Downloads[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Downloads.zip
Size

3.5MB
MD5

36358045c6ab6b222b68b1332d1c0bd5
SHA1

ad82ddd6f1fac7d0770697556a98fec699bc0331
SHA256

204d864101aff8e5a3df36d2a63b8ce8173c553030157f1bca2953e23dfa9d3f
SHA512

b9b1843ae3edc622257f3da260c8c74c40463066da47a8074b012e4721e867cfaabbb18e83474804c825856fde929f609513a4eb173ca0b0611e1854618dac17
SSDEEP

98304:6ytBxaLW73eqiOYYK3qTnVZ0ATOtERQA33RzmsqiCK:1xsgeqP3BZ0ATOyZRzmxib

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bajo.ocx
unpack001/chromexpr.ocx
unpack001/kamojo.ocx

Files

Downloads.zip
.zip

Password: infected
Screenshot_0219510.download
.lnk
bajo.ocx
.dll regsvr32 windows:6 windows x64 arch:x64

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\Desktop\Projects\C2New\Rev\x64\Release\Rev.pdb

Imports

kernel32

GetModuleHandleA
PostQueuedCompletionStatus
GetCommandLineA
CreateEventW
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
TerminateThread
WaitForSingleObjectEx
CloseHandle
ReleaseSRWLockShared
IsDBCSLeadByte
LoadResource
QueueUserAPC
CreateWaitableTimerA
GetProcAddress
LocalFree
AcquireSRWLockShared
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SleepEx
lstrcmpiA
CreateProcessA
GetSystemTimeAsFileTime
FormatMessageA
CreateEventA
CreateIoCompletionPort
GetExitCodeProcess
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetCurrentThreadId
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WaitForSingleObject
FindResourceA
GetQueuedCompletionStatus
CreatePipe
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
GetThreadLocale
WaitForMultipleObjects
LoadLibraryExA
EnterCriticalSection
SetLastError
SetWaitableTimer
SetHandleInformation
SetThreadLocale
SizeofResource
InitializeSRWLock
GetModuleFileNameA
ReadFile
ExitProcess
Sleep
DeleteCriticalSection
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetFileSizeEx
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
RtlUnwind
VirtualAlloc
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
OpenEventA
ReleaseSemaphore
ResetEvent
SetFilePointerEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSListHead
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
DecodePointer
RaiseException
GetLastError
GetSystemTime
InitializeCriticalSectionEx
IsDebuggerPresent
TryAcquireSRWLockExclusive
RtlPcToFileHeader
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
GetStringTypeW

user32

GetDC
GetSystemMetrics
CharNextW
ReleaseDC
CharNextA

gdi32

BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
CreateProcessWithLogonW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
CryptEnumProvidersA

ole32

CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

ws2_32

WSARecv
htons
recv
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
getpeername
getsockname
ntohs
WSAAddressToStringW
gethostname
WSAStartup
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
closesocket
inet_pton
send
socket
connect

bcrypt

BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

crypt32

CryptStringToBinaryA
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chromexpr.ocx
.dll regsvr32 windows:6 windows x64 arch:x64

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\Desktop\Projects\C2New\Rev\x64\Release\Rev.pdb

Imports

kernel32

GetModuleHandleA
PostQueuedCompletionStatus
GetCommandLineA
CreateEventW
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
TerminateThread
WaitForSingleObjectEx
CloseHandle
ReleaseSRWLockShared
IsDBCSLeadByte
LoadResource
QueueUserAPC
CreateWaitableTimerA
GetProcAddress
LocalFree
AcquireSRWLockShared
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SleepEx
lstrcmpiA
CreateProcessA
GetSystemTimeAsFileTime
FormatMessageA
CreateEventA
CreateIoCompletionPort
GetExitCodeProcess
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetCurrentThreadId
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WaitForSingleObject
FindResourceA
GetQueuedCompletionStatus
CreatePipe
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
GetThreadLocale
WaitForMultipleObjects
LoadLibraryExA
EnterCriticalSection
SetLastError
SetWaitableTimer
SetHandleInformation
SetThreadLocale
SizeofResource
InitializeSRWLock
GetModuleFileNameA
ReadFile
ExitProcess
Sleep
DeleteCriticalSection
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetFileSizeEx
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
RtlUnwind
VirtualAlloc
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
OpenEventA
ReleaseSemaphore
ResetEvent
SetFilePointerEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSListHead
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
DecodePointer
RaiseException
GetLastError
GetSystemTime
InitializeCriticalSectionEx
IsDebuggerPresent
TryAcquireSRWLockExclusive
RtlPcToFileHeader
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
GetStringTypeW

user32

GetDC
GetSystemMetrics
CharNextW
ReleaseDC
CharNextA

gdi32

BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
CreateProcessWithLogonW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
CryptEnumProvidersA

ole32

CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

ws2_32

WSARecv
htons
recv
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
getpeername
getsockname
ntohs
WSAAddressToStringW
gethostname
WSAStartup
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
closesocket
inet_pton
send
socket
connect

bcrypt

BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

crypt32

CryptStringToBinaryA
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kamojo.ocx
.dll regsvr32 windows:6 windows x64 arch:x64

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\Desktop\Projects\C2New\Rev\x64\Release\Rev.pdb

Imports

kernel32

GetModuleHandleA
PostQueuedCompletionStatus
GetCommandLineA
CreateEventW
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
TerminateThread
WaitForSingleObjectEx
CloseHandle
ReleaseSRWLockShared
IsDBCSLeadByte
LoadResource
QueueUserAPC
CreateWaitableTimerA
GetProcAddress
LocalFree
AcquireSRWLockShared
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SleepEx
lstrcmpiA
CreateProcessA
GetSystemTimeAsFileTime
FormatMessageA
CreateEventA
CreateIoCompletionPort
GetExitCodeProcess
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetCurrentThreadId
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WaitForSingleObject
FindResourceA
GetQueuedCompletionStatus
CreatePipe
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
GetThreadLocale
WaitForMultipleObjects
LoadLibraryExA
EnterCriticalSection
SetLastError
SetWaitableTimer
SetHandleInformation
SetThreadLocale
SizeofResource
InitializeSRWLock
GetModuleFileNameA
ReadFile
ExitProcess
Sleep
DeleteCriticalSection
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetFileSizeEx
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
RtlUnwind
VirtualAlloc
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
OpenEventA
ReleaseSemaphore
ResetEvent
SetFilePointerEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSListHead
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
DecodePointer
RaiseException
GetLastError
GetSystemTime
InitializeCriticalSectionEx
IsDebuggerPresent
TryAcquireSRWLockExclusive
RtlPcToFileHeader
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
GetStringTypeW

user32

GetDC
GetSystemMetrics
CharNextW
ReleaseDC
CharNextA

gdi32

BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
CreateProcessWithLogonW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
CryptEnumProvidersA

ole32

CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

ws2_32

WSARecv
htons
recv
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
getpeername
getsockname
ntohs
WSAAddressToStringW
gethostname
WSAStartup
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
closesocket
inet_pton
send
socket
connect

bcrypt

BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

crypt32

CryptStringToBinaryA
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
photo.png
.png

Sharing

General

Malware Config

Signatures

Files

Password: infected

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

bcrypt

gdiplus

crypt32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 364KB - Virtual size: 363KB

.data Size: 60KB - Virtual size: 70KB

.pdata Size: 83KB - Virtual size: 83KB

_RDATA Size: 512B - Virtual size: 500B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

bcrypt

gdiplus

crypt32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 364KB - Virtual size: 363KB

.data Size: 60KB - Virtual size: 70KB

.pdata Size: 83KB - Virtual size: 83KB

_RDATA Size: 512B - Virtual size: 500B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

bcrypt

gdiplus

crypt32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 364KB - Virtual size: 363KB

.data
Size: 60KB - Virtual size: 70KB

.pdata
Size: 83KB - Virtual size: 83KB

_RDATA
Size: 512B - Virtual size: 500B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 364KB - Virtual size: 363KB

.data
Size: 60KB - Virtual size: 70KB

.pdata
Size: 83KB - Virtual size: 83KB

_RDATA
Size: 512B - Virtual size: 500B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 364KB - Virtual size: 363KB

.data
Size: 60KB - Virtual size: 70KB

.pdata
Size: 83KB - Virtual size: 83KB

_RDATA
Size: 512B - Virtual size: 500B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB