider

  BCryptExportKey

  BCryptGenRandom

  BCryptOpenAlgorithmProvider

  BCryptGenerateKeyPair

  BCryptEncrypt

  BCryptDestroyKey

  BCryptFinalizeKeyPair

  winmm

  timeEndPeriod

  timeGetTime

  timeSetEvent

  timeBeginPeriod

  timeKillEvent

  urlmon

  FindMimeFromData

  imm32

  ImmAssociateContextEx

  ImmIsIME

  ImmGetCompositionStringW

  ImmReleaseContext

  ImmGetContext

  ImmSetCandidateWindow

  ImmNotifyIME

  Exports

  Exports

  Enter

  on_avast_dll_unload

  Sections

  .text

  Size: 110KB - Virtual size: 110KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 14KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 337KB - Virtual size: 336KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ