API tools faq
paste
Advertisement
MalwareMustDie

#malwareMustDie dune.exe decrypted calls

MalwareMustDie
Feb 4th, 2013
1,469
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.73 KB | None | 0 0
raw download clone embed print report
  1. #MalwareMustDie -
  2.  
  3. dune.exe - decrypted - calls per dlls
  4.  
  5. ADDR Calls Dlls
  6. ===========================================================================
  7. 10012000 OpenFileMappingA KERNEL32
  8. 10012004 VirtualProtect KERNEL32
  9. 10012008 GetModuleFileNameA KERNEL32
  10. 1001200C VirtualAllocEx KERNEL32
  11. 10012010 VirtualAlloc KERNEL32
  12. 10012014 OpenProcess KERNEL32
  13. 10012018 CreateRemoteThread KERNEL32
  14. 1001201C VirtualFree KERNEL32
  15. 10012020 SetFilePointer KERNEL32
  16. 10012024 GetVersion KERNEL32
  17. 10012028 GetComputerNameA KERNEL32
  18. 1001202C CreateProcessW KERNEL32
  19. 10012030 GetThreadContext KERNEL32
  20. 10012034 SwitchToThread KERNEL32
  21. 10012038 CreateFileA KERNEL32
  22. 1001203C lstrlenA KERNEL32
  23. 10012040 HeapAlloc KERNEL32
  24. 10012044 HeapFree KERNEL32
  25. 10012048 WriteFile KERNEL32
  26. 1001204C lstrcatA KERNEL32
  27. 10012050 CreateDirectoryA KERNEL32
  28. 10012054 GetLastError KERNEL32
  29. 10012058 RemoveDirectoryA KERNEL32
  30. 1001205C LoadLibraryA KERNEL32
  31. 10012060 CloseHandle KERNEL32
  32. 10012064 DeleteFileA KERNEL32
  33. 10012068 lstrcpyA KERNEL32
  34. 1001206C HeapReAlloc KERNEL32
  35. 10012070 InterlockedIncrement KERNEL32
  36. 10012074 InterlockedDecrement KERNEL32
  37. 10012078 SetEvent KERNEL32
  38. 1001207C GetTickCount KERNEL32
  39. 10012080 HeapDestroy KERNEL32
  40. 10012084 HeapCreate KERNEL32
  41. 10012088 GetCurrentThreadId KERNEL32
  42. 1001208C CreateDirectoryW KERNEL32
  43. 10012090 GetWindowsDirectoryA KERNEL32
  44. 10012094 Sleep KERNEL32
  45. 10012098 CopyFileW KERNEL32
  46. 1001209C lstrlenW KERNEL32
  47. 100120A0 GetModuleHandleA KERNEL32
  48. 100120A4 lstrcatW KERNEL32
  49. 100120A8 DeleteFileW KERNEL32
  50. 100120AC GetTempPathA KERNEL32
  51. 100120B0 MapViewOfFile KERNEL32
  52. 100120B4 UnmapViewOfFile KERNEL32
  53. 100120B8 SetWaitableTimer KERNEL32
  54. 100120BC GetCurrentProcess KERNEL32
  55. 100120C0 CreateEventA KERNEL32
  56. 100120C4 LeaveCriticalSection KERNEL32
  57. 100120C8 lstrcmpiA KERNEL32
  58. 100120CC EnterCriticalSection KERNEL32
  59. 100120D0 WaitForMultipleObjects KERNEL32
  60. 100120D4 CreateMutexA KERNEL32
  61. 100120D8 ReleaseMutex KERNEL32
  62. 100120DC CreateWaitableTimerA KERNEL32
  63. 100120E0 UnregisterWait KERNEL32
  64. 100120E4 LoadLibraryExW KERNEL32
  65. 100120E8 WaitForSingleObject KERNEL32
  66. 100120EC SetLastError KERNEL32
  67. 100120F0 RegisterWaitForSingleObject KERNEL32
  68. 100120F4 GetFileSize KERNEL32
  69. 100120F8 FindFirstFileW KERNEL32
  70. 100120FC GetDriveTypeW KERNEL32
  71. 10012100 GetLogicalDriveStringsW KERNEL32
  72. 10012104 InitializeCriticalSection KERNEL32
  73. 10012108 GetFileAttributesA KERNEL32
  74. 1001210C GetFileAttributesW KERNEL32
  75. 10012110 CreateProcessA KERNEL32
  76. 10012114 CreateFileW KERNEL32
  77. 10012118 FindFirstFileA KERNEL32
  78. 1001211C GetTempFileNameA KERNEL32
  79. 10012120 FindClose KERNEL32
  80. 10012124 CreateFileMappingA KERNEL32
  81. 10012128 FindNextFileA KERNEL32
  82. 1001212C FindNextFileW KERNEL32
  83. 10012130 DeleteCriticalSection KERNEL32
  84. 10012134 ResumeThread KERNEL32
  85. 10012138 CreateThread KERNEL32
  86. 1001213C lstrcpynA KERNEL32
  87. 10012140 lstrcmpA KERNEL32
  88. 10012144 GlobalLock KERNEL32
  89. 10012148 GlobalUnlock KERNEL32
  90. 1001214C Thread32First KERNEL32
  91. 10012150 Thread32Next KERNEL32
  92. 10012154 GetProcAddress KERNEL32
  93. 10012158 QueueUserAPC KERNEL32
  94. 1001215C OpenThread KERNEL32
  95. 10012160 CreateToolhelp32Snapshot KERNEL32
  96. 10012164 CallNamedPipeA KERNEL32
  97. 10012168 WaitNamedPipeA KERNEL32
  98. 1001216C ConnectNamedPipe KERNEL32
  99. 10012170 ReadFile KERNEL32
  100. 10012174 GetOverlappedResult KERNEL32
  101. 10012178 DisconnectNamedPipe KERNEL32
  102. 1001217C FlushFileBuffers KERNEL32
  103. 10012180 CreateNamedPipeA KERNEL32
  104. 10012184 CancelIo KERNEL32
  105. 10012188 GetCurrentProcessId KERNEL32
  106. 1001218C GetSystemTime KERNEL32
  107. 10012190 lstrcmpW KERNEL32
  108. 10012194 SleepEx KERNEL32
  109. 10012198 ResetEvent KERNEL32
  110. 1001219C LocalAlloc KERNEL32
  111. 100121A0 LocalFree KERNEL32
  112. 100121A4 FreeLibrary KERNEL32
  113. 100121A8 InterlockedExchange KERNEL32
  114. 100121AC RaiseException KERNEL32
  115. 100121B0 SuspendThread KERNEL32
  116. 100121B4 ReadProcessMemory KERNEL32
  117. 100121B8 VirtualProtectEx KERNEL32
  118. 100121BC WriteProcessMemory KERNEL32
  119. 100121C0 QueueUserWorkItem KERNEL32
  120. 100121C8 NtSetContextThread ntdll
  121. 100121CC ZwQueryInformationProcess ntdll
  122. 100121D0 NtGetContextThread ntdll
  123. 100121D4 ZwOpenProcessToken ntdll
  124. 100121D8 ZwOpenProcess ntdll
  125. 100121DC ZwQueryInformationToken ntdll
  126. 100121E0 sprintf ntdll
  127. 100121E4 ZwClose ntdll
  128. 100121E8 NtUnmapViewOfSection ntdll
  129. 100121EC NtMapViewOfSection ntdll
  130. 100121F0 RtlNtStatusToDosError ntdll
  131. 100121F4 memset ntdll
  132. 100121F8 strstr ntdll
  133. 100121FC _strupr ntdll
  134. 10012200 strcpy ntdll
  135. 10012204 wcstombs ntdll
  136. 10012208 mbstowcs ntdll
  137. 1001220C wcscpy ntdll
  138. 10012210 memcpy ntdll
  139. 10012214 RtlAdjustPrivilege ntdll
  140. 10012218 NtCreateSection ntdll
  141. 1001221C _aulldiv ntdll
  142. 10012220 _allmul ntdll
  143. 10012224 RtlUnwind ntdll
  144. 10012228 NtQueryVirtualMemory ntdll
  145. 10015C00 RegCreateKeyA ADVAPI32
  146. 10015C04 RegQueryValueExA ADVAPI32
  147. 10015C08 ConvertStringSecurityDescriptorToSecurityDescriptorA ADVAPI32
  148. 10015C0C CreateProcessAsUserW ADVAPI32
  149. 10015C10 CreateProcessAsUserA ADVAPI32
  150. 10015C14 RegNotifyChangeKeyValue ADVAPI32
  151. 10015C18 RegOpenKeyA ADVAPI32
  152. 10015C1C RegEnumValueA ADVAPI32
  153. 10015C20 CryptGetUserKey ADVAPI32
  154. 10015C24 RegSetValueExA ADVAPI32
  155. 10015C28 RegCloseKey ADVAPI32
  156. 10015C30 CertCloseStore CRYPT32
  157. 10015C34 CertEnumCertificatesInStore CRYPT32
  158. 10015C38 PFXExportCertStoreEx CRYPT32
  159. 10015C3C CertOpenSystemStoreW CRYPT32
  160. 10015C44 CreateCompatibleDC GDI32
  161. 10015C48 SelectObject GDI32
  162. 10015C4C BitBlt GDI32
  163. 10015C50 DeleteDC GDI32
  164. 10015C54 DeleteObject GDI32
  165. 10015C58 CreateCompatibleBitmap GDI32
  166. 10015C60 GetMappedFileNameA PSAPI
  167. 10015C64 GetModuleFileNameExW PSAPI
  168. 10015C68 EnumProcessModules PSAPI
  169. 10015C70 SHGetFolderPathW SHELL32
  170. 10015C74 SHGetFolderPathA SHELL32
  171. 10015C78 ShellExecuteA SHELL32
  172. 10015C80 StrStrA SHLWAPI
  173. 10015C84 StrCmpNA SHLWAPI
  174. 10015C88 StrToIntExA SHLWAPI
  175. 10015C8C StrDupA SHLWAPI
  176. 10015C90 StrStrIA SHLWAPI
  177. 10015C94 StrTrimA SHLWAPI
  178. 10015C98 StrChrA SHLWAPI
  179. 10015C9C StrToIntA SHLWAPI
  180. 10015CA0 StrChrW SHLWAPI
  181. 10015CA4 StrRChrA SHLWAPI
  182. 10015CA8 StrRChrW SHLWAPI
  183. 10015CB0 ToUnicodeEx USER32
  184. 10015CB4 SetWindowsHookExA USER32
  185. 10015CB8 GetAncestor USER32
  186. 10015CBC GetWindowThreadProcessId USER32
  187. 10015CC0 GetShellWindow USER32
  188. 10015CC4 GetWindowRect USER32
  189. 10015CC8 GetWindowDC USER32
  190. 10015CCC GetForegroundWindow USER32
  191. 10015CD0 GetDesktopWindow USER32
  192. 10015CD4 wsprintfA USER32
  193. 10015CD8 ExitWindowsEx USER32
  194. 10015CDC GetKeyboardLayout USER32
  195. 10015CE0 GetKeyboardState USER32
  196. 10015CE4 CallNextHookEx USER32
  197. 10015CE8 GetWindowTextW USER32
  198. 10015CEC wsprintfW USER32
  199. 10015CF0 UnhookWindowsHookEx USER32
  200. 10015CF8 InternetConnectW WININET
  201. 10015CFC FindCloseUrlCache WININET
  202. 10015D00 HttpQueryInfoA WININET
  203. 10015D04 InternetConnectA WININET
  204. 10015D08 InternetQueryDataAvailable WININET
  205. 10015D0C InternetReadFileExA WININET
  206. 10015D10 InternetReadFile WININET
  207. 10015D14 HttpSendRequestW WININET
  208. 10015D18 HttpAddRequestHeadersW WININET
  209. 10015D1C HttpQueryInfoW WININET
  210. 10015D20 InternetReadFileExW WININET
  211. 10015D24 HttpAddRequestHeadersA WININET
  212. 10015D28 InternetSetStatusCallback WININET
  213. 10015D2C HttpSendRequestA WININET
  214. 10015D30 InternetQueryOptionA WININET
  215. 10015D34 DeleteUrlCacheEntry WININET
  216. 10015D38 FindFirstUrlCacheEntryA WININET
  217. 10015D3C InternetSetOptionA WININET
  218. 10015D40 HttpOpenRequestA WININET
  219. 10015D44 InternetOpenA WININET
  220. 10015D48 InternetCloseHandle WININET
  221. 10015D4C FindNextUrlCacheEntryA WININET
  222. 10015D54 setsockopt WS2_32
  223. 10015D58 shutdown WS2_32
  224. 10015D5C select WS2_32
  225. 10015D60 connect WS2_32
  226. 10015D64 closesocket WS2_32
  227. 10015D68 WSASetLastError WS2_32
  228. 10015D6C WSACreateEvent WS2_32
  229. 10015D70 WSAEventSelect WS2_32
  230. 10015D74 WSAEnumNetworkEvents WS2_32
  231. 10015D78 WSAGetLastError WS2_32
  232. 10015D7C WSASend WS2_32
  233. 10015D80 ioctlsocket WS2_32
  234. 10015D84 WSAStartup WS2_32
  235. 10015D88 htons WS2_32
  236. 10015D8C WSACleanup WS2_32
  237. 10015D90 WSARecv WS2_32
  238. 10015D94 bind WS2_32
  239. 10015D98 socket WS2_32
  240. 10015D9C __WSAFDIsSet WS2_32
  241. 10015DA0 send WS2_32
  242. 10015DA4 WSACloseEvent WS2_32
  243. 10015DA8 WSASetEvent WS2_32
  244. 10015DAC recv WS2_32
  245. 10015DB0 accept WS2_32
  246. 10015DB4 listen WS2_32
  247. 10015DB8 gethostbyname WS2_32
  248. 10015DC0 GdipSaveImageToStream gdiplus
  249. 10015DC4 GdiplusStartup gdiplus
  250. 10015DC8 GdipGetImageEncodersSize gdiplus
  251. 10015DCC GdipDisposeImage gdiplus
  252. 10015DD0 GdipCreateBitmapFromHBITMAP gdiplus
  253. 10015DD4 GdipGetImageEncoders gdiplus
  254. 10015DDC PR_Read nspr4
  255. 10015DE0 PR_GetError nspr4
  256. 10015DE4 PR_Poll nspr4
  257. 10015DE8 PR_SetError nspr4
  258. 10015DEC PR_Close nspr4
  259. 10015DF0 PR_Write nspr4
  260. 10015DF8 CoCreateGuid ole32
  261. 10015DFC CreateStreamOnHGlobal ole32
  262. 10015E00 GetHGlobalFromStream ole32
  263.  
  264. ----
  265. #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!