filename | a0a3f697726278fe1ea44ed996f89778dfb5f7ed.bin | |
---|---|---|
size | 94208 (0x17000) | |
md5 | 47f870744dee3b674bb619d653fada2b | |
type | PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x80 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
ADVAPI32.dll | 1031 | AdjustTokenPrivileges | |
ADVAPI32.dll | 1032 | AllocateAndInitializeSid | |
ADVAPI32.dll | 1138 | CreateProcessAsUserA | |
ADVAPI32.dll | 1193 | CryptAcquireContextW | |
ADVAPI32.dll | 1209 | CryptGenRandom | |
ADVAPI32.dll | 1219 | CryptReleaseContext | |
ADVAPI32.dll | 1239 | DuplicateTokenEx | |
ADVAPI32.dll | 1280 | EqualSid | |
ADVAPI32.dll | 1307 | FreeSid | |
ADVAPI32.dll | 1367 | GetTokenInformation | |
ADVAPI32.dll | 1422 | LookupAccountSidA | |
ADVAPI32.dll | 1428 | LookupPrivilegeValueA | |
ADVAPI32.dll | 1530 | OpenProcessToken | |
ADVAPI32.dll | 1596 | RegCloseKey | |
ADVAPI32.dll | 1619 | RegDeleteValueA | |
ADVAPI32.dll | 1644 | RegOpenKeyExA | |
ADVAPI32.dll | 1657 | RegQueryValueExA | |
ADVAPI32.dll | 1673 | RegSetValueExA | |
KERNEL32.dll | 131 | CloseHandle | |
KERNEL32.dll | 179 | CreateDirectoryA | |
KERNEL32.dll | 192 | CreateFileA | |
KERNEL32.dll | 212 | CreateMutexA | |
KERNEL32.dll | 222 | CreateProcessA | |
KERNEL32.dll | 238 | CreateThread | |
KERNEL32.dll | 247 | CreateToolhelp32Snapshot | |
KERNEL32.dll | 271 | DeleteFileA | |
KERNEL32.dll | 286 | DisableThreadLibraryCalls | |
KERNEL32.dll | 352 | ExitThread | |
KERNEL32.dll | 374 | FindClose | |
KERNEL32.dll | 378 | FindFirstFileA | |
KERNEL32.dll | 395 | FindNextFileA | |
KERNEL32.dll | 536 | GetCurrentProcess | |
KERNEL32.dll | 569 | GetEnvironmentVariableA | |
KERNEL32.dll | 579 | GetFileAttributesA | |
KERNEL32.dll | 590 | GetFileSize | |
KERNEL32.dll | 610 | GetLastError | |
KERNEL32.dll | 690 | GetProcAddress | |
KERNEL32.dll | 695 | GetProcessHeap | |
KERNEL32.dll | 697 | GetProcessId | |
KERNEL32.dll | 741 | GetSystemInfo | |
KERNEL32.dll | 745 | GetSystemTime | |
KERNEL32.dll | 761 | GetThreadContext | |
KERNEL32.dll | 775 | GetTickCount | |
KERNEL32.dll | 794 | GetVersionExA | |
KERNEL32.dll | 825 | GlobalMemoryStatusEx | |
KERNEL32.dll | 836 | HeapAlloc | |
KERNEL32.dll | 842 | HeapFree | |
KERNEL32.dll | 848 | HeapSize | |
KERNEL32.dll | 955 | LoadLibraryA | |
KERNEL32.dll | 992 | MoveFileExA | |
KERNEL32.dll | 1033 | OpenProcess | |
KERNEL32.dll | 1061 | Process32First | |
KERNEL32.dll | 1063 | Process32Next | |
KERNEL32.dll | 1129 | ReadFile | |
KERNEL32.dll | 1132 | ReadProcessMemory | |
KERNEL32.dll | 1179 | ResumeThread | |
KERNEL32.dll | 1269 | SetFileAttributesA | |
KERNEL32.dll | 1281 | SetFileTime | |
KERNEL32.dll | 1323 | SetThreadContext | |
KERNEL32.dll | 1361 | Sleep | |
KERNEL32.dll | 1372 | SystemTimeToFileTime | |
KERNEL32.dll | 1376 | TerminateProcess | |
KERNEL32.dll | 1438 | VirtualAllocEx | |
KERNEL32.dll | 1454 | WaitForSingleObject | |
KERNEL32.dll | 1491 | WideCharToMultiByte | |
KERNEL32.dll | 1511 | WriteFile | |
KERNEL32.dll | 1520 | WriteProcessMemory | |
msvcrt.dll | 84 | __iob_func | |
msvcrt.dll | 850 | _vsnprintf | |
msvcrt.dll | 857 | _vsnwprintf | |
msvcrt.dll | 1074 | fgetwc | |
msvcrt.dll | 1104 | getc | |
msvcrt.dll | 1122 | isspace | |
msvcrt.dll | 1137 | isxdigit | |
msvcrt.dll | 1156 | memcpy | |
msvcrt.dll | 1158 | memset | |
msvcrt.dll | 1199 | strchr | |
msvcrt.dll | 1200 | strcmp | |
msvcrt.dll | 1207 | strlen | |
msvcrt.dll | 1210 | strncmp | |
msvcrt.dll | 1216 | strstr | |
msvcrt.dll | 1236 | tolower | |
NETAPI32.dll | 122 | NetApiBufferFree | |
NETAPI32.dll | 241 | NetServerEnum | |
SHELL32.dll | 189 | SHFileOperationA | |
USER32.dll | 360 | GetLastInputInfo | |
USERENV.dll | 4 | CreateEnvironmentBlock | |
USERENV.dll | 10 | DestroyEnvironmentBlock | |
USERENV.dll | 39 | LoadUserProfileA | |
USERENV.dll | 51 | UnloadUserProfile | |
WS2_32.dll | 48 | WSAGetLastError | |
WS2_32.dll | 89 | WSAStartup | |
WS2_32.dll | 161 | __WSAFDIsSet | |
WS2_32.dll | 164 | closesocket | |
WS2_32.dll | 165 | connect | |
WS2_32.dll | 169 | gethostbyname | |
WS2_32.dll | 170 | gethostname | |
WS2_32.dll | 179 | htonl | |
WS2_32.dll | 180 | htons | |
WS2_32.dll | 181 | inet_addr | |
WS2_32.dll | 182 | inet_ntoa | |
WS2_32.dll | 185 | ioctlsocket | |
WS2_32.dll | 189 | recv | |
WS2_32.dll | 191 | select | |
WS2_32.dll | 192 | send | |
WS2_32.dll | 194 | setsockopt | |
WS2_32.dll | 195 | shutdown | |
WS2_32.dll | 196 | socket | |
WTSAPI32.dll | 19 | WTSEnumerateSessionsA | |
WTSAPI32.dll | 23 | WTSFreeMemory | |
WTSAPI32.dll | 41 | WTSQueryUserToken | |
ADVAPI32.dll | AllocateAndInitializeSid | ||
ADVAPI32.dll | CreateProcessAsUserA | ||
ADVAPI32.dll | CryptAcquireContextW | ||
ADVAPI32.dll | CryptGenRandom | ||
ADVAPI32.dll | CryptReleaseContext | ||
ADVAPI32.dll | DuplicateTokenEx | ||
ADVAPI32.dll | EqualSid | ||
ADVAPI32.dll | FreeSid | ||
ADVAPI32.dll | GetTokenInformation | ||
ADVAPI32.dll | LookupAccountSidA | ||
ADVAPI32.dll | LookupPrivilegeValueA | ||
ADVAPI32.dll | OpenProcessToken | ||
ADVAPI32.dll | RegCloseKey | ||
ADVAPI32.dll | RegDeleteValueA | ||
ADVAPI32.dll | RegOpenKeyExA | ||
ADVAPI32.dll | RegQueryValueExA | ||
ADVAPI32.dll | RegSetValueExA | ||
KERNEL32.dll | CreateDirectoryA | ||
KERNEL32.dll | CreateFileA | ||
KERNEL32.dll | CreateMutexA | ||
KERNEL32.dll | CreateProcessA | ||
KERNEL32.dll | CreateThread | ||
KERNEL32.dll | CreateToolhelp32Snapshot | ||
KERNEL32.dll | DeleteFileA | ||
KERNEL32.dll | DisableThreadLibraryCalls | ||
ntdll.dll | RtlExitUserThread | ||
KERNEL32.dll | FindClose | ||
KERNEL32.dll | FindFirstFileA | ||
KERNEL32.dll | FindNextFileA | ||
KERNEL32.dll | GetCurrentProcess | ||
KERNEL32.dll | GetEnvironmentVariableA | ||
KERNEL32.dll | GetFileAttributesA | ||
KERNEL32.dll | GetFileSize | ||
KERNEL32.dll | GetLastError | ||
KERNEL32.dll | GetProcAddress | ||
KERNEL32.dll | GetProcessHeap | ||
KERNEL32.dll | GetProcessId | ||
KERNEL32.dll | GetSystemInfo | ||
KERNEL32.dll | GetSystemTime | ||
KERNEL32.dll | GetThreadContext | ||
KERNEL32.dll | GetTickCount | ||
KERNEL32.dll | GetVersionExA | ||
KERNEL32.dll | GlobalMemoryStatusEx | ||
ntdll.dll | RtlAllocateHeap | ||
KERNEL32.dll | HeapFree | ||
ntdll.dll | RtlSizeHeap | ||
KERNEL32.dll | LoadLibraryA | ||
KERNEL32.dll | MoveFileExA | ||
KERNEL32.dll | OpenProcess | ||
KERNEL32.dll | Process32First | ||
KERNEL32.dll | Process32Next | ||
KERNEL32.dll | ReadFile | ||
KERNEL32.dll | ReadProcessMemory | ||
KERNEL32.dll | ResumeThread | ||
KERNEL32.dll | SetFileAttributesA | ||
KERNEL32.dll | SetFileTime | ||
KERNEL32.dll | SetThreadContext | ||
KERNEL32.dll | Sleep | ||
KERNEL32.dll | SystemTimeToFileTime | ||
KERNEL32.dll | TerminateProcess | ||
KERNEL32.dll | VirtualAllocEx | ||
KERNEL32.dll | WaitForSingleObject | ||
KERNEL32.dll | WideCharToMultiByte | ||
KERNEL32.dll | WriteFile | ||
KERNEL32.dll | WriteProcessMemory | ||
msvcrt.dll | _vsnprintf | ||
msvcrt.dll | _vsnwprintf | ||
msvcrt.dll | fgetwc | ||
msvcrt.dll | fgetc | ||
msvcrt.dll | isspace | ||
msvcrt.dll | isxdigit | ||
msvcrt.dll | memcpy | ||
msvcrt.dll | strchr | ||
msvcrt.dll | strcmp | ||
msvcrt.dll | strlen | ||
msvcrt.dll | strncmp | ||
msvcrt.dll | strstr | ||
msvcrt.dll | tolower | ||
browcli.dll | NetServerEnum | ||
USERENV.dll | DestroyEnvironmentBlock | ||
USERENV.dll | LoadUserProfileA | ||
USERENV.dll | UnloadUserProfile | ||
WS2_32.dll | WSAStartup | ||
WS2_32.dll | __WSAFDIsSet | ||
WS2_32.dll | closesocket | ||
WS2_32.dll | connect | ||
WS2_32.dll | gethostbyname | ||
WS2_32.dll | gethostname | ||
WS2_32.dll | htonl | ||
WS2_32.dll | htons | ||
WS2_32.dll | inet_addr | ||
WS2_32.dll | inet_ntoa | ||
WS2_32.dll | ioctlsocket | ||
WS2_32.dll | recv | ||
WS2_32.dll | select | ||
WS2_32.dll | setsockopt | ||
WS2_32.dll | shutdown | ||
WS2_32.dll | socket | ||
WTSAPI32.dll | WTSFreeMemory | ||
WTSAPI32.dll | WTSQueryUserToken |
ord | entry_va | function_name | |
---|---|---|---|
1 | 0x1565 | RunFromMemory |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK