General

Malware Config

Signatures

Files

• 9f9830791b377db452e376b1f5b7a609

  .dll windows:5 windows x86 arch:x86

  5423692ba88a3c92be390093c1045a0c

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  c:\Did\off\flow-Shoulder\Son\Record.pdb

  Imports

  kernel32

  OpenProcess

  GetSystemDirectoryW

  LoadLibraryW

  Sleep

  GetVersionExW

  CreateFileW

  GetTempPathW

  GetCurrentDirectoryW

  GetProcAddress

  VirtualProtectEx

  GetSystemTime

  GetVolumeInformationW

  GetModuleHandleW

  CreateFileA

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  GetLocaleInfoW

  LoadLibraryA

  QueryPerformanceCounter

  LoadResource

  FreeLibrary

  FindResourceW

  GetDateFormatW

  GetEnvironmentVariableW

  InitializeCriticalSectionAndSpinCount

  CloseHandle

  SetFilePointer

  ReadFile

  VirtualAlloc

  HeapReAlloc

  HeapSize

  HeapAlloc

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetTickCount

  VirtualFree

  HeapFree

  HeapCreate

  HeapDestroy

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetModuleFileNameA

  GetStartupInfoA

  SetHandleCount

  GetUserDefaultLCID

  EnumSystemLocalesA

  IsValidLocale

  GetLocaleInfoA

  GetStringTypeA

  IsValidCodePage

  GetOEMCP

  GetACP

  WideCharToMultiByte

  InterlockedIncrement

  InterlockedDecrement

  MultiByteToWideChar

  InterlockedCompareExchange

  InterlockedExchange

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleFileNameW

  GetCurrentThreadId

  GetCommandLineA

  GetCPInfo

  HeapValidate

  IsBadReadPtr

  RaiseException

  RtlUnwind

  LCMapStringW

  LCMapStringA

  GetLastError

  GetStringTypeW

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  DebugBreak

  GetStdHandle

  WriteFile

  OutputDebugStringA

  WriteConsoleW

  GetFileType

  OutputDebugStringW

  ExitProcess

  GetModuleHandleA

  user32

  EndDeferWindowPos

  ReleaseCapture

  EndDialog

  IntersectRect

  OffsetRect

  LoadIconW

  CloseClipboard

  GetMessageA

  WindowFromPoint

  ExitWindowsEx

  GetDoubleClickTime

  InflateRect

  gdi32

  CreateCompatibleDC

  PtVisible

  CreateFontW

  CreateRectRgn

  GetPixel

  SelectClipRgn

  ole32

  OleInitialize

  OleUninitialize

  CoRegisterSurrogate

  CoInitialize

  CoRegisterClassObject

  CoUninitialize

  setupapi

  SetupGetSourceInfoW

  SetupRemoveFromSourceListW

  SetupQueryInfVersionInformationW

  SetupSetSourceListW

  SetupQuerySourceListW

  SetupCancelTemporarySourceList

  SetupIterateCabinetW

  SetupCopyOEMInfW

  SetupGetStringFieldW

  SetupDefaultQueueCallbackW

  SetupTermDefaultQueueCallback

  SetupSetPlatformPathOverrideW

  SetupGetIntField

  SetupQueueDefaultCopyW

  SetupQueueCopyW

  SetupQueueDeleteW

  SetupGetLineByIndexW

  SetupPromptReboot

  SetupAddToSourceListW

  SetupFreeSourceListW

  SetupQuerySpaceRequiredOnDriveW

  SetupGetFieldCount

  SetupQueueRenameW

  SetupGetLineCountW

  SetupGetLineTextW

  SetupGetTargetPathW

  Exports

  Exports

  Born

  Fitsecond

  Pastput

  Sections

  .text

  Size: 287KB - Virtual size: 286KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 328KB - Virtual size: 328KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 412B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ