#MalwareMustDie - dune.exe - decrypted - calls per dlls ADDR Calls Dlls =========================================================================== 10012000 OpenFileMappingA KERNEL32 10012004 VirtualProtect KERNEL32 10012008 GetModuleFileNameA KERNEL32 1001200C VirtualAllocEx KERNEL32 10012010 VirtualAlloc KERNEL32 10012014 OpenProcess KERNEL32 10012018 CreateRemoteThread KERNEL32 1001201C VirtualFree KERNEL32 10012020 SetFilePointer KERNEL32 10012024 GetVersion KERNEL32 10012028 GetComputerNameA KERNEL32 1001202C CreateProcessW KERNEL32 10012030 GetThreadContext KERNEL32 10012034 SwitchToThread KERNEL32 10012038 CreateFileA KERNEL32 1001203C lstrlenA KERNEL32 10012040 HeapAlloc KERNEL32 10012044 HeapFree KERNEL32 10012048 WriteFile KERNEL32 1001204C lstrcatA KERNEL32 10012050 CreateDirectoryA KERNEL32 10012054 GetLastError KERNEL32 10012058 RemoveDirectoryA KERNEL32 1001205C LoadLibraryA KERNEL32 10012060 CloseHandle KERNEL32 10012064 DeleteFileA KERNEL32 10012068 lstrcpyA KERNEL32 1001206C HeapReAlloc KERNEL32 10012070 InterlockedIncrement KERNEL32 10012074 InterlockedDecrement KERNEL32 10012078 SetEvent KERNEL32 1001207C GetTickCount KERNEL32 10012080 HeapDestroy KERNEL32 10012084 HeapCreate KERNEL32 10012088 GetCurrentThreadId KERNEL32 1001208C CreateDirectoryW KERNEL32 10012090 GetWindowsDirectoryA KERNEL32 10012094 Sleep KERNEL32 10012098 CopyFileW KERNEL32 1001209C lstrlenW KERNEL32 100120A0 GetModuleHandleA KERNEL32 100120A4 lstrcatW KERNEL32 100120A8 DeleteFileW KERNEL32 100120AC GetTempPathA KERNEL32 100120B0 MapViewOfFile KERNEL32 100120B4 UnmapViewOfFile KERNEL32 100120B8 SetWaitableTimer KERNEL32 100120BC GetCurrentProcess KERNEL32 100120C0 CreateEventA KERNEL32 100120C4 LeaveCriticalSection KERNEL32 100120C8 lstrcmpiA KERNEL32 100120CC EnterCriticalSection KERNEL32 100120D0 WaitForMultipleObjects KERNEL32 100120D4 CreateMutexA KERNEL32 100120D8 ReleaseMutex KERNEL32 100120DC CreateWaitableTimerA KERNEL32 100120E0 UnregisterWait KERNEL32 100120E4 LoadLibraryExW KERNEL32 100120E8 WaitForSingleObject KERNEL32 100120EC SetLastError KERNEL32 100120F0 RegisterWaitForSingleObject KERNEL32 100120F4 GetFileSize KERNEL32 100120F8 FindFirstFileW KERNEL32 100120FC GetDriveTypeW KERNEL32 10012100 GetLogicalDriveStringsW KERNEL32 10012104 InitializeCriticalSection KERNEL32 10012108 GetFileAttributesA KERNEL32 1001210C GetFileAttributesW KERNEL32 10012110 CreateProcessA KERNEL32 10012114 CreateFileW KERNEL32 10012118 FindFirstFileA KERNEL32 1001211C GetTempFileNameA KERNEL32 10012120 FindClose KERNEL32 10012124 CreateFileMappingA KERNEL32 10012128 FindNextFileA KERNEL32 1001212C FindNextFileW KERNEL32 10012130 DeleteCriticalSection KERNEL32 10012134 ResumeThread KERNEL32 10012138 CreateThread KERNEL32 1001213C lstrcpynA KERNEL32 10012140 lstrcmpA KERNEL32 10012144 GlobalLock KERNEL32 10012148 GlobalUnlock KERNEL32 1001214C Thread32First KERNEL32 10012150 Thread32Next KERNEL32 10012154 GetProcAddress KERNEL32 10012158 QueueUserAPC KERNEL32 1001215C OpenThread KERNEL32 10012160 CreateToolhelp32Snapshot KERNEL32 10012164 CallNamedPipeA KERNEL32 10012168 WaitNamedPipeA KERNEL32 1001216C ConnectNamedPipe KERNEL32 10012170 ReadFile KERNEL32 10012174 GetOverlappedResult KERNEL32 10012178 DisconnectNamedPipe KERNEL32 1001217C FlushFileBuffers KERNEL32 10012180 CreateNamedPipeA KERNEL32 10012184 CancelIo KERNEL32 10012188 GetCurrentProcessId KERNEL32 1001218C GetSystemTime KERNEL32 10012190 lstrcmpW KERNEL32 10012194 SleepEx KERNEL32 10012198 ResetEvent KERNEL32 1001219C LocalAlloc KERNEL32 100121A0 LocalFree KERNEL32 100121A4 FreeLibrary KERNEL32 100121A8 InterlockedExchange KERNEL32 100121AC RaiseException KERNEL32 100121B0 SuspendThread KERNEL32 100121B4 ReadProcessMemory KERNEL32 100121B8 VirtualProtectEx KERNEL32 100121BC WriteProcessMemory KERNEL32 100121C0 QueueUserWorkItem KERNEL32 100121C8 NtSetContextThread ntdll 100121CC ZwQueryInformationProcess ntdll 100121D0 NtGetContextThread ntdll 100121D4 ZwOpenProcessToken ntdll 100121D8 ZwOpenProcess ntdll 100121DC ZwQueryInformationToken ntdll 100121E0 sprintf ntdll 100121E4 ZwClose ntdll 100121E8 NtUnmapViewOfSection ntdll 100121EC NtMapViewOfSection ntdll 100121F0 RtlNtStatusToDosError ntdll 100121F4 memset ntdll 100121F8 strstr ntdll 100121FC _strupr ntdll 10012200 strcpy ntdll 10012204 wcstombs ntdll 10012208 mbstowcs ntdll 1001220C wcscpy ntdll 10012210 memcpy ntdll 10012214 RtlAdjustPrivilege ntdll 10012218 NtCreateSection ntdll 1001221C _aulldiv ntdll 10012220 _allmul ntdll 10012224 RtlUnwind ntdll 10012228 NtQueryVirtualMemory ntdll 10015C00 RegCreateKeyA ADVAPI32 10015C04 RegQueryValueExA ADVAPI32 10015C08 ConvertStringSecurityDescriptorToSecurityDescriptorA ADVAPI32 10015C0C CreateProcessAsUserW ADVAPI32 10015C10 CreateProcessAsUserA ADVAPI32 10015C14 RegNotifyChangeKeyValue ADVAPI32 10015C18 RegOpenKeyA ADVAPI32 10015C1C RegEnumValueA ADVAPI32 10015C20 CryptGetUserKey ADVAPI32 10015C24 RegSetValueExA ADVAPI32 10015C28 RegCloseKey ADVAPI32 10015C30 CertCloseStore CRYPT32 10015C34 CertEnumCertificatesInStore CRYPT32 10015C38 PFXExportCertStoreEx CRYPT32 10015C3C CertOpenSystemStoreW CRYPT32 10015C44 CreateCompatibleDC GDI32 10015C48 SelectObject GDI32 10015C4C BitBlt GDI32 10015C50 DeleteDC GDI32 10015C54 DeleteObject GDI32 10015C58 CreateCompatibleBitmap GDI32 10015C60 GetMappedFileNameA PSAPI 10015C64 GetModuleFileNameExW PSAPI 10015C68 EnumProcessModules PSAPI 10015C70 SHGetFolderPathW SHELL32 10015C74 SHGetFolderPathA SHELL32 10015C78 ShellExecuteA SHELL32 10015C80 StrStrA SHLWAPI 10015C84 StrCmpNA SHLWAPI 10015C88 StrToIntExA SHLWAPI 10015C8C StrDupA SHLWAPI 10015C90 StrStrIA SHLWAPI 10015C94 StrTrimA SHLWAPI 10015C98 StrChrA SHLWAPI 10015C9C StrToIntA SHLWAPI 10015CA0 StrChrW SHLWAPI 10015CA4 StrRChrA SHLWAPI 10015CA8 StrRChrW SHLWAPI 10015CB0 ToUnicodeEx USER32 10015CB4 SetWindowsHookExA USER32 10015CB8 GetAncestor USER32 10015CBC GetWindowThreadProcessId USER32 10015CC0 GetShellWindow USER32 10015CC4 GetWindowRect USER32 10015CC8 GetWindowDC USER32 10015CCC GetForegroundWindow USER32 10015CD0 GetDesktopWindow USER32 10015CD4 wsprintfA USER32 10015CD8 ExitWindowsEx USER32 10015CDC GetKeyboardLayout USER32 10015CE0 GetKeyboardState USER32 10015CE4 CallNextHookEx USER32 10015CE8 GetWindowTextW USER32 10015CEC wsprintfW USER32 10015CF0 UnhookWindowsHookEx USER32 10015CF8 InternetConnectW WININET 10015CFC FindCloseUrlCache WININET 10015D00 HttpQueryInfoA WININET 10015D04 InternetConnectA WININET 10015D08 InternetQueryDataAvailable WININET 10015D0C InternetReadFileExA WININET 10015D10 InternetReadFile WININET 10015D14 HttpSendRequestW WININET 10015D18 HttpAddRequestHeadersW WININET 10015D1C HttpQueryInfoW WININET 10015D20 InternetReadFileExW WININET 10015D24 HttpAddRequestHeadersA WININET 10015D28 InternetSetStatusCallback WININET 10015D2C HttpSendRequestA WININET 10015D30 InternetQueryOptionA WININET 10015D34 DeleteUrlCacheEntry WININET 10015D38 FindFirstUrlCacheEntryA WININET 10015D3C InternetSetOptionA WININET 10015D40 HttpOpenRequestA WININET 10015D44 InternetOpenA WININET 10015D48 InternetCloseHandle WININET 10015D4C FindNextUrlCacheEntryA WININET 10015D54 setsockopt WS2_32 10015D58 shutdown WS2_32 10015D5C select WS2_32 10015D60 connect WS2_32 10015D64 closesocket WS2_32 10015D68 WSASetLastError WS2_32 10015D6C WSACreateEvent WS2_32 10015D70 WSAEventSelect WS2_32 10015D74 WSAEnumNetworkEvents WS2_32 10015D78 WSAGetLastError WS2_32 10015D7C WSASend WS2_32 10015D80 ioctlsocket WS2_32 10015D84 WSAStartup WS2_32 10015D88 htons WS2_32 10015D8C WSACleanup WS2_32 10015D90 WSARecv WS2_32 10015D94 bind WS2_32 10015D98 socket WS2_32 10015D9C __WSAFDIsSet WS2_32 10015DA0 send WS2_32 10015DA4 WSACloseEvent WS2_32 10015DA8 WSASetEvent WS2_32 10015DAC recv WS2_32 10015DB0 accept WS2_32 10015DB4 listen WS2_32 10015DB8 gethostbyname WS2_32 10015DC0 GdipSaveImageToStream gdiplus 10015DC4 GdiplusStartup gdiplus 10015DC8 GdipGetImageEncodersSize gdiplus 10015DCC GdipDisposeImage gdiplus 10015DD0 GdipCreateBitmapFromHBITMAP gdiplus 10015DD4 GdipGetImageEncoders gdiplus 10015DDC PR_Read nspr4 10015DE0 PR_GetError nspr4 10015DE4 PR_Poll nspr4 10015DE8 PR_SetError nspr4 10015DEC PR_Close nspr4 10015DF0 PR_Write nspr4 10015DF8 CoCreateGuid ole32 10015DFC CreateStreamOnHGlobal ole32 10015E00 GetHGlobalFromStream ole32 ---- #MalwareMustDie!