Next, we look at the files’ imports and strings beginning with the .exe. All of the imports from msvcrt.dll are functions that are included in nearly every executable as part of the wrapper code added by the compiler.
When we look at the imports from kernel32.dll, we see functions for opening and manipulating files, as well as the functions FindFirstFile
and FindNextFile
. These functions tell us that the malware searches through the , once we have covered the skills to analyze it fully.)