-
Notifications
You must be signed in to change notification settings - Fork 0
/
malware_report.txt
244 lines (238 loc) · 170 KB
/
malware_report.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
Beviour Summary Results:
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| file_Name | file_created | file_deleted | file_written | directory_created | regkey_opened | dll_loaded |
+=============================================+================+================+================+=====================+=================+==============+
| VirusShare_3d2ec4d503e282cc0db13d662b92c5e8 | 11 | 4 | 9 | 4 | 499 | 105 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_0a426257e0f45255f4a7366c6e0a309e | 7 | 1 | 5 | 4 | 395 | 83 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_8acf123b9576b7e76c930637ab67f43b | 11 | 4 | 9 | 4 | 499 | 105 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_0611ee394f9c236fc5b3197b8c1f3691 | 11 | 4 | 9 | 4 | 486 | 99 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_65b23015f3b67ec35381c0fff4209b21 | 11 | 4 | 9 | 4 | 499 | 105 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_d8ecc13aba2945c22e6a6f92a26d7e01 | | | | | 40 | 15 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_085de2518f08f8541d71b5e7fead31b4 | 11 | 4 | 9 | 4 | 499 | 105 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_4c2fdd9f819d6b551df945c6bf5faec7 | 11 | 4 | 9 | 4 | 484 | 99 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_427a1136e5e470964ec6aa3a7bd991f8 | 11 | 4 | 9 | 4 | 500 | 105 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| VirusShare_0b109c1cb3f6ae1eb5c8d415e9643c07 | 14 | 4 | 12 | 14 | 283 | 18 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
| Total | 98 | 33 | 80 | 46 | 4184 | 839 |
+---------------------------------------------+----------------+----------------+----------------+---------------------+-----------------+--------------+
Network Results malware(malware):
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| file_Name | udp | tcp | hosts | request | domains |
+=============================================+=======+=======+=========+===========+===========+
| VirusShare_3d2ec4d503e282cc0db13d662b92c5e8 | 25 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_0a426257e0f45255f4a7366c6e0a309e | 22 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_8acf123b9576b7e76c930637ab67f43b | 24 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_0611ee394f9c236fc5b3197b8c1f3691 | 24 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_65b23015f3b67ec35381c0fff4209b21 | 23 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_d8ecc13aba2945c22e6a6f92a26d7e01 | 18 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_085de2518f08f8541d71b5e7fead31b4 | 24 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_4c2fdd9f819d6b551df945c6bf5faec7 | 25 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_427a1136e5e470964ec6aa3a7bd991f8 | 24 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
| VirusShare_0b109c1cb3f6ae1eb5c8d415e9643c07 | 10 | 0 | 0 | [] | 0 |
+---------------------------------------------+-------+-------+---------+-----------+-----------+
Beviour Host and IP Results(malware):
+---------------------------------------------+-----------------------+---------------+
| file_Name | connects_host | connects_ip |
+=============================================+=======================+===============+
| VirusShare_3d2ec4d503e282cc0db13d662b92c5e8 | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_0a426257e0f45255f4a7366c6e0a309e | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_8acf123b9576b7e76c930637ab67f43b | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_0611ee394f9c236fc5b3197b8c1f3691 | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_65b23015f3b67ec35381c0fff4209b21 | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_d8ecc13aba2945c22e6a6f92a26d7e01 | [] | [] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_085de2518f08f8541d71b5e7fead31b4 | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_4c2fdd9f819d6b551df945c6bf5faec7 | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_427a1136e5e470964ec6aa3a7bd991f8 | ['api.v2.secdls.com'] | ['127.0.0.1'] |
+---------------------------------------------+-----------------------+---------------+
| VirusShare_0b109c1cb3f6ae1eb5c8d415e9643c07 | [] | [] |
+---------------------------------------------+-----------------------+---------------+
Beviour APISTATS and DLLS Results(malware):
+---------------------------------------------+------------+--------------+
| file_Name | apistats | dll_loaded |
+=============================================+============+==============+
| VirusShare_3d2ec4d503e282cc0db13d662b92c5e8 | 1092 | 105 |
+---------------------------------------------+------------+--------------+
| VirusShare_0a426257e0f45255f4a7366c6e0a309e | 1332 | 83 |
+---------------------------------------------+------------+--------------+
| VirusShare_8acf123b9576b7e76c930637ab67f43b | 1092 | 105 |
+---------------------------------------------+------------+--------------+
| VirusShare_0611ee394f9c236fc5b3197b8c1f3691 | 1920 | 99 |
+---------------------------------------------+------------+--------------+
| VirusShare_65b23015f3b67ec35381c0fff4209b21 | 1600 | 105 |
+---------------------------------------------+------------+--------------+
| VirusShare_d8ecc13aba2945c22e6a6f92a26d7e01 | 1068 | 15 |
+---------------------------------------------+------------+--------------+
| VirusShare_085de2518f08f8541d71b5e7fead31b4 | 1508 | 105 |
+---------------------------------------------+------------+--------------+
| VirusShare_4c2fdd9f819d6b551df945c6bf5faec7 | 1944 | 99 |
+---------------------------------------------+------------+--------------+
| VirusShare_427a1136e5e470964ec6aa3a7bd991f8 | 592 | 105 |
+---------------------------------------------+------------+--------------+
| VirusShare_0b109c1cb3f6ae1eb5c8d415e9643c07 | 23924 | 18 |
+---------------------------------------------+------------+--------------+
| Total | 36072 | 839 |
+---------------------------------------------+------------+--------------+
Dlls Imported in reports
malware
===================================
SHLWAPI.dll
mshtml.dll
IPHLPAPI.DLL
WININET.dll
rtutils.dll
ws2_32
rasapi32.dll
ntmarta.dll
DHCPCSVC.DLL
winhttp.dll
CRYPTSP.dll
C:\Users\cuckoo2\AppData\Local\Temp\dfs3340.tmp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll
iphlpapi
C:\Windows\system32\ole32.dll
AdvApi32.dll
shlwapi.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\System32\winrnr.dll
NSI.dll
dwmapi.dll
advapi32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
apphelp.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
user32.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
cryptsp.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
OLEAUT32.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
DNSAPI.dll
CFGMGR32.dll
uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\oleacc.dll
SspiCli.dll
RASMAN.DLL
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
rpcrt4.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\syswow64\MSCTF.dll
ws2_32.dll
rasadhlp.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
NETMSG
SETUPAPI.dll
oleaut32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
RpcRtRemote.dll
IEFRAME.dll
RASAPI32.dll
credssp.dll
C:\Users\cuckoo2\AppData\Local\Temp\shell32.dll
version.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
kernel32.dll
dnsapi
kernel32
C:\Windows\System32\mswsock.dll
PROPSYS.dll
ole32.dll
Ntdll
sensapi.dll
MLANG.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
user32
ntdll.dll
C:\Windows\system32\pnrpnsp.dll
OLEAUT32.dll
WS2_32.dll
UxTheme.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\\wminet_utils.dll
C:\Users\cuckoo2\AppData\Local\Temp\nsq3768.tmp\nsExec.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\Accessibility.ni.dll
SHFOLDER
SHELL32.dll
mscoree.dll
C:\Windows\system32\Msimtf.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
VERSION.dll
sxs.dll
C:\Users\cuckoo2\AppData\Local\Temp\nsq3768.tmp\System.dll
ImgUtil.dll
C:\Windows\SysWOW64\oleacc.dll
RPCRT4.dll
C:\Windows\system32\NLAapi.dll
ADVAPI32.dll
Advapi32.dll
profapi.dll
dhcpcsvc.DLL
comctl32.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
gdi32.dll
API-MS-WIN-Service-Management-L1-1-0.dll
shell32.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\SysWOW64\oleaut32.dll
ntdll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
gdiplus.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
oleacc.dll
urlmon.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
SXS.DLL
C:\Windows\system32\napinsp.dll
wininet.dll
===================================
API Details
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| file_Name | API |
+=============================================+==============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| VirusShare_3d2ec4d503e282cc0db13d662b92c5e8 | [('NtOpenSection', 20), ('GetForegroundWindow', 1), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 784), ('NtDelayExecution', 27), ('InternetCrackUrlA', 10), ('SetErrorMode', 238), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 28), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 59), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 84), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 4), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 675), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 43), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 358), ('CreateThread', 24), ('GetSystemDirectoryW', 10), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 27), ('CoInitializeEx', 19), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1428), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 156), ('UuidCreate', 24), ('GetNativeSystemInfo', 1), ('CoUninitialize', 7), ('RegCloseKey', 755), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 22), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 2), ('GetSystemMetrics', 287), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 361), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 39), ('RegEnumKeyExW', 192), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 29), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 17), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 110), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 335), ('NtOpenProcess', 6), ('NtCreateSection', 38), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 78), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 13), ('SetFileTime', 3), ('NtMapViewOfSection', 53), ('CoGetClassObject', 59), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 25), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 27), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 97), ('OpenSCManagerW', 1), ('FindResourceW', 13), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_0a426257e0f45255f4a7366c6e0a309e | [('NtOpenSection', 16), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 2), ('GetFileAttributesW', 77), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 656), ('NtDelayExecution', 25), ('InternetCrackUrlA', 6), ('SetErrorMode', 190), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 119), ('GetCursorPos', 12), ('GetUserNameW', 1), ('GetUserNameA', 2), ('FindResourceExW', 40), ('NtCreateFile', 62), ('GetSystemTimeAsFileTime', 12), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 44), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 12), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 2), ('OpenServiceA', 3), ('RegQueryValueExA', 228), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 53), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 572), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 19), ('NtReadFile', 38), ('HttpSendRequestW', 1), ('NtWriteFile', 5), ('LdrGetDllHandle', 329), ('CreateThread', 22), ('GetSystemDirectoryW', 6), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 23), ('CoInitializeEx', 11), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 36), ('LoadStringW', 40), ('LdrGetProcedureAddress', 1195), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 117), ('UuidCreate', 24), ('GetNativeSystemInfo', 1), ('CoUninitialize', 2), ('RegCloseKey', 643), ('LdrUnloadDll', 15), ('WSAStartup', 1), ('InternetGetConnectedState', 1), ('select', 1), ('GetSystemMetrics', 114), ('GetFileSize', 29), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 343), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 1), ('SetFileInformationByHandle', 6), ('GetComputerNameW', 19), ('NtResumeThread', 8), ('SHGetFolderPathW', 7), ('CoCreateInstance', 27), ('RegEnumKeyExW', 37), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 28), ('RegEnumValueW', 91), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 10), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 16), ('getsockname', 1), ('DrawTextExW', 1), ('GetSystemInfo', 103), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 258), ('NtOpenProcess', 4), ('NtCreateSection', 33), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 73), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 5), ('SetFileTime', 3), ('NtMapViewOfSection', 41), ('CoGetClassObject', 57), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 19), ('SetFilePointer', 24), ('NtUnmapViewOfSection', 19), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 18), ('GetFileAttributesExW', 55), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 91), ('FindResourceW', 5), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_8acf123b9576b7e76c930637ab67f43b | [('NtOpenSection', 20), ('GetForegroundWindow', 1), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 784), ('NtDelayExecution', 28), ('InternetCrackUrlA', 10), ('SetErrorMode', 238), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 27), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 57), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 78), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 4), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 675), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 43), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 358), ('CreateThread', 24), ('GetSystemDirectoryW', 10), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 27), ('CoInitializeEx', 19), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1427), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 156), ('UuidCreate', 24), ('GetNativeSystemInfo', 1), ('CoUninitialize', 7), ('RegCloseKey', 755), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 22), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 2), ('GetSystemMetrics', 297), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 378), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 39), ('RegEnumKeyExW', 192), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 29), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 17), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 110), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 335), ('NtOpenProcess', 6), ('NtCreateSection', 38), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 85), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 11), ('SetFileTime', 3), ('NtMapViewOfSection', 53), ('CoGetClassObject', 59), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 25), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 27), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 97), ('OpenSCManagerW', 1), ('FindResourceW', 11), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_0611ee394f9c236fc5b3197b8c1f3691 | [('NtOpenSection', 19), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 767), ('NtDelayExecution', 29), ('InternetCrackUrlA', 10), ('SetErrorMode', 232), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 28), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 59), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 84), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 2), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 657), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 40), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 354), ('CreateThread', 24), ('GetSystemDirectoryW', 9), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 25), ('CoInitializeEx', 18), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1389), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 147), ('UuidCreate', 25), ('GetNativeSystemInfo', 1), ('CoUninitialize', 6), ('RegCloseKey', 741), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 22), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 1), ('GetSystemMetrics', 303), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 353), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 37), ('RegEnumKeyExW', 190), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 28), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 17), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 104), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 320), ('NtOpenProcess', 5), ('NtCreateSection', 36), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 77), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 13), ('SetFileTime', 3), ('NtMapViewOfSection', 46), ('CoGetClassObject', 57), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 21), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 21), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 94), ('OpenSCManagerW', 1), ('FindResourceW', 13), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_65b23015f3b67ec35381c0fff4209b21 | [('NtOpenSection', 20), ('GetForegroundWindow', 1), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 784), ('NtDelayExecution', 22), ('InternetCrackUrlA', 10), ('SetErrorMode', 238), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 28), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 57), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 84), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 4), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 675), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 40), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 358), ('CreateThread', 24), ('GetSystemDirectoryW', 10), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 27), ('CoInitializeEx', 19), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1428), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 157), ('UuidCreate', 24), ('GetNativeSystemInfo', 1), ('CoUninitialize', 7), ('RegCloseKey', 755), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 23), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 1), ('GetSystemMetrics', 287), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 415), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 39), ('RegEnumKeyExW', 192), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 29), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 17), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 110), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 326), ('NtOpenProcess', 6), ('NtCreateSection', 38), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 63), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 11), ('SetFileTime', 3), ('NtMapViewOfSection', 53), ('CoGetClassObject', 59), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 21), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 27), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 97), ('OpenSCManagerW', 1), ('FindResourceW', 11), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_d8ecc13aba2945c22e6a6f92a26d7e01 | [('CreateToolhelp32Snapshot', 1), ('DeviceIoControl', 2), ('RegCloseKey', 38), ('GetSystemInfo', 1), ('RegQueryValueExA', 6), ('WSAStartup', 2), ('LookupPrivilegeValueW', 2), ('NtClose', 11), ('RegQueryValueExW', 1), ('NtFreeVirtualMemory', 2), ('Process32NextW', 48), ('RegOpenKeyExW', 1), ('NtAllocateVirtualMemory', 9), ('RegOpenKeyExA', 39), ('Process32FirstW', 1), ('GetKeyState', 1), ('NtReadFile', 65141), ('NtOpenFile', 2), ('SetFilePointer', 373), ('FindResourceExW', 251650), ('NtCreateFile', 19), ('GetSystemTimeAsFileTime', 2), ('FindFirstFileExW', 1), ('NtProtectVirtualMemory', 20), ('GetAdaptersInfo', 1), ('LdrGetProcedureAddress', 240), ('GetFileType', 2), ('LdrLoadDll', 15), ('NtQueryInformationFile', 2)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_085de2518f08f8541d71b5e7fead31b4 | [('NtOpenSection', 20), ('GetForegroundWindow', 1), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 784), ('NtDelayExecution', 27), ('InternetCrackUrlA', 10), ('SetErrorMode', 238), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 30), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 57), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 96), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 4), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 675), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 40), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 358), ('CreateThread', 24), ('GetSystemDirectoryW', 10), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 27), ('CoInitializeEx', 19), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1428), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 156), ('UuidCreate', 24), ('GetNativeSystemInfo', 1), ('CoUninitialize', 7), ('RegCloseKey', 755), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 22), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 1), ('GetSystemMetrics', 287), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 347), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 39), ('RegEnumKeyExW', 192), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 29), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 16), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 110), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 326), ('NtOpenProcess', 6), ('NtCreateSection', 38), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 86), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 11), ('SetFileTime', 3), ('NtMapViewOfSection', 53), ('CoGetClassObject', 59), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 21), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 27), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 97), ('OpenSCManagerW', 1), ('FindResourceW', 11), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_4c2fdd9f819d6b551df945c6bf5faec7 | [('NtOpenSection', 19), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 765), ('NtDelayExecution', 29), ('InternetCrackUrlA', 10), ('SetErrorMode', 232), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 27), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 57), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 78), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 2), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 655), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 40), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 353), ('CreateThread', 24), ('GetSystemDirectoryW', 9), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 25), ('CoInitializeEx', 18), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1388), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 147), ('UuidCreate', 24), ('GetNativeSystemInfo', 1), ('CoUninitialize', 6), ('RegCloseKey', 739), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 22), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 1), ('GetSystemMetrics', 303), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 335), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 37), ('RegEnumKeyExW', 190), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 28), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 16), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 104), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 320), ('NtOpenProcess', 5), ('NtCreateSection', 36), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 76), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 11), ('SetFileTime', 3), ('NtMapViewOfSection', 46), ('CoGetClassObject', 57), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 21), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 21), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 94), ('OpenSCManagerW', 1), ('FindResourceW', 11), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_427a1136e5e470964ec6aa3a7bd991f8 | [('NtOpenSection', 20), ('GetForegroundWindow', 1), ('getaddrinfo', 7), ('GetFileVersionInfoSizeW', 2), ('GetAdaptersAddresses', 8), ('GetFileAttributesW', 99), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyExA', 10), ('RegOpenKeyExW', 789), ('NtDelayExecution', 28), ('InternetCrackUrlA', 10), ('SetErrorMode', 238), ('GetFileInformationByHandle', 2), ('RegOpenKeyExA', 135), ('GetCursorPos', 27), ('GetUserNameW', 2), ('GetUserNameA', 2), ('FindResourceExW', 49), ('NtCreateFile', 76), ('GetSystemTimeAsFileTime', 24), ('GlobalMemoryStatusEx', 10), ('InternetSetOptionA', 17), ('LoadResource', 57), ('CoInitializeSecurity', 1), ('SetFileAttributesW', 3), ('GetKeyState', 78), ('NtQueryInformationFile', 18), ('RegSetValueExW', 6), ('RegCreateKeyExW', 10), ('DeviceIoControl', 1), ('InternetSetStatusCallback', 1), ('NtQueryKey', 4), ('OpenServiceA', 3), ('RegQueryValueExA', 246), ('OpenServiceW', 1), ('IsDebuggerPresent', 2), ('LookupPrivilegeValueW', 1), ('NtQueryValueKey', 55), ('RegCreateKeyExA', 15), ('RegQueryValueExW', 686), ('CreateActCtxW', 9), ('NtDeviceIoControlFile', 43), ('NtReadFile', 51), ('HttpSendRequestW', 1), ('NtWriteFile', 9), ('LdrGetDllHandle', 358), ('CreateThread', 24), ('GetSystemDirectoryW', 10), ('SetUnhandledExceptionFilter', 2), ('GetVolumeNameForVolumeMountPointW', 4), ('CoCreateInstanceEx', 10), ('NtProtectVirtualMemory', 27), ('CoInitializeEx', 19), ('RegDeleteValueW', 8), ('socket', 1), ('SearchPathW', 42), ('LoadStringW', 80), ('LdrGetProcedureAddress', 1429), ('NtOpenThread', 2), ('RegSetValueExA', 18), ('RegDeleteValueA', 3), ('LdrLoadDll', 157), ('UuidCreate', 25), ('GetNativeSystemInfo', 1), ('CoUninitialize', 7), ('RegCloseKey', 759), ('GetBestInterfaceEx', 2), ('LdrUnloadDll', 23), ('ioctlsocket', 2), ('WSAStartup', 6), ('InternetGetConnectedState', 1), ('select', 2), ('GetSystemMetrics', 297), ('GetFileSize', 31), ('InternetCloseHandle', 2), ('IWbemServices_ExecQuery', 10), ('GetShortPathNameW', 1), ('InternetQueryOptionA', 4), ('NtAllocateVirtualMemory', 387), ('ReadProcessMemory', 20), ('CreateDirectoryW', 4), ('DeleteFileW', 4), ('SetFileInformationByHandle', 14), ('WSASocketW', 4), ('GetComputerNameW', 20), ('NtResumeThread', 8), ('SHGetFolderPathW', 8), ('CoCreateInstance', 39), ('RegEnumKeyExW', 193), ('CryptAcquireContextW', 1), ('FindFirstFileExW', 29), ('closesocket', 2), ('RegEnumValueW', 93), ('GetTempPathW', 2), ('GetTimeZoneInformation', 2), ('NtOpenMutant', 12), ('SetWindowsHookExW', 2), ('RegEnumValueA', 55), ('GetFileType', 10), ('InternetOpenW', 1), ('connect', 1), ('NtDuplicateObject', 17), ('getsockname', 1), ('DrawTextExW', 7), ('GetSystemInfo', 110), ('setsockopt', 2), ('FindWindowW', 2), ('GetSystemWindowsDirectoryW', 13), ('NtClose', 342), ('NtOpenProcess', 6), ('NtCreateSection', 38), ('HttpOpenRequestW', 1), ('NtFreeVirtualMemory', 87), ('RtlAddVectoredContinueHandler', 1), ('SizeofResource', 11), ('SetFileTime', 3), ('NtMapViewOfSection', 53), ('CoGetClassObject', 59), ('OleInitialize', 1), ('NtOpenFile', 1), ('RegQueryInfoKeyW', 26), ('SetFilePointer', 42), ('NtUnmapViewOfSection', 27), ('__exception__', 3), ('HttpQueryInfoA', 2), ('NtQueryAttributesFile', 5), ('RegQueryInfoKeyA', 1), ('NtCreateMutant', 30), ('GetFileAttributesExW', 61), ('InternetConnectW', 1), ('bind', 1), ('NtOpenKey', 97), ('OpenSCManagerW', 1), ('FindResourceW', 11), ('GetFileVersionInfoW', 1), ('OpenSCManagerA', 3)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| VirusShare_0b109c1cb3f6ae1eb5c8d415e9643c07 | [('LdrUnloadDll', 1), ('NtEnumerateValueKey', 3), ('NtCreateSection', 1), ('NtAllocateVirtualMemory', 3), ('NtMapViewOfSection', 1), ('GetFileType', 4), ('NtOpenKey', 35), ('OpenSCManagerW', 2), ('LdrGetProcedureAddress', 4), ('OpenServiceW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtCreateFile', 1), ('NtQueryValueKey', 15), ('GetSystemTimeAsFileTime', 1), ('LdrLoadDll', 2), ('NtTerminateProcess', 3), ('NtWriteFile', 4), ('LdrGetDllHandle', 3), ('NtClose', 31), ('LdrUnloadDll', 1), ('NtEnumerateValueKey', 3), ('NtCreateSection', 1), ('NtAllocateVirtualMemory', 3), ('NtMapViewOfSection', 1), ('GetFileType', 4), ('NtOpenKey', 35), ('OpenSCManagerW', 2), ('LdrGetProcedureAddress', 4), ('OpenServiceW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtCreateFile', 1), ('NtQueryValueKey', 15), ('GetSystemTimeAsFileTime', 1), ('LdrLoadDll', 2), ('NtTerminateProcess', 3), ('NtWriteFile', 4), ('LdrGetDllHandle', 3), ('NtClose', 31), ('NtEnumerateValueKey', 3), ('NtAllocateVirtualMemory', 3), ('NtOpenKey', 33), ('GetSystemDirectoryW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtTerminateProcess', 3), ('NtQueryValueKey', 13), ('GetSystemTimeAsFileTime', 1), ('LdrGetDllHandle', 2), ('CreateProcessInternalW', 1), ('NtClose', 29), ('NtEnumerateValueKey', 3), ('NtAllocateVirtualMemory', 3), ('NtOpenKey', 33), ('GetSystemDirectoryW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtTerminateProcess', 3), ('NtQueryValueKey', 13), ('GetSystemTimeAsFileTime', 1), ('LdrGetDllHandle', 2), ('CreateProcessInternalW', 1), ('NtClose', 29), ('NtDuplicateObject', 1), ('RegCloseKey', 6), ('GetSystemTimeAsFileTime', 1), ('LdrUnloadDll', 1), ('NtTerminateProcess', 3), ('NtQueryValueKey', 5), ('RegQueryValueExW', 2), ('NtFreeVirtualMemory', 2), ('RegOpenKeyExW', 4), ('IWbemServices_ExecQuery', 2), ('NtAllocateVirtualMemory', 14), ('LdrGetDllHandle', 10), ('CoGetClassObject', 1), ('GetComputerNameW', 1), ('CoCreateInstance', 2), ('NtUnmapViewOfSection', 1), ('SetUnhandledExceptionFilter', 1), ('CoCreateInstanceEx', 1), ('CoInitializeEx', 1), ('NtOpenKey', 9), ('LdrGetProcedureAddress', 8), ('CoInitializeSecurity', 1), ('UuidCreate', 2), ('NtClose', 35), ('LdrUnloadDll', 1), ('NtEnumerateValueKey', 3), ('NtCreateSection', 1), ('NtAllocateVirtualMemory', 3), ('NtMapViewOfSection', 1), ('GetFileType', 4), ('NtOpenKey', 35), ('OpenSCManagerW', 2), ('LdrGetProcedureAddress', 4), ('OpenServiceW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtCreateFile', 1), ('NtQueryValueKey', 15), ('GetSystemTimeAsFileTime', 1), ('LdrLoadDll', 2), ('NtTerminateProcess', 3), ('NtWriteFile', 4), ('LdrGetDllHandle', 3), ('NtClose', 31), ('LdrUnloadDll', 1), ('NtEnumerateValueKey', 3), ('NtCreateSection', 1), ('NtAllocateVirtualMemory', 3), ('NtMapViewOfSection', 1), ('GetFileType', 4), ('NtOpenKey', 35), ('OpenSCManagerW', 2), ('LdrGetProcedureAddress', 4), ('OpenServiceW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtCreateFile', 1), ('NtQueryValueKey', 15), ('GetSystemTimeAsFileTime', 1), ('LdrLoadDll', 2), ('NtTerminateProcess', 3), ('NtWriteFile', 4), ('LdrGetDllHandle', 3), ('NtClose', 31), ('NtDuplicateObject', 5), ('NtOpenSection', 5), ('CoUninitialize', 18), ('RegCloseKey', 381), ('GetNativeSystemInfo', 1), ('SetFilePointerEx', 1), ('RegQueryValueExA', 6), ('GetFileAttributesExW', 11), ('GetSystemWindowsDirectoryW', 8), ('NtQueryValueKey', 12), ('RegCreateKeyExA', 17), ('FindResourceExW', 2), ('NtOpenProcess', 14), ('GetFileAttributesW', 57), ('RegQueryValueExW', 2237), ('NtMapViewOfSection', 11), ('GetVolumePathNamesForVolumeNameW', 8), ('RegEnumKeyW', 111), ('CreateActCtxW', 2), ('GetFileSize', 1), ('RegOpenKeyExW', 487), ('NtDelayExecution', 21), ('SetErrorMode', 9), ('NtReadFile', 233), ('RegOpenKeyExA', 9), ('DeleteFileW', 4), ('NtWriteFile', 93), ('LdrGetDllHandle', 42), ('NtFreeVirtualMemory', 81), ('LdrUnloadDll', 9), ('NtQuerySystemInformation', 1), ('SetFilePointer', 21), ('OleInitialize', 2), ('NtOpenFile', 61), ('GetFileSizeEx', 1), ('NtUnmapViewOfSection', 13), ('CoCreateInstance', 2), ('GetSystemDirectoryW', 1), ('NtQueryDirectoryFile', 112), ('LoadStringW', 1), ('GetTempPathW', 1), ('NtCreateFile', 83), ('GetVolumeNameForVolumeMountPointW', 4), ('GetSystemTimeAsFileTime', 140), ('GetSystemDirectoryA', 7), ('GlobalMemoryStatusEx', 1), ('NtQueryAttributesFile', 2), ('FindFirstFileExW', 13), ('NtCreateMutant', 2), ('NtProtectVirtualMemory', 1), ('CoInitializeEx', 16), ('GetFileInformationByHandleEx', 1), ('NtCreateSection', 9), ('RemoveDirectoryA', 1), ('NtOpenKey', 30), ('LoadResource', 2), ('LdrGetProcedureAddress', 78), ('CreateDirectoryW', 16), ('RegSetValueExA', 17), ('NtAllocateVirtualMemory', 115), ('SetFileAttributesW', 3), ('SetFileTime', 8), ('LdrLoadDll', 22), ('NtTerminateProcess', 3), ('NtQueryInformationFile', 50), ('CreateProcessInternalW', 9), ('NtClose', 360), ('NtEnumerateValueKey', 3), ('NtAllocateVirtualMemory', 3), ('NtOpenKey', 33), ('GetSystemDirectoryW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtTerminateProcess', 3), ('NtQueryValueKey', 13), ('GetSystemTimeAsFileTime', 1), ('LdrGetDllHandle', 2), ('CreateProcessInternalW', 1), ('NtClose', 29), ('NtDuplicateObject', 1), ('RegCloseKey', 6), ('CoCreateInstanceEx', 1), ('LdrUnloadDll', 1), ('NtTerminateProcess', 3), ('NtQueryValueKey', 5), ('RegQueryValueExW', 2), ('NtFreeVirtualMemory', 2), ('RegOpenKeyExW', 4), ('IWbemServices_ExecQuery', 2), ('NtAllocateVirtualMemory', 13), ('LdrGetDllHandle', 7), ('CoGetClassObject', 1), ('GetComputerNameW', 1), ('CoCreateInstance', 2), ('NtUnmapViewOfSection', 1), ('SetUnhandledExceptionFilter', 1), ('GetSystemTimeAsFileTime', 1), ('CoInitializeEx', 1), ('WriteConsoleA', 2), ('NtOpenKey', 9), ('LdrGetProcedureAddress', 8), ('CoInitializeSecurity', 1), ('GetFileType', 3), ('UuidCreate', 2), ('NtClose', 30), ('NtDuplicateObject', 1), ('RegCloseKey', 8), ('CoCreateInstanceEx', 1), ('LdrUnloadDll', 2), ('NtTerminateProcess', 3), ('NtQueryValueKey', 5), ('RegQueryValueExW', 2), ('NtFreeVirtualMemory', 2), ('RegOpenKeyExW', 4), ('IWbemServices_ExecQuery', 2), ('NtAllocateVirtualMemory', 14), ('LdrGetDllHandle', 15), ('CoGetClassObject', 1), ('GetComputerNameW', 1), ('CoCreateInstance', 2), ('NtUnmapViewOfSection', 1), ('SetUnhandledExceptionFilter', 1), ('GetSystemTimeAsFileTime', 1), ('CoInitializeEx', 1), ('WriteConsoleA', 2), ('NtOpenKey', 9), ('LdrGetProcedureAddress', 10), ('CoInitializeSecurity', 1), ('GetFileType', 3), ('UuidCreate', 2), ('NtClose', 32), ('NtEnumerateValueKey', 3), ('NtAllocateVirtualMemory', 3), ('NtOpenKey', 33), ('GetSystemDirectoryW', 1), ('SetUnhandledExceptionFilter', 1), ('NtEnumerateKey', 2), ('NtTerminateProcess', 3), ('NtQueryValueKey', 13), ('GetSystemTimeAsFileTime', 1), ('LdrGetDllHandle', 2), ('CreateProcessInternalW', 1), ('NtClose', 29)] |
+---------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+