General

Malware Config

Signatures

Files

• 39475882127fd9789d9c23444153a4a4841f3ffbb34ffabb0c540e6e9d76d034_dump.bin.dll

  .dll windows:4 windows x86 arch:x86

  c2f49b103872e268b73e5d395a22973c

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_DLL

  Imports

  oleaut32

  SysFreeString

  SysReAllocStringLen

  SysAllocStringLen

  GetErrorInfo

  SysFreeString

  SafeArrayPtrOfIndex

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayCreate

  VariantChangeType

  VariantCopy

  VariantClear

  VariantInit

  advapi32

  RegQueryValueExA

  RegOpenKeyExA

  RegCloseKey

  RegSetValueExA

  RegOpenKeyA

  RegCloseKey

  CreateProcessAsUserW

  user32

  GetKeyboardType

  DestroyWindow

  LoadStringA

  MessageBoxA

  CharNextA

  TranslateMessage

  MessageBoxA

  LoadStringA

  GetSystemMetrics

  GetMessageA

  DispatchMessageA

  CharNextA

  CharToOemA

  kernel32

  GetACP

  Sleep

  VirtualFree

  VirtualAlloc

  GetTickCount

  QueryPerformanceCounter

  GetCurrentThreadId

  InterlockedDecrement

  InterlockedIncrement

  VirtualQuery

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenA

  lstrcpynA

  LoadLibraryExA

  GetThreadLocale

  GetStartupInfoA

  GetProcAddress

  GetModuleHandleA

  GetModuleFileNameA

  GetLocaleInfoA

  GetCommandLineA

  FreeLibrary

  FindFirstFileA

  FindClose

  ExitProcess

  WriteFile

  UnhandledExceptionFilter

  RtlUnwind

  RaiseException

  GetStdHandle

  TlsSetValue

  TlsGetValue

  TlsFree

  TlsAlloc

  LocalFree

  LocalAlloc

  WriteFile

  WinExec

  WaitForSingleObject

  VirtualQuery

  SetThreadContext

  SetFilePointer

  SetEvent

  SetEndOfFile

  ResetEvent

  ReadFile

  MultiByteToWideChar

  LoadLibraryW

  LeaveCriticalSection

  IsBadWritePtr

  IsBadReadPtr

  InitializeCriticalSection

  GetVersionExA

  GetTickCount

  GetThreadLocale

  GetThreadContext

  GetStdHandle

  GetProcAddress

  GetModuleHandleW

  GetModuleHandleA

  GetModuleFileNameA

  GetLocaleInfoA

  GetLocalTime

  GetLastError

  GetFullPathNameA

  GetFileAttributesA

  GetDiskFreeSpaceA

  GetDateFormatA

  GetCurrentThreadId

  GetCurrentProcess

  GetCPInfo

  FreeLibrary

  FormatMessageA

  ExitProcess

  EnumCalendarInfoA

  EnterCriticalSection

  DeleteCriticalSection

  CreateFileA

  CreateEventA

  CreateDirectoryA

  CompareStringA

  CloseHandle

  Sleep

  winmm

  timeSetEvent

  ole32

  CLSIDFromProgID

  CoCreateInstance

  CoUninitialize

  CoInitialize

  c:\windows\system32\ntdll

  NtWriteVirtualMemory

  NtReadVirtualMemory

  NtResumeThread

  c:\windows\system32\kernelbase

  EnumSystemLocalesA

  url

  InetIsOffline

  ntdll

  NtQueryInformationFile

  NtOpenFile

  NtClose

  NtWriteFile

  NtReadFile

  NtCreateFile

  NtUnmapViewOfSection

  RtlMoveMemory

  RtlDosPathNameToNtPathName_U

  wininet

  InternetCheckConnectionA

  Sections

  .

  Size: 160KB - Virtual size: 160KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .

  Size: 72KB - Virtual size: 72KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ