General

Malware Config

Signatures

Files

• acf1dcddc30b4aed73f9216539bb1974f7e9b8c25857184afc74764da1b64cc7.dll

  .dll windows:6 windows x86 arch:x86

  90f845e5870e847e5e81de0e376ea70b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GetModuleHandleW

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  CloseHandle

  GetCurrentProcessId

  GetCurrentThreadId

  GetCurrentThread

  SetThreadPriority

  Sleep

  GetConsoleOutputCP

  WriteFile

  SetStdHandle

  HeapSize

  GetStringTypeW

  LCMapStringW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  FindFirstFileExW

  GetModuleHandleExW

  RaiseException

  LoadLibraryExW

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  EncodePointer

  InterlockedFlushSList

  RtlUnwind

  IsProcessorFeaturePresent

  GetStartupInfoW

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  InitializeSListHead

  DecodePointer

  GetEnvironmentStringsW

  GetEnvironmentVariableW

  ReleaseMutex

  RtlCaptureContext

  GetCommandLineW

  FlushFileBuffers

  SetFileInformationByHandle

  DuplicateHandle

  SetFilePointerEx

  ReadFileEx

  SleepEx

  GetCurrentProcess

  AcquireSRWLockExclusive

  SetWaitableTimer

  CreateWaitableTimerExW

  SwitchToThread

  SetThreadStackGuarantee

  CompareStringOrdinal

  DeleteProcThreadAttributeList

  GetModuleFileNameW

  GetVersionExW

  GetProcessHeap

  GetStdHandle

  HeapFree

  LoadLibraryA

  WriteFileEx

  GetExitCodeProcess

  TerminateProcess

  FreeEnvironmentStringsW

  GetCurrentDirectoryW

  QueryPerformanceCounter

  CreateEventW

  HeapReAlloc

  AcquireSRWLockShared

  ReleaseSRWLockShared

  GetLastError

  CreateMutexA

  TlsSetValue

  GetModuleHandleA

  FindNextFileW

  FindClose

  CreateFileW

  GetFileInformationByHandle

  GetFileInformationByHandleEx

  WaitForSingleObject

  CreateDirectoryW

  FindFirstFileW

  CopyFileExW

  ReadFile

  GetOverlappedResult

  CancelIo

  WaitForSingleObjectEx

  FormatMessageW

  GetConsoleMode

  GetFileType

  HeapAlloc

  CreateMutexW

  TryAcquireSRWLockExclusive

  ExitProcess

  GetFullPathNameW

  SetLastError

  CreateNamedPipeW

  WaitForMultipleObjects

  GetSystemDirectoryW

  GetWindowsDirectoryW

  CreateProcessW

  GetFileAttributesW

  InitializeProcThreadAttributeList

  UpdateProcThreadAttribute

  MultiByteToWideChar

  WriteConsoleW

  WideCharToMultiByte

  CreateThread

  InitOnceBeginInitialize

  TlsAlloc

  InitOnceComplete

  TlsFree

  TlsGetValue

  GetSystemTimeAsFileTime

  GetTempPathW

  ReleaseSRWLockExclusive

  winhttp

  WinHttpReceiveResponse

  WinHttpConnect

  WinHttpQueryHeaders

  WinHttpCloseHandle

  WinHttpReadData

  WinHttpQueryDataAvailable

  WinHttpOpenRequest

  WinHttpSendRequest

  WinHttpOpen

  shell32

  ShellExecuteW

  IsUserAnAdmin

  advapi32

  SystemFunction036

  ntdll

  RtlNtStatusToDosError

  NtWriteFile

  NtCreateFile

  NtReadFile

  bcrypt

  BCryptGenRandom

  Exports

  Exports

  dhQBxidoRU

  Sections

  .text

  Size: 337KB - Virtual size: 340KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 92KB - Virtual size: 92KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 2KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 13KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ