Static task
static1
General
-
Target
DarkVision Rat.7z
-
Size
2.1MB
-
MD5
3ffe675eba4cb6ae5d5ff93a600e1635
-
SHA1
8ec8f85f0879d86bbe776abaff8afb3b08c27950
-
SHA256
3f6692d2e43bcfa91fd2d663bc64bac34d7cbd4eaa009c94010d27822111cbd9
-
SHA512
68470fbf409a92d48959631799cb3905c872e807c97ca86a6432a98affb4600aac9e81b312b4c01bf4549bf672c0258871e35a6113256a384c041175bb38f367
-
SSDEEP
49152:N3ZOxbrPFm7q9tVDRcVGbpJRY/M0VHryxJyQK6n:5ZO1r9v9rRcgbpU00gjTK6n
Malware Config
Signatures
-
Unsigned PE 41 IoCs
Checks for missing Authenticode signature.
resource unpack001/DarkVision Rat/DARKVISION.exe unpack001/DarkVision Rat/DROPPERPLUGIN32.DLL unpack001/DarkVision Rat/DROPPERPLUGIN64.DLL unpack001/DarkVision Rat/FILEPLUGIN32.DLL unpack001/DarkVision Rat/FILEPLUGIN64.DLL unpack001/DarkVision Rat/HVNCPLUGIN32.DLL unpack001/DarkVision Rat/HVNCPLUGIN64.DLL unpack001/DarkVision Rat/KILLSWITCHPLUGIN32.DLL unpack001/DarkVision Rat/KILLSWITCHPLUGIN64.DLL unpack001/DarkVision Rat/LIVEKEYLOGGERPLUGIN32.DLL unpack001/DarkVision Rat/LIVEKEYLOGGERPLUGIN64.DLL unpack001/DarkVision Rat/MEMORYDUMPPLUGIN32.DLL unpack001/DarkVision Rat/MEMORYDUMPPLUGIN64.DLL unpack001/DarkVision Rat/MESSAGEPLUGIN32.DLL unpack001/DarkVision Rat/MESSAGEPLUGIN64.DLL unpack001/DarkVision Rat/MICROPHONECAPTUREPLUGIN32.DLL unpack001/DarkVision Rat/MICROPHONECAPTUREPLUGIN64.DLL unpack001/DarkVision Rat/OFFLINEKEYLOGGERPLUGIN32.DLL unpack001/DarkVision Rat/OFFLINEKEYLOGGERPLUGIN64.DLL unpack001/DarkVision Rat/PASSWORDRECOVERYPLUGIN32.DLL unpack001/DarkVision Rat/PASSWORDRECOVERYPLUGIN64.DLL unpack001/DarkVision Rat/PROCESSPLUGIN32.DLL unpack001/DarkVision Rat/PROCESSPLUGIN64.DLL unpack001/DarkVision Rat/REGISTRYPLUGIN32.DLL unpack001/DarkVision Rat/REGISTRYPLUGIN64.DLL unpack001/DarkVision Rat/REMOTESHELLPLUGIN32.DLL unpack001/DarkVision Rat/REMOTESHELLPLUGIN64.DLL unpack001/DarkVision Rat/SCREENCAPTUREPLUGIN32.DLL unpack001/DarkVision Rat/SCREENCAPTUREPLUGIN64.DLL unpack001/DarkVision Rat/SOCKSRELAYPLUGIN32.DLL unpack001/DarkVision Rat/SOCKSRELAYPLUGIN64.DLL unpack001/DarkVision Rat/SYSTEMCONTROLPLUGIN32.DLL unpack001/DarkVision Rat/SYSTEMCONTROLPLUGIN64.DLL unpack001/DarkVision Rat/VNCPLUGIN32.DLL unpack001/DarkVision Rat/VNCPLUGIN64.DLL unpack001/DarkVision Rat/WALLPAPERPLUGIN32.DLL unpack001/DarkVision Rat/WALLPAPERPLUGIN64.DLL unpack001/DarkVision Rat/WEBCAMPLUGIN32.DLL unpack001/DarkVision Rat/WEBCAMPLUGIN64.DLL unpack001/DarkVision Rat/WINDOWPLUGIN32.DLL unpack001/DarkVision Rat/WINDOWPLUGIN64.DLL
Files
-
DarkVision Rat.7z.7z
Password: @ReverseEngineeringLab
-
DarkVision Rat/DARKVISION.exe.exe windows:5 windows x86 arch:x86
Password: @ReverseEngineeringLab
64b234f88ec74366b22a798d0b02b24a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
winmm
mmioOpenW
mmioCreateChunk
mmioAscend
waveOutOpen
mmioWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
mmioClose
advapi32
CryptEncrypt
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptDestroyKey
CryptDuplicateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptExportKey
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
shlwapi
StrStrIA
StrStrIW
ord212
StrRChrW
StrCmpNIW
shell32
ord680
CommandLineToArgvW
ShellExecuteA
SHGetFileInfoW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
kernel32
lstrlenW
LoadLibraryW
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
CreateEventW
MultiByteToWideChar
WriteFile
lstrlenA
GetLocalTime
CreateMutexW
lstrcmpW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseMutex
FormatMessageW
FileTimeToSystemTime
ResetEvent
GetFileSizeEx
CompareFileTime
SystemTimeToFileTime
CompareStringW
Sleep
DeleteCriticalSection
InitializeCriticalSection
DeleteFileW
WaitForMultipleObjects
lstrcpyA
CreateEventA
ResumeThread
GetGeoInfoW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetTickCount
lstrcmpiA
SetFilePointer
SetLastError
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CopyFileW
FlushInstructionCache
TryEnterCriticalSection
VirtualQuery
GetProcAddress
GetSystemDirectoryW
GetCommandLineW
VirtualAlloc
GetExitCodeThread
TerminateThread
GetDriveTypeA
FileTimeToLocalFileTime
FindClose
GetProcessHeap
CreateFileA
FormatMessageA
PeekNamedPipe
ExpandEnvironmentStringsA
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FlushFileBuffers
WriteConsoleW
LeaveCriticalSection
EnterCriticalSection
LocalFree
WaitForSingleObject
lstrcmpiW
SetEvent
CloseHandle
CreateThread
GetModuleHandleW
ExitProcess
LocalAlloc
GetModuleFileNameW
lstrcpyW
GetLastError
SetStdHandle
HeapReAlloc
LCMapStringW
FreeLibrary
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
IsValidCodePage
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
RaiseException
HeapAlloc
HeapFree
RtlUnwind
FindFirstFileExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapDestroy
GetStdHandle
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
ExitThread
GetFileInformationByHandle
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryW
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
GetCurrentProcess
SetEnvironmentVariableA
uxtheme
SetWindowTheme
ole32
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
OleSetContainedObject
StgCreateDocfileOnILockBytes
OleDuplicateData
ReleaseStgMedium
OleCreateStaticFromData
StringFromGUID2
CoCreateGuid
CreateILockBytesOnHGlobal
comctl32
ord413
ImageList_Remove
ImageList_Add
InitializeFlatSB
CreateStatusWindowW
InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord410
ImageList_Draw
comdlg32
GetOpenFileNameW
ws2_32
WSAWaitForMultipleEvents
gethostname
ioctlsocket
recvfrom
sendto
bind
listen
socket
inet_addr
gethostbyname
connect
WSACloseEvent
WSACreateEvent
send
recv
WSAGetLastError
htons
htonl
getaddrinfo
WSAEnumNetworkEvents
accept
WSAEventSelect
setsockopt
getpeername
inet_ntoa
shutdown
closesocket
WSAStartup
freeaddrinfo
getsockopt
ntohs
getsockname
WSAIoctl
select
__WSAFDIsSet
WSASetLastError
WSACleanup
ntohl
user32
OpenClipboard
KillTimer
wsprintfW
SetDlgItemInt
SetTimer
EndDialog
SendDlgItemMessageW
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostMessageA
GetWindowTextLengthW
GetDlgCtrlID
UpdateWindow
InvalidateRect
GetUpdateRect
GetWindowTextA
DrawIcon
GetDlgItemInt
GetComboBoxInfo
InsertMenuItemW
RegisterClassW
TrackMouseEvent
SetForegroundWindow
MessageBoxA
GetDlgItemTextW
wsprintfA
MapDialogRect
MoveWindow
CreateWindowExW
MessageBoxW
GetClientRect
GetWindowRect
EmptyClipboard
SetWindowPos
SetWindowTextW
DefWindowProcW
ScreenToClient
SetWindowLongW
LoadCursorW
SetCursor
SetCapture
ReleaseCapture
RedrawWindow
BeginPaint
GetDC
FillRect
GetSysColorBrush
EndPaint
ReleaseDC
FrameRect
DrawTextW
IsWindow
ShowWindow
BringWindowToTop
PostMessageW
GetWindowPlacement
EnableWindow
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
DialogBoxParamW
CreateDialogParamW
GetMessageW
GetActiveWindow
TranslateMessage
DispatchMessageW
IsDialogMessageW
SetClipboardData
CloseClipboard
CreateMenu
GetWindowTextLengthA
SendMessageA
SetFocus
IsDlgButtonChecked
CheckDlgButton
GetWindowTextW
GetParent
CallWindowProcW
GetWindowLongW
SendMessageW
DestroyWindow
LoadBitmapW
GetDesktopWindow
GetDlgItem
gdi32
CreateFontIndirectW
SetBkMode
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt
gdiplus
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateFromHWND
GdipFree
GdipCreateFromHWNDICM
GdipDrawImageRect
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDeleteGraphics
GdipAlloc
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdipCloneImage
crypt32
CertOpenStore
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringA
CryptStringToBinaryA
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
wldap32
ord79
ord33
ord35
ord27
ord60
ord45
ord32
ord200
ord30
ord26
ord50
ord143
ord217
ord211
ord46
ord41
ord301
ord22
normaliz
IdnToAscii
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 153KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.6MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
DarkVision Rat/DROPPERPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
Password: @ReverseEngineeringLab
c61c8f15ab1ada85d3af8cef4761e8da
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetNameStringA
CryptQueryObject
CertAddCertificateContextToStore
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertCreateCertificateChainEngine
CertFreeCertificateContext
wldap32
ord30
ord26
ord50
ord143
ord200
ord211
ord46
ord41
ord22
ord32
ord35
ord79
ord33
ord301
ord27
ord217
ord45
ord60
normaliz
IdnToAscii
kernel32
GetStringTypeW
WriteConsoleW
LoadLibraryW
SetStdHandle
FlushFileBuffers
GetCurrentDirectoryW
LocalFree
CloseHandle
lstrlenA
LocalAlloc
CreateEventW
WaitForSingleObject
SetLastError
FormatMessageA
GetProcAddress
FreeLibrary
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
GetTickCount
ExpandEnvironmentStringsA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
GetFileSizeEx
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
HeapSize
CreateFileW
GetLastError
GetCPInfo
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetModuleFileNameW
WriteFile
RtlUnwind
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
GetFileAttributesA
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
ExitProcess
InterlockedDecrement
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetFilePointer
GetFileInformationByHandle
GetCurrentProcessId
CreateThread
ExitThread
GetCurrentThreadId
DecodePointer
GetCommandLineA
DeleteFileA
HeapReAlloc
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
user32
SetWindowTextW
GetForegroundWindow
wsprintfW
wsprintfA
advapi32
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
ws2_32
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAWaitForMultipleEvents
connect
recv
setsockopt
WSAEventSelect
shutdown
closesocket
htons
gethostbyname
inet_addr
WSACreateEvent
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
select
WSAIoctl
getsockname
ntohs
bind
getsockopt
getpeername
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
send
socket
Sections
.text Size: 352KB - Virtual size: 351KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/DROPPERPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
Password: @ReverseEngineeringLab
6aa0ffc8bf7520e9f92e49061aacc9ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetNameStringA
CryptQueryObject
CertAddCertificateContextToStore
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertCreateCertificateChainEngine
CertFreeCertificateContext
wldap32
ord33
ord79
ord35
ord32
ord200
ord30
ord301
ord50
ord143
ord217
ord211
ord22
ord27
ord41
ord46
ord26
ord45
ord60
normaliz
IdnToAscii
kernel32
GetStringTypeW
WriteConsoleW
LoadLibraryW
SetStdHandle
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameA
LocalFree
CloseHandle
lstrlenA
LocalAlloc
CreateEventW
WaitForSingleObject
GetLastError
FormatMessageA
GetProcAddress
FreeLibrary
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
GetTickCount
ExpandEnvironmentStringsA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
GetFileSizeEx
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
IsValidCodePage
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
HeapSize
CreateFileW
SetLastError
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
WriteFile
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
GetFileAttributesA
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
DecodePointer
ExitProcess
GetModuleHandleW
FlsAlloc
FlsFree
FlsGetValue
EncodePointer
RtlUnwindEx
SetFilePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
DeleteFileA
HeapReAlloc
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ExitThread
CreateThread
GetCurrentProcessId
GetFileInformationByHandle
user32
wsprintfA
advapi32
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
ws2_32
gethostbyname
htons
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
inet_addr
send
recv
setsockopt
WSAEventSelect
shutdown
closesocket
WSACreateEvent
socket
WSACleanup
WSASetLastError
__WSAFDIsSet
select
WSAIoctl
getsockname
ntohs
bind
getsockopt
getpeername
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
WSAWaitForMultipleEvents
WSAStartup
Sections
.text Size: 377KB - Virtual size: 377KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/FILEPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
Password: @ReverseEngineeringLab
2603ac6185cae5a9d11c4b1760edd513
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
WaitForSingleObject
CloseHandle
GlobalFree
FindClose
FindNextFileW
lstrlenW
FindFirstFileW
LocalAlloc
GlobalAlloc
CreateEventW
Wow64RevertWow64FsRedirection
GetLastError
lstrcpyW
lstrcmpW
SetErrorMode
Wow64DisableWow64FsRedirection
GetFileSizeEx
CreateFileW
WriteFile
ReadFile
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrcmpiW
SetFilePointer
GetFileSize
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
user32
GetForegroundWindow
wsprintfW
wsprintfA
SetWindowTextW
ws2_32
WSAEventSelect
closesocket
shutdown
setsockopt
recv
send
WSAWaitForMultipleEvents
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
socket
WSACreateEvent
inet_addr
gethostbyname
htons
gdiplus
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage
GdipSaveImageToStream
GdipGetImageThumbnail
GdipGetImageEncoders
GdipGetImageEncodersSize
ole32
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
shell32
ShellExecuteW
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/FILEPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
Password: @ReverseEngineeringLab
b7135b928b0b41a17d135afba310f435
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalFree
FindClose
FindNextFileW
lstrlenW
FindFirstFileW
GlobalAlloc
GetLastError
lstrcpyW
lstrcmpW
SetErrorMode
GetFileSizeEx
CreateFileW
WriteFile
ReadFile
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrcmpiW
SetFilePointer
GetFileSize
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
user32
wsprintfA
ws2_32
recv
send
WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError
shutdown
WSAEnumNetworkEvents
closesocket
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
setsockopt
socket
gdiplus
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage
GdipSaveImageToStream
GdipGetImageThumbnail
GdipGetImageEncodersSize
GdipGetImageEncoders
ole32
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
shell32
ShellExecuteW
Sections
.text Size: 91KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/HVNCPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
Password: @ReverseEngineeringLab
7429f35c51464226a056431cc232f2e0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetEvent
CreateEventW
GetCurrentThreadId
WaitForMultipleObjects
CreateProcessW
GetTempPathW
lstrcpyW
DuplicateHandle
GetCurrentThread
GetCurrentProcess
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
GetCurrentProcessId
lstrcmpW
lstrlenW
ResumeThread
CreateThread
lstrlenA
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetModuleFileNameW
WriteFile
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
Process32FirstW
lstrcmpiW
Process32NextW
CloseHandle
WaitForSingleObject
ExitProcess
Sleep
HeapFree
GetProcAddress
InterlockedDecrement
GetLastError
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
LocalFree
ReleaseMutex
CreateMutexW
GlobalAlloc
LocalAlloc
GlobalFree
LoadLibraryW
TlsSetValue
TlsGetValue
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
user32
SetWindowTextW
PostMessageW
SetForegroundWindow
FindWindowW
SetThreadDesktop
GetThreadDesktop
CreateDesktopW
CloseDesktop
OpenDesktopW
GetWindowRect
GetDesktopWindow
GetClassNameW
IsWindowVisible
GetParent
EnumChildWindows
EnumDesktopWindows
ChildWindowFromPointEx
GetWindowThreadProcessId
ScreenToClient
ShowWindow
SendMessageW
MoveWindow
GetClientRect
ReleaseDC
PrintWindow
GetDC
wsprintfA
MessageBoxW
GetForegroundWindow
wsprintfW
GetCursorInfo
DrawIcon
ws2_32
gethostbyname
closesocket
shutdown
WSAEventSelect
setsockopt
recv
send
WSAWaitForMultipleEvents
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
socket
inet_addr
WSACreateEvent
advapi32
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegGetValueW
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
ole32
CreateStreamOnHGlobal
gdi32
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt
shlwapi
StrStrIW
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/HVNCPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
Password: @ReverseEngineeringLab
42aaa46f2a42e0245dedb9ecb302fdfb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
SetEvent
CreateEventW
GetCurrentThreadId
WaitForMultipleObjects
CreateProcessW
GetTempPathW
lstrcpyW
DuplicateHandle
GetCurrentThread
GetCurrentProcess
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
GetCurrentProcessId
lstrcmpW
lstrlenW
ResumeThread
CreateThread
lstrlenA
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
CreateToolhelp32Snapshot
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
Process32FirstW
lstrcmpiW
Process32NextW
WaitForSingleObject
LocalFree
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
ReleaseMutex
CreateMutexW
GlobalAlloc
LocalAlloc
GlobalFree
CloseHandle
Sleep
HeapFree
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
user32
PostMessageW
SetForegroundWindow
FindWindowW
SetThreadDesktop
GetThreadDesktop
CreateDesktopW
CloseDesktop
OpenDesktopW
GetWindowRect
GetDesktopWindow
GetClassNameW
IsWindowVisible
GetParent
EnumChildWindows
EnumDesktopWindows
ChildWindowFromPointEx
GetWindowThreadProcessId
ScreenToClient
ShowWindow
SendMessageW
MoveWindow
GetClientRect
ReleaseDC
PrintWindow
GetDC
MessageBoxW
wsprintfA
GetCursorInfo
DrawIcon
ws2_32
closesocket
shutdown
WSAEventSelect
setsockopt
recv
send
WSAWaitForMultipleEvents
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
advapi32
RegGetValueW
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
gdiplus
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
ole32
CreateStreamOnHGlobal
gdi32
BitBlt
SelectObject
CreateCompatibleBitmap
DeleteObject
DeleteDC
CreateCompatibleDC
shlwapi
StrStrIW
Sections
.text Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 14.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/KILLSWITCHPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
Password: @ReverseEngineeringLab
2e68d440da524cd907f6a4ad2f227ad3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
OpenThread
GetCurrentThreadId
ResetEvent
GetLogicalDrives
lstrcpyW
lstrlenW
GetCurrentProcess
GetExitCodeThread
WaitForMultipleObjects
LocalAlloc
lstrlenA
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
VirtualProtect
VirtualAlloc
ReadFile
GetFileSize
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
SetEvent
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WaitForSingleObject
CloseHandle
CreateThread
TerminateThread
LocalFree
GetModuleHandleW
CreateEventW
MultiByteToWideChar
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
user32
GetForegroundWindow
UnregisterClassW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
PostQuitMessage
UnhookWindowsHookEx
KillTimer
SetTimer
GetCursorPos
SetWindowsHookExW
CallNextHookEx
wsprintfA
LockWorkStation
wsprintfW
SetWindowTextW
MessageBoxW
ws2_32
closesocket
shutdown
setsockopt
recv
send
WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
shlwapi
StrCmpNIA
advapi32
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
InitiateSystemShutdownW
Sections
.text Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/KILLSWITCHPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
b3665936bf969fa267ff52933902f29e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
OpenThread
GetCurrentThreadId
ResetEvent
GetLogicalDrives
lstrcpyW
lstrlenW
GetCurrentProcess
GetExitCodeThread
WaitForMultipleObjects
LocalAlloc
lstrlenA
VirtualProtect
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
lstrcpyA
ReadFile
GetFileSize
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
SetEvent
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
CreateThread
TerminateThread
CloseHandle
LocalFree
GetModuleHandleW
CreateEventW
GetStringTypeW
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
user32
MessageBoxW
UnregisterClassW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
PostQuitMessage
UnhookWindowsHookEx
KillTimer
SetTimer
GetCursorPos
SetWindowsHookExW
CallNextHookEx
LockWorkStation
wsprintfA
ws2_32
closesocket
shutdown
setsockopt
recv
send
WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
shlwapi
StrCmpNIA
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
InitiateSystemShutdownW
Sections
.text Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 780B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/LIVEKEYLOGGERPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
aab3f306267063cc1f3de9f102df14e9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
GetModuleHandleW
WaitForSingleObject
SetEvent
lstrlenW
GetLastError
CreateDirectoryW
WriteFile
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
ReleaseMutex
GetTickCount
lstrlenA
VirtualFree
LoadLibraryA
lstrcmpA
VirtualProtect
VirtualAlloc
ReadFile
GetFileSize
CreateMutexW
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
CreateEventW
LocalAlloc
lstrcpyW
CreateThread
CloseHandle
LocalFree
UnmapViewOfFile
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
user32
wsprintfW
wsprintfA
UnhookWindowsHookEx
GetForegroundWindow
SetWindowTextW
SetWindowsHookExW
shlwapi
StrCmpNIA
ws2_32
WSAEnumNetworkEvents
WSAGetLastError
WSACloseEvent
send
recv
setsockopt
WSAEventSelect
shutdown
closesocket
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
WSAWaitForMultipleEvents
advapi32
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ole32
CoTaskMemFree
shell32
SHFileOperationW
SHGetKnownFolderPath
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 70KB - Virtual size: 142KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/LIVEKEYLOGGERPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
2f1b93fd8732d11b51b708045d39f3f3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CreateMutexW
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
GetModuleHandleW
SetEvent
lstrlenW
GetLastError
CreateDirectoryW
WriteFile
CreateFileW
ReleaseMutex
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
GetTickCount
lstrlenA
VirtualProtect
VirtualAlloc
VirtualFree
LoadLibraryA
lstrcmpA
lstrcpyA
lstrcpyW
GetFileSize
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
CreateThread
UnmapViewOfFile
WaitForSingleObject
LocalAlloc
CreateEventW
LocalFree
ReadFile
CloseHandle
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
Sleep
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
user32
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfA
shlwapi
StrCmpNIA
ws2_32
socket
WSACreateEvent
inet_addr
setsockopt
htons
connect
WSACloseEvent
closesocket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
gethostbyname
advapi32
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ole32
CoUninitialize
StringFromGUID2
CoInitialize
CoCreateGuid
CoTaskMemFree
shell32
SHFileOperationW
SHGetKnownFolderPath
Sections
.text Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 213KB - Virtual size: 287KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/MEMORYDUMPPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
858b02bab6881eff3e13cdb9fdab12e9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
ReadFile
GetFileSizeEx
SetFilePointer
CreateFileW
OpenProcess
LocalAlloc
GetCurrentProcess
CreateEventW
WaitForSingleObject
lstrlenA
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
VirtualProtect
VirtualAlloc
GetFileSize
Process32NextW
FlushFileBuffers
IsProcessorFeaturePresent
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
RtlUnwind
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
CloseHandle
LocalFree
GetModuleHandleW
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
user32
wsprintfA
wsprintfW
GetForegroundWindow
SetWindowTextW
dbghelp
MiniDumpWriteDump
ws2_32
socket
WSACreateEvent
inet_addr
gethostbyname
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
shutdown
closesocket
htons
advapi32
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
shlwapi
StrCmpNIA
ole32
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
Sections
.text Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/MEMORYDUMPPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
ad71a68ad83070970fb137e3269ee9c0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
ReadFile
GetFileSizeEx
SetFilePointer
CreateFileW
OpenProcess
LocalAlloc
GetCurrentProcess
CreateEventW
WaitForSingleObject
lstrlenA
VirtualProtect
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
lstrcpyA
Process32NextW
GetFileSize
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
CloseHandle
LocalFree
lstrcpyW
GetModuleHandleW
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
user32
wsprintfA
dbghelp
MiniDumpWriteDump
ws2_32
shutdown
closesocket
socket
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
advapi32
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
shlwapi
StrCmpNIA
ole32
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 770B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/MESSAGEPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
e8d4e5bc10a2da224711b1f86c0a54c3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
CloseHandle
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
CreateThread
lstrcpyW
CreateEventW
LocalAlloc
WaitForSingleObject
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
user32
SetWindowTextW
GetForegroundWindow
wsprintfW
wsprintfA
MessageBoxW
ws2_32
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAWaitForMultipleEvents
connect
recv
setsockopt
WSAEventSelect
shutdown
closesocket
htons
gethostbyname
inet_addr
WSACreateEvent
socket
send
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/MESSAGEPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
5a1b789ee6f22749a684205b58b6f886
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenA
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
CreateThread
lstrcpyW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapSize
user32
MessageBoxW
wsprintfA
ws2_32
inet_addr
gethostbyname
htons
connect
WSACloseEvent
closesocket
WSACreateEvent
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
socket
setsockopt
WSAEnumNetworkEvents
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/MICROPHONECAPTUREPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
b357f8b780591f5c327481df1ac3106b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
IsProcessorFeaturePresent
user32
wsprintfA
wsprintfW
GetForegroundWindow
SetWindowTextW
ws2_32
gethostbyname
connect
WSACloseEvent
closesocket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
inet_addr
WSACreateEvent
socket
setsockopt
htons
winmm
waveInReset
waveInUnprepareHeader
waveInGetNumDevs
waveInGetDevCapsW
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInClose
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/MICROPHONECAPTUREPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
f5e33d84132dd5a50f1ed1a41fcfe029
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
user32
wsprintfA
ws2_32
WSACreateEvent
inet_addr
socket
htons
connect
WSACloseEvent
closesocket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
gethostbyname
winmm
waveInAddBuffer
waveInStart
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInReset
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/OFFLINEKEYLOGGERPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
5b857cdfcd6baced0ff98d4edf8a6a9a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CreateThread
CreateEventW
CloseHandle
GetLastError
CreateMutexW
InitializeCriticalSection
GetModuleHandleW
LocalFree
ReleaseMutex
DeleteCriticalSection
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
lstrcpyW
LocalAlloc
WriteFile
lstrlenW
DeleteFileW
GetLocalTime
OpenProcess
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetFileSize
lstrcmpiW
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
VirtualProtect
VirtualAlloc
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
Sleep
HeapFree
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
user32
UnregisterClassW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
DefWindowProcW
ToUnicode
GetKeyboardState
MapVirtualKeyW
GetAncestor
GetForegroundWindow
GetRawInputData
PostQuitMessage
KillTimer
SetTimer
RegisterClassW
RegisterRawInputDevices
IsWindow
GetWindowTextW
GetWindowThreadProcessId
SetWindowTextW
wsprintfA
wsprintfW
ws2_32
closesocket
shutdown
setsockopt
recv
send
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
WSAWaitForMultipleEvents
ole32
CoCreateGuid
CoInitialize
CoTaskMemFree
StringFromGUID2
CoUninitialize
shell32
SHGetKnownFolderPath
psapi
GetModuleFileNameExW
shlwapi
StrStrIW
StrStrW
StrCmpNIA
Sections
.text Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/OFFLINEKEYLOGGERPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
ef33a010507e0c3b2c51175489933373
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CreateThread
CreateEventW
CloseHandle
GetLastError
CreateMutexW
InitializeCriticalSection
GetModuleHandleW
LocalFree
ReleaseMutex
DeleteCriticalSection
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
lstrcpyW
LocalAlloc
WriteFile
lstrlenW
DeleteFileW
GetLocalTime
OpenProcess
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetFileSize
lstrcmpiW
VirtualProtect
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
lstrcpyA
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
Sleep
HeapFree
FlsAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
user32
UnregisterClassW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW
DefWindowProcW
ToUnicode
GetKeyboardState
MapVirtualKeyW
GetAncestor
GetForegroundWindow
GetRawInputData
PostQuitMessage
KillTimer
SetTimer
CreateWindowExW
RegisterRawInputDevices
IsWindow
GetWindowTextW
GetWindowThreadProcessId
wsprintfA
ws2_32
closesocket
shutdown
setsockopt
recv
send
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
WSAWaitForMultipleEvents
ole32
CoCreateGuid
CoInitialize
CoTaskMemFree
CoUninitialize
StringFromGUID2
shell32
SHGetKnownFolderPath
psapi
GetModuleFileNameExW
shlwapi
StrStrIW
StrStrW
StrCmpNIA
Sections
.text Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/PASSWORDRECOVERYPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
398bfe2e8a3b16b83ac0c66c2a8c158f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CopyFileW
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringW
CreateFileW
lstrlenW
lstrlenA
SetCurrentDirectoryW
GetCurrentDirectoryW
FlushViewOfFile
InterlockedCompareExchange
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
WaitForSingleObject
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathA
GetSystemTimeAsFileTime
LocalFree
GetSystemInfo
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
AreFileApisANSI
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
LocalAlloc
HeapFree
CreateEventW
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
GetTimeZoneInformation
GetSystemTime
CloseHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
GetCommandLineA
InterlockedExchange
EncodePointer
ExitThread
CreateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
TerminateProcess
GetCurrentProcess
user32
SetWindowTextW
wsprintfW
wsprintfA
GetForegroundWindow
crypt32
CryptStringToBinaryA
CryptUnprotectData
ws2_32
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
socket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
closesocket
advapi32
RegGetValueW
ole32
CoTaskMemFree
shell32
SHGetKnownFolderPath
Sections
.text Size: 639KB - Virtual size: 639KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/PASSWORDRECOVERYPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
02ef1a298451701d52875dc9662f0833
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
ReadFile
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
GetFileSize
CreateFileA
GetPrivateProfileStringW
CopyFileW
GetTempPathW
lstrlenW
lstrlenA
DeleteFileW
WaitForMultipleObjects
CreateProcessW
WriteFile
SetCurrentDirectoryW
GetCurrentDirectoryW
FlushViewOfFile
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryA
HeapCompact
HeapValidate
WaitForSingleObject
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
LocalFree
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
AreFileApisANSI
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CompareStringW
WriteConsoleW
SetEnvironmentVariableA
LocalAlloc
HeapSize
CreateEventW
SetStdHandle
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
GetTickCount
CloseHandle
GetTimeZoneInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
ExitThread
CreateThread
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
TerminateProcess
user32
wsprintfA
wsprintfW
crypt32
CryptStringToBinaryA
CryptUnprotectData
ws2_32
WSACloseEvent
recv
send
setsockopt
socket
WSACreateEvent
inet_addr
gethostbyname
WSAWaitForMultipleEvents
connect
htons
closesocket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
advapi32
RegGetValueW
ole32
CoTaskMemFree
CoUninitialize
CoInitialize
StringFromGUID2
CoCreateGuid
shell32
SHGetKnownFolderPath
Sections
.text Size: 822KB - Virtual size: 821KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 94KB - Virtual size: 113KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/PROCESSPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
87cbae09dca61793400c76c4a2d1b2ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
CloseHandle
Process32NextW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
CreateEventW
LocalAlloc
WaitForSingleObject
lstrlenA
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
VirtualProtect
VirtualAlloc
ReadFile
GetFileSize
CreateFileW
FlushFileBuffers
IsProcessorFeaturePresent
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
user32
SetWindowTextW
wsprintfW
wsprintfA
GetForegroundWindow
ws2_32
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
htons
send
recv
setsockopt
shutdown
closesocket
gethostbyname
inet_addr
WSACreateEvent
WSAWaitForMultipleEvents
socket
WSAEventSelect
shlwapi
StrCmpNIA
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/PROCESSPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
c25b69b8def9a74146d4672cd490608d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
Process32NextW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
lstrlenA
VirtualProtect
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryA
LoadLibraryW
lstrcmpA
lstrcpyA
ReadFile
GetFileSize
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
user32
wsprintfA
ws2_32
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
socket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
closesocket
shlwapi
StrCmpNIA
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 760B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/REGISTRYPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
622c98c3366578f56c5dae12a50c308f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
FlushFileBuffers
CreateFileW
IsProcessorFeaturePresent
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
lstrlenA
WaitForSingleObject
lstrcpyW
GetLastError
CreateEventW
LocalAlloc
GetModuleHandleW
GetProcAddress
CloseHandle
LCMapStringW
LocalFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
user32
GetForegroundWindow
wsprintfW
wsprintfA
SetWindowTextW
ws2_32
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAWaitForMultipleEvents
htons
recv
setsockopt
WSAEventSelect
shutdown
closesocket
gethostbyname
inet_addr
WSACreateEvent
socket
send
advapi32
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/REGISTRYPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
ac5f835f720b362937d20d907e20cdfd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
LoadLibraryW
lstrlenA
lstrcpyW
GetLastError
GetModuleHandleW
GetProcAddress
WaitForSingleObject
LocalAlloc
CreateEventW
LocalFree
LCMapStringW
CloseHandle
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
Sleep
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
user32
wsprintfA
ws2_32
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
socket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
closesocket
advapi32
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 850B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/REMOTESHELLPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
282fc7a11c37706ecf10825ce70fef52
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
TerminateProcess
SetEvent
WaitForMultipleObjects
CreateThread
CloseHandle
WriteFile
GetOverlappedResult
WaitForSingleObject
ReadFile
SetConsoleOutputCP
SetConsoleCP
AttachConsole
FreeConsole
Sleep
CreateProcessW
SetHandleInformation
GetSystemDirectoryW
CreateEventW
LocalAlloc
ResetEvent
GetLastError
CreateFileA
CreateNamedPipeA
GetCurrentProcessId
SetLastError
lstrlenA
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetModuleFileNameW
LoadLibraryW
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
GetProcAddress
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
user32
GetForegroundWindow
wsprintfW
wsprintfA
SetWindowTextW
ws2_32
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAWaitForMultipleEvents
htons
recv
setsockopt
WSAEventSelect
shutdown
closesocket
gethostbyname
inet_addr
WSACreateEvent
socket
send
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/REMOTESHELLPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
4c4301e6322f2946de8ec9240e9786f3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
TerminateProcess
SetEvent
WaitForMultipleObjects
CreateThread
WriteFile
GetOverlappedResult
ReadFile
SetConsoleOutputCP
SetConsoleCP
AttachConsole
FreeConsole
Sleep
CreateProcessW
SetHandleInformation
GetSystemDirectoryW
ResetEvent
GetLastError
CreateFileW
CreateNamedPipeW
GetCurrentProcessId
SetLastError
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
LoadLibraryW
HeapReAlloc
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
user32
wsprintfW
wsprintfA
ws2_32
inet_addr
gethostbyname
htons
connect
WSACloseEvent
closesocket
WSACreateEvent
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
socket
setsockopt
WSAEnumNetworkEvents
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 750B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/SCREENCAPTUREPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
583506e5e7e518b2e9c9952d61a41040
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
lstrcmpW
CreateEventW
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
ReleaseMutex
CreateMutexW
GlobalAlloc
LocalAlloc
GlobalFree
GetCPInfo
CloseHandle
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
HeapSize
user32
GetDesktopWindow
MessageBoxW
ReleaseDC
GetWindowRect
GetDC
DrawIcon
GetCursorInfo
SetWindowTextW
GetForegroundWindow
wsprintfA
wsprintfW
ws2_32
inet_addr
gethostbyname
WSACreateEvent
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
shutdown
closesocket
socket
htons
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
ole32
CreateStreamOnHGlobal
gdi32
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/SCREENCAPTUREPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
88da1eb545a0568839384f466efda85d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CreateMutexW
ReleaseMutex
lstrcmpW
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GlobalAlloc
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
GlobalFree
WaitForSingleObject
LocalAlloc
CreateEventW
LocalFree
EnterCriticalSection
CloseHandle
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
HeapSize
user32
wsprintfA
GetDesktopWindow
MessageBoxW
ReleaseDC
GetWindowRect
GetDC
DrawIcon
GetCursorInfo
ws2_32
setsockopt
socket
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
closesocket
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
ole32
CreateStreamOnHGlobal
gdi32
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 474B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/SOCKSRELAYPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
d15d5bde26e984feb9bef91830130140
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
CloseHandle
WaitForMultipleObjects
LocalAlloc
CreateEventW
WaitForSingleObject
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapSize
user32
GetForegroundWindow
wsprintfW
wsprintfA
SetWindowTextW
ws2_32
connect
WSACloseEvent
WSAGetLastError
WSAWaitForMultipleEvents
send
htons
setsockopt
closesocket
WSAEventSelect
WSAEnumNetworkEvents
shutdown
gethostbyname
inet_addr
WSACreateEvent
socket
recv
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/SOCKSRELAYPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
7b1538194556fc969f62012036c99248
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
CloseHandle
WaitForMultipleObjects
LocalAlloc
CreateEventW
WaitForSingleObject
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapSize
user32
wsprintfA
ws2_32
inet_addr
gethostbyname
htons
connect
WSACloseEvent
WSAGetLastError
WSACreateEvent
send
recv
setsockopt
closesocket
WSAEventSelect
WSAEnumNetworkEvents
shutdown
socket
WSAWaitForMultipleEvents
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/SYSTEMCONTROLPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
e3c2a95ef165b045f3902143afb5d50f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalAlloc
WaitForSingleObject
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
CreateEventW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetLastError
LocalFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
user32
SetWindowTextW
GetForegroundWindow
wsprintfW
wsprintfA
LockWorkStation
ws2_32
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
connect
send
recv
setsockopt
shutdown
closesocket
htons
gethostbyname
inet_addr
WSACreateEvent
socket
WSAWaitForMultipleEvents
advapi32
AdjustTokenPrivileges
OpenProcessToken
InitiateSystemShutdownW
LookupPrivilegeValueW
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/SYSTEMCONTROLPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
40ed67ed94b502e3df428248aca6e97d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetLastError
GetCurrentProcess
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
WaitForSingleObject
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
LocalAlloc
CreateEventW
LocalFree
CloseHandle
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapSize
user32
LockWorkStation
wsprintfA
ws2_32
inet_addr
gethostbyname
htons
connect
WSACloseEvent
closesocket
WSACreateEvent
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
socket
setsockopt
WSAEnumNetworkEvents
advapi32
AdjustTokenPrivileges
OpenProcessToken
InitiateSystemShutdownW
LookupPrivilegeValueW
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/VNCPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
48b02c29a241c40915ae85639a6c867b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WaitForSingleObject
lstrcmpW
CreateEventW
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
LocalFree
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
ReleaseMutex
CreateMutexW
GlobalAlloc
LocalAlloc
GlobalFree
GetOEMCP
CloseHandle
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
user32
GetDesktopWindow
SendInput
SetCursorPos
GetClientRect
MessageBoxW
ReleaseDC
GetWindowRect
GetDC
DrawIcon
SetWindowTextW
GetForegroundWindow
wsprintfW
wsprintfA
GetCursorInfo
ws2_32
htons
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
shutdown
closesocket
gethostbyname
inet_addr
WSACreateEvent
socket
connect
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
ole32
CreateStreamOnHGlobal
gdi32
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
Sections
.text Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/VNCPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
93091bd6b315205bbc533727a353bc36
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
WaitForSingleObject
lstrcmpW
CreateEventW
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
LocalFree
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
ReleaseMutex
CreateMutexW
GlobalAlloc
LocalAlloc
GlobalFree
GetACP
CloseHandle
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
user32
GetDesktopWindow
SendInput
SetCursorPos
GetCursorPos
GetClientRect
MessageBoxW
ReleaseDC
GetWindowRect
GetDC
GetCursorInfo
wsprintfA
DrawIcon
ws2_32
gethostbyname
inet_addr
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
setsockopt
shutdown
closesocket
WSACreateEvent
socket
htons
gdiplus
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
ole32
CreateStreamOnHGlobal
gdi32
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
Sections
.text Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 738B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/WALLPAPERPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
d5f01c411703c156a030e8f04647e662
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
LocalAlloc
GetLastError
lstrlenW
CloseHandle
CreateEventW
WaitForSingleObject
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
user32
SetWindowTextW
GetForegroundWindow
wsprintfW
wsprintfA
SystemParametersInfoW
ws2_32
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
connect
send
recv
setsockopt
shutdown
closesocket
htons
gethostbyname
inet_addr
WSACreateEvent
socket
WSAWaitForMultipleEvents
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/WALLPAPERPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
792271e5aa0ae8209513ddd0ca17980f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
GetLastError
lstrlenW
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapSize
user32
SystemParametersInfoW
wsprintfA
ws2_32
inet_addr
gethostbyname
htons
connect
WSACloseEvent
closesocket
WSACreateEvent
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
socket
setsockopt
WSAEnumNetworkEvents
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/WEBCAMPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
c1cd7530c9a548c383f53a7737253aba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
VirtualAlloc
CreateEventW
CreateMutexW
LocalFree
ReleaseMutex
VirtualFree
WaitForSingleObject
CloseHandle
GlobalFree
GlobalAlloc
LocalAlloc
lstrcmpW
lstrcmpiW
lstrcpyW
ResetEvent
GetModuleHandleW
SetEvent
lstrlenA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
user32
SetWindowTextW
wsprintfA
wsprintfW
GetForegroundWindow
gdiplus
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromGdiDib
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
ole32
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
ws2_32
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
htons
recv
setsockopt
shutdown
closesocket
socket
gethostbyname
inet_addr
WSACreateEvent
send
oleaut32
VariantInit
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/WEBCAMPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
43cabba3a2348d08457152f2d424f8d6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
lstrlenA
VirtualAlloc
CreateMutexW
VirtualFree
GlobalFree
GlobalAlloc
lstrcmpW
lstrcmpiW
lstrcpyW
ResetEvent
ReleaseMutex
SetEvent
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
WriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
GetCurrentThreadId
FlsSetValue
GetCommandLineA
DecodePointer
EncodePointer
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
user32
wsprintfA
gdiplus
GdipSaveImageToStream
GdiplusStartup
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromGdiDib
GdiplusShutdown
ole32
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemFree
ws2_32
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
closesocket
socket
shutdown
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
WSAEnumNetworkEvents
setsockopt
oleaut32
VariantInit
Sections
.text Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 974B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/WINDOWPLUGIN32.DLL.dll windows:5 windows x86 arch:x86
5f312beccb4c144aad8cabdef237f461
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
LocalFree
LocalAlloc
CloseHandle
Process32NextW
lstrlenW
Process32FirstW
CreateToolhelp32Snapshot
GetLastError
CreateEventW
WaitForSingleObject
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetCurrentThreadId
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapSize
user32
GetWindowTextLengthW
IsWindowVisible
GetParent
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
SendMessageW
SetForegroundWindow
ShowWindow
SetWindowTextW
GetForegroundWindow
wsprintfW
wsprintfA
GetWindowTextW
ws2_32
shutdown
setsockopt
recv
send
WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
closesocket
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/WINDOWPLUGIN64.DLL.dll windows:5 windows x64 arch:x64
23b040dec8b2f3289ea5382d4d503425
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
LocalFree
CreateEventW
LocalAlloc
WaitForSingleObject
Process32NextW
lstrlenW
Process32FirstW
CreateToolhelp32Snapshot
GetLastError
lstrlenA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
WriteFile
LoadLibraryW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapSize
user32
GetWindowTextW
GetWindowTextLengthW
IsWindowVisible
GetParent
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
SendMessageW
SetForegroundWindow
ShowWindow
SetWindowTextW
wsprintfA
ws2_32
WSAWaitForMultipleEvents
WSAEventSelect
recv
WSAGetLastError
shutdown
WSAEnumNetworkEvents
closesocket
WSACloseEvent
connect
htons
gethostbyname
inet_addr
WSACreateEvent
socket
setsockopt
send
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 474B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DarkVision Rat/{9B0AF4E7-83D4-4AF8-83EC-9EFAF0769048}