Analysis Date2015-05-06 19:57:48
MD5136fbe595207359c166cd3ed0821015c
SHA1b34ce697b99ff7abda7cc2f2161d003c09b5b0e2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5ce106ac0d47dc33fef443a002e741c9 sha1: 5d371d8775285e2f66ac7ce1963a1a0c8f86b1fd size: 40960
Sectioncode md5: 427b1fe57b3b0a37a8fc4c3247916ebe sha1: 7a15c53e18e12606cb0964672e4fef51487d7aaa size: 8192
Section.rdata md5: 6b3c76e42e658b5fa920c36a25140b4f sha1: 760cd9f84aa8f41b0b07985e9ca17552ab337e11 size: 20480
Section.data md5: 156ffa3ae5e41afde65980193db8211b sha1: 623abacf2ae2003904992891d96e029565f2c080 size: 28672
Section.reloc md5: db2bf32907d9ea5f667ce41580563f03 sha1: 7806fd2330238e62e838d8b304ee9c6d2c45367c size: 8192
Section.imports md5: 92ea04320271101c1f47e7bb10b57095 sha1: 4a27f794c92077b9a18fa90baadfc26125a4ad0d size: 4096
Timestamp2015-05-01 10:18:51
PEhash68be8d767f1ed4e633f7ea9775bf5f26ef67b983
IMPhash0a42bd185889bf7e7a9440cd4b4a2ea9
AVAd-AwareGen:Variant.Kazy.590541
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Kazy.590541
AVAuthentiumW32/S-d37a73f3!Eldorado
AVAvira (antivir)TR/Downloader.Gen
AVBitDefenderGen:Variant.Kazy.590541
AVBullGuardGen:Variant.Kazy.590541
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Kazy.590541
AVEset (nod32)Win32/Dorkbot.J worm
AVFortinetW32/Dorkbot.J!worm
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.590541
AVGrisoft (avg)Win32/DH.FF8203AB{Mw}
AVIkarusWorm.Win32.Dorkbot
AVK7Trojan ( 004bd58c1 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.590541
AVPadvishno_virus
AVRisingError Scanning File
AVSophosMal/Behav-010
AVSymantecno_virus
AVTrend Microno_virus
AVTwisterno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
.
.
l
\*.*
4ZBR19116-NNIF
82z2z2s2d2g4j6k4l62d
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
Adobe
\advapi32.dll
advapi32.dll
alFSVWJB
alg.exe
\apiSoftCA
BCDEFGHIJKLMNOPQRSTUVWXYZ
bett2f00
bett2f002
\bett2f002
bfsvc.exe
calc.exe
C:\Documents and Settings\All users\Start Menu\Programs\Startup
C:\Documents and Settings\User\
C:\Documents and Settings\User\Application Data\Microsoft\Windows\Themes
C:\Documents and Settings\User\Application Data\Windows Live
C:\Documents and Settings\User\Application Data\Windows Live\wbaijgwjlu.exe
C:\Documents and Settings\User\Application Data\WindowsUpdate
.cmd
\cmd.exe
.com
CreativeAudio
\CreativeAudio
crypt32.dll
csrss.exe
/c "start %%cd%%%s & attrib -s -h %%cd%%%s & xcopy /F /S /Q /H /R /Y %%cd%%%s %%temp%%\%s\ & attrib +s +h %%cd%%%s & start %%temp%%\%s\%s & exit"
/c "%%SystemRoot%%\explorer.exe %%cd%%%s & attrib -s -h %%cd%%%s & xcopy /F /S /Q /H /R /Y %%cd%%%s %%temp%%\%s\ & attrib +s +h %%cd%%%s & start %%temp%%\%s\%s & exit"
/c taskkill /F /IM Explorer.exe
C:\WINDOWS\Temp\nomxptvoe.exe
C:\WINDOWS\Temp\temp41.tmp
C:\WINDOWS\Temp\ywvxpmrth.exe
dnsapi.dll
d:Zone.Identifier
explorer.exe
.gonewiththewings
*.gonewiththewings
helppane.exe
hh.exe
Identities
\Identities
iexplore.exe
\Internet Explorer\
iphlpapi.dll
jjjj
jjjjjj
KOPWELERGKR23930DW
.lnk
lsass.exe
\Microsoft
\Microsoft\Windows
\Microsoft\Windows\Themes
msiexec.exe
netapi32.dll
netutils.dll
notepad.exe
\ntdll.dll
ole32.dll
OLLYDBG.EXE
open
petools.exe
.pif
%rand%
Reader_sl.exe
regedit.exe
rpcrt4.dll
rstrui.exe
rundll32.exe
%s\*
%s\*.*
samcli.dll
.scr
%s\Documents and Settings\All users\Start Menu\Programs\Startup
secur32.dll
SeDebugPrivilege
services.exe
shell32.dll
shlwapi.dll
smsniff.exe
smss.exe
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Uazi Soft
spoolsv.exe
%s\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
%s\Recycler
%s\%s
%s\%s.lnk
--startup
svchost.exe
System
\system32
[System Process]
%SystemRoot%\system32\cmd.exe
%SystemRoot%\system32\SHELL32.dll
temp41.tmp
twunk_16.exe
twunk_32.exe
UaziVer
%uniq%
%uniq%.exe
urlmon.dll
user32.dll
userenv.dll
w.exe
\Windows Live
\Windows Live\
Windows Live
\WindowsUpdate
\WindowsUpdate\Updater.exe
winhelp.exe
winhlp32.exe
wininet.dll
winlogon.exe
wireshark.exe
write.exe
ws2_32.dll
wtsapi32.dll
ZBR-JNSEXOBM
:Zone.Identifier
0 0&0,02080>0D0J0P0V0\0b0h0n0t0z0
0"0(0.040:0@0F0L0R0X0^0d0j0p0v0|0
0.0=0D0f0m0u0|0
0040<0@0X0\0p0x0
0/060C0J0Y0r0
0&0A0N0c0p0
0/0S0s0
0#1(151U1y1~1
02373=3D3
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<
: :$:(:,:0:4:8:<:@:D:l:p:t:x:|:
<$<*<0<6<<<B<H<N<T<Z<`<f<l<r<x<~<
;$;*;0;6;<;B;H;N;T;Z;`;f;l;r;x;~;
:$:*:0:6:<:B:H:N:T:Z:`:f:l:r:x:~:
?$?*?0?6?<?B?H?N?T?Z?`?f?l?r?x?~?
$0A0G0
0F1W1m1
<$<0<l<p<x<|<
1$1*10161<1B1H1N1T1Z1`1f1l1r1x1~1
1"1(1.141:1@1F1L1R1X1^1d1j1p1v1|1
1!1+1X1d1j1o1t1z1
191D1K1g1p1{1
1L1Q1^1
>1>Y>f>|>
1z2z3reas34534543233245x6
2$2*20262<2B2H2N2T2Z2`2f2l2r2x2~2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2
2 2&2,22282>2D2J2P2V2\2b2h2n2t2z2
2#2(2@2H2N2b2o2t2z2
2%2/232>2C2M2V2`2d2o2t2~2
2%2-272<2B2J2W2\2a2n2s2x2
2%2*272W2{2
2+2B2e2
< <&<,<2<8<><D<J<P<V<\<b<h<n<t<z<
= =&=,=2=8=>=D=J=P=V=\=b=h=n=t=z=
; ;&;,;2;8;>;D;J;P;V;\;b;h;n;t;z;
: :&:,:2:8:>:D:J:P:V:\:b:h:n:t:z:
? ?&?,?2?8?>?D?J?P?V?\?b?h?n?t?z?
? ?%?2?K?u?
3 3&3,32383>3D3J3P3V3\3b3h3n3t3z3
3$3-333G3
3"3(3.343:3@3F3L3R3X3^3d3j3p3v3|3
333S3w3
3)383Q3^3e3
3	4!4^4t4
<3=S=w=|=
4$4*40464<4B4H4N4T4Z4`4f4l4r4x4~4
4"4(4.444:4@4F4L4R4X4^4d4j4p4v4|4
4 4$4T4X4`4d4|4
4*4F4[4o4t4
464h4|4
?$?(?,?4?8?<?@?D?H?L?P?T?X?
:!;4;\;a;k;
4B4G4T4t4
="=(=.=4=:=@=F=L=R=X=^=d=j=p=v=|=
>">(>.>4>:>@>F>L>R>X>^>d>j>p>v>|>
;";(;.;4;:;@;F;L;R;X;^;d;j;p;v;|;
:":(:.:4:::@:F:L:R:X:^:d:j:p:v:|:
>">(>.>4>:>H>L>P>T>X>\>`>d>h>l>p>t>x>
;$<4<J<f<
<	=%=.=4=?=R=[=a=m=
= =4=;=T=[=a=h=|=
4U5^5c5t5z5
5$5*50565<5B5H5N5T5Z5`5f5l5r5x5~5
5$5+525:5A5G5W5b5i5o5v5{5
5 5-525?5D5Q5V5c5h5u5z5
5&5:5|5
5 5&5,52585>5D5J5P5V5\5b5h5n5t5z5
5"5(5.545:5@5F5L5R5X5^5d5j5p5v5|5
5$5)555A5U5b5j5p5
5+555S5t5
5&585Q5q5
:%:.:5:::A:G:N:T:[:a:j:p:x:
?(?5?F?
;!;+;5;?;I;S;];g;q;
=#>(>5>U>y>~>
6$6*60666<6B6H6N6T6Z6`6f6l6r6x6~6
6%6+636F6X6c6m6y6
6)6/656<6T6Z6q6x6
6"6(6.646:6@6F6L6R6X6^6d6j6p6v6|6
6 6&666H6P6Z6d6n6t6}6
6<6@6D6H6L6P6T6X6\6`6d6h6l6t6x6|6
6`6i6n6
6;6P6k6u6
?.?6?<?F?[?c?i?s?
>6>R>X>u>
7!737y7
7$7*70767<7B7H7N7T7Z7`7f7l7r7x7~7
7 7&7,72787>7D7J7P7V7\7b7h7n7t7z7
7 7&7-74797@7F7M7S7]7c7n7u7|7
7/7:7S7
7>7O7a7u7{7
7*8L8|8@9z9
7G7c7y7
7P7f7|7
8#808>8J8R8q8w8
8.838D8I8Z8_8p8u8
8(8,8084888<8@8D8H8L8P8T8X8`8d8h8l8p8t8x8|8
8 8&8,82888>8D8J8P8V8\8b8h8n8t8z8
8"8(8.848:8@8F8L8R8X8^8d8j8p8v8|8
8<8@8H8L8d8h8|8
8,8=8O8b8i8p8
8,999E9J9P9b9i9p9w9
<$<8<[<g<t<
90969<9B9H9N9T9Z9`9f9l9r9x9~9
91979K9U9_9v9
9%:2:=:
92989?9D9J9O9U9Z9l9q9~9
9$9*90969<9B9H9N9T9Z9`9f9l9r9x9~9
9$9*919E9L9R9b9u9|9
9#9(959K9_9}9
9 9&9,92989>9D9J9P9V9\9b9h9n9t9z9
9"9(9.949:9@9F9L9R9X9^9d9j9p9v9|9
9-:D:T:b:
9):@:z:
AdjustTokenPrivileges
advapi32.dll
ADVAPI32.dll
:":/:A:h:
bgbgvqijvmmurrvaxwyajtqjbeodutvliun
B.imports
?.?C?c?
CharLowerW
CloseHandle
closesocket
CoCreateGuid
CoCreateInstance
CoInitializeEx
CopyFileW
CoUninitialize
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateProcessW
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
@.data
debug_cache_dump_2384394.dmp
DeleteFileW
<@>D>L>P>h>l>
%dMutex%dExplorer%dMutex%d
dnsapi.dll
DNSAPI.dll
DnsQuery_A
DnsRecordListFree
downloader 
downloader2 
=-=>=D=Q=V=\=i=p={=
DuplicateHandle
E#+E/^ZY
>E>K>]>j>s>x>~>
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindNextFileW
:F:P:~:
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDriveTypeW
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessImageFileNameW
GetProcessVersion
GetQueuedCompletionStatus
GetShellWindow
GetSystemTimeAsFileTime
GetSystemWow64DirectoryW
GetTempPathW
GetTickCount
GetUserNameW
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowThreadProcessId
;<;G;e;z;
http://108.59.2.221/apachenigix.gif
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InitializeCriticalSection
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetSetOptionA
IsWoW64Process
:#:(:.:j:w:|:
;=<J<W<
kernel32.dll
KERNEL32.dll
kernelbase.dll
>K>_>w>
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LookupPrivilegeValueW
lstrcatA
lstrcatW
lstrcmpiA
lstrcmpiW
lstrcmpW
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW
;:<_<l<x<
MapViewOfFile
MessageBoxA
MoveFileExW
MoveFileW
MultiByteToWideChar
MUTEX_NAME_
:!:':;:N:b:x:}:
@nRich
ntdll.dll
NtQueryDirectoryFile
NtQueryInformationThread
NtQueueApcThread
NtResumeThread
</=O=\=
ObtainUserAgentString
ole32.dll
OpenProcess
OpenProcessToken
<-<:<[<p<~<
P0e0z0
PathFindFileNameW
PathRemoveArgsW
?>pop.apavcul.ru
?>pop.atbmbqy.ru
?>pop.avzeenn.ru
?>pop.axqiitr.ru
?>pop.axsesol.ru
?>pop.axtllfe.ru
?>pop.ayazssi.ru
?>pop.aymkobiqx.com
?>pop.bgjtwltjm.com
?>pop.bnxqqyjey.com
?>pop.bpkhpqq.ru
?>pop.busyzboor.com
?>pop.bzretpwbi.com
?>pop.connect4.ru
?>pop.consultinginc.ru
?>pop.cpegnjp.ru
?>pop.cpltrmhvw.com
?>pop.ctuiwslxa.com
?>pop.ctwljzq.ru
?>pop.eaiiecw.ru
?>pop.ecbspeg.ru
?>pop.eckxyvxuo.com
?>pop.eebgghfs.ru
?>pop.eejovgiwp.com
?>pop.eemwhuiyq.com
?>pop.einlbzpaw.com
?>pop.ejcvqnhqq.com
?>pop.ekiqyun.ru
?>pop.etvnzswkt.com
?>pop.etyrmcain.com
?>pop.euxpcth.ru
?>pop.evyqzlc.ru
?>pop.evzyuhzjt.com
?>pop.eybfitfev.com
?>pop.eyeyofu.ru
?>pop.faxxrtrck.com
?>pop.fmfmlnkfz.com
?>pop.fmnjafp.ru
?>pop.fnyswnkvk.com
?>pop.foinbymai.com
?>pop.fqayzag.ru
?>pop.fqcyuitma.com
?>pop.ftlalitzk.com
?>pop.futnctici.com
?>pop.gglwjgz.ru
?>pop.ghbzfbftq.com
?>pop.guepcvzsr.com
?>pop.gzjjprkuf.com
?>pop.gzuglsssx.com
?>pop.hbyqvjzha.com
?>pop.hiznnvmvu.com
?>pop.hjysyxo.ru
?>pop.hlzrcohxk.com
?>pop.hoivnno.ru
?>pop.hoxzxeuzk.com
?>pop.hrfomio.ru
?>pop.htcahgw.ru
?>pop.hwrcmsr.ru
?>pop.iatybkkar.com
?>pop.ifzsrlfew.com
?>pop.ilcoyfb.ru
?>pop.ilhbyto.ru
?>pop.imvhhht.ru
?>pop.inqmzqvxx.com
?>pop.ioeajlk.ru
?>pop.iqtzchf.ru
?>pop.itfutureclub.ru
?>pop.itobhao.ru
?>pop.iuezhkq.ru
?>pop.iuvoeauzy.com
?>pop.iywjiyxur.com
?>pop.jciuzam.ru
?>pop.jeuuinloc.com
?>pop.jiomqnk.ru
?>pop.jkkjymtb.com
?>pop.jqcnoab.ru
?>pop.jwfslgh.ru
?>pop.jwzuyjyk.ru
?>pop.jywgybvhe.com
?>pop.kcwloqp.ru
?>pop.ketnxrsck.com
?>pop.kfcqyyhks.com
?>pop.kgbqfkr.ru
?>pop.klhrsjhor.com
?>pop.knlscwy.ru
?>pop.kpoxavz.ru
?>pop.ktqqaowqt.com
?>pop.kvwkwxxeo.com
?>pop.lccnpri.ru
?>pop.lcqqhkgzj.com
?>pop.lhoggcq.ru
?>pop.lkxxvyx.ru
?>pop.lliziyr.ru
?>pop.lltiufg.ru
?>pop.lojcajs.ru
?>pop.lqcloywqm.com
?>pop.lqtmgjw.ru
?>pop.lrloeyb.ru
?>pop.lvwmabhxu.com
?>pop.lxsrvwk.ru
?>pop.mabtmqg.ru
?>pop.mfyitli.ru
?>pop.mhytswh.ru
?>pop.mibjkib.ru
?>pop.mquwkqo.ru
?>pop.mswteam.ru
?>pop.mwvthng.ru
?>pop.mxnextt.ru
?>pop.natntbuo.ru
?>pop.nbfysuh.ru
?>pop.nfryflklt.com
?>pop.nnzrwmt.ru
?>pop.nphvjmlhl.com
?>pop.npjahwj.ru
?>pop.nuyftxn.ru
?>pop.nvuebzo.ru
?>pop.nyuiejknj.com
?>pop.nywkpib.ru
?>pop.oavgzofqu.com
?>pop.ocesuej.ru
?>pop.ogikgxq.ru
?>pop.ojantlj.ru
?>pop.oysjskg.ru
?>pop.pfzgiof.ru
?>pop.pjepesjxg.com
?>pop.pjhzure.ru
?>pop.pnxfuag.ru
?>pop.ppohnqab.com
?>pop.prbmgxklr.com
?>pop.prqoton.ru
?>pop.qlmkxqlx.com
?>pop.qmgvfoxcn.com
?>pop.qnqcwlj.ru
?>pop.qnqmniznm.com
?>pop.qopntzvzc.com
?>pop.qstopsi.ru
?>pop.qujwlgt.ru
?>pop.qzibngc.ru
?>pop.rbpqvbeny.com
?>pop.rcuraaqje.com
?>pop.riyfoawpx.com
?>pop.rntriwf.ru
?>pop.ronjyfj.ru
?>pop.rrplviaoy.com
?>pop.rxwanetgo.com
?>pop.rzhheil.ru
?>pop.skbqrtc.ru
?>pop.sokwxrzyr.com
?>pop.sqcokri.ru
?>pop.srpfrgvvm.com
?>pop.srzbytt.ru
?>pop.sxazgprlz.com
?>pop.tbyrzhrkv.com
?>pop.thelove740.ru
?>pop.tinyupdates.ru
?>pop.tmubkvpyk.com
?>pop.tpalenc.ru
?>pop.tpelpgxfu.com
?>pop.trrppxw.ru
?>pop.tsjvtaj.ru
?>pop.ttkpugnbu.com
?>pop.tuvxubocs.com
?>pop.tvugttl.ru
?>pop.tyfriyl.ru
?>pop.tzcyqrb.ru
?>pop.tzsfbic.ru
?>pop.ubjgljalg.com
?>pop.ucnanrzjn.com
?>pop.uglkfimyh.com
?>pop.ugmwkjeio.com
?>pop.uhsuifbyi.com
?>pop.ukmsske.ru
?>pop.umesejx.ru
?>pop.uquklrxvq.com
?>pop.uvieegpuz.com
?>pop.vbstthxbc.com
?>pop.vfukgsuopav.ru
?>pop.vhnnbcqyw.com
?>pop.vijvseapa.com
?>pop.vindustry.ru
?>pop.vivfcpmzj.com
?>pop.vkcqbeszm.com
?>pop.vojzqms.ru
?>pop.vrcjhvaov.com
?>pop.vsifjchzu.com
?>pop.vtatbbx.ru
?>pop.w8start.ru
?>pop.wbultnili.com
?>pop.wgcapsioe.com
?>pop.whxwcavvg.com
?>pop.wirqivabl.com
?>pop.wjpqpuc.ru
?>pop.wshcqvjzv.com
?>pop.wshxzmlbc.com
?>pop.xbziiasm.com
?>pop.xhmwmlubs.com
?>pop.xlhbxeoru.com
?>pop.xonpqigw.ru
?>pop.xosecjxic.com
?>pop.xppqcnjjr.com
?>pop.xzrrlfx.ru
?>pop.ygbtzrhwi.com
?>pop.ynkfplonq.com
?>pop.yofopcwyc.com
?>pop.ypjrmoigz.com
?>pop.ypkpwkyrp.com
?>pop.ypqctjbwk.com
?>pop.zfzhpps.ru
?>pop.zhrelfk.ru
?>pop.zimbbth.ru
?>pop.zogswipri.com
?>pop.zrwolqp.ru
?>pop.zrxtugb.ru
?>pop.zymkela.ru
?>pop.zyokzzwvi.com
?>pop.zzuxqcw.ru
Process32FirstW
Process32NextW
psapi.dll
Qkkbal
QueryPerformanceCounter
;*<><R<_<~<
Range: bytes=%d-%d
`.rdata
ReadFile
reboot
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueExW
RegSetValueExW
.reloc
ResetEvent
;%;S;`;
SetCurrentDirectoryW
SetEvent
SetFileAttributesW
SetFilePointer
SetHandleContext
SetLastError
SetUnhandledExceptionFilter
shell32.dll
SHELL32.dll
ShellExecuteW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderPathW
shlwapi.dll
SHLWAPI.dll
StrChrW
StrCmpNIW
StrRChrW
StrStrW
TerminateProcess
TerminateThread
!This program cannot be run in DOS mode.
uninstall
UnlockFile
UnmapViewOfFile
update 
update2 
urlmon.dll
user32.dll
USER32.dll
User Agent
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
wininet.dll
WININET.dll
WriteFile
WriteProcessMemory
ws2_32.dll
WS2_32.dll
WSAGetLastError
WSARecvFrom
WSASendTo
WSASocketW
WSAStartup
wsprintfA
wsprintfW
wWXZOlIzwOwzIlOZXWw
?#?-?X?i?z?
ZwQueryDirectoryFile
ZwQueryInformationThread
ZwQueueApcThread
ZwResumeThread
ZwSetLdtEntries