Extracted

• d24d4a54a0e40828860629adfda75b6c5bd5737a518f6440133711ed56df2a22

  .zip

  Password: infected

• 90bf3f854c210f30e0b57b78330e62c611d00a444c904bb792c56e426a9e2671

  .dll windows:5 windows x64 arch:x64

  dbd4201cf48f9c38a17d30012392cf92

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  user32

  wsprintfA

  ws2_32

  getaddrinfo

  closesocket

  shutdown

  send

  setsockopt

  freeaddrinfo

  recv

  WSAIoctl

  select

  connect

  inet_ntoa

  inet_addr

  htons

  ioctlsocket

  WSAStartup

  socket

  advapi32

  GetTokenInformation

  OpenProcessToken

  GetSidSubAuthority

  kernel32

  WriteFile

  SetFilePointer

  CreateFileA

  VirtualFree

  GetCurrentProcess

  SetEvent

  SystemTimeToFileTime

  ExitThread

  CloseHandle

  CreateThread

  LocalAlloc

  GetTempPathA

  GetVolumeInformationA

  VirtualAlloc

  Sleep

  LocalFree

  WaitForSingleObject

  FileTimeToSystemTime

  GetLocalTime

  CreateEventA

  secur32

  GetUserNameExA

  GetUserNameExW

  ole32

  CoCreateInstance

  CoUninitialize

  CoInitialize

  Exports

  Exports

  rundll

  Sections

  .text

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 398B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 324B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ