b2bdadbd133d95aeccc6413629917b9f708f64cafcc461753b1cc747b9926644

Sharing

Copy URL Twitter E-mail

General

Target

b2bdadbd133d95aeccc6413629917b9f708f64cafcc461753b1cc747b9926644
Size

169KB
MD5

2455c02c38a7b3d884a4df3d0965c3f3
SHA1

45048075224c6c0694e1cbd17561aa11e166f216
SHA256

b2bdadbd133d95aeccc6413629917b9f708f64cafcc461753b1cc747b9926644
SHA512

ddea24e6eaed1ee6f4e5436c916e69314cdb04fbb952bb67c5a380a96c57fb4196bd4fa45f44953e3100701c123ff5926bda5a4173d1f5c7e30a98a36cddd228
SSDEEP

3072:jQdZlSQ47uqGv31+sGnV5rWL09p6P/BTGIn867OXRI8S:kdZd47783YsOi2pG/MIKm8S

Score

N/A

Malware Config

Signatures

Files

b2bdadbd133d95aeccc6413629917b9f708f64cafcc461753b1cc747b9926644
.zip
io/jrat/plugin/keylogger/stub/Keylogger.class
io/jrat/plugin/keylogger/stub/StubPlugin$1.class
io/jrat/plugin/keylogger/stub/StubPlugin$2.class
io/jrat/plugin/keylogger/stub/StubPlugin$3.class
io/jrat/plugin/keylogger/stub/StubPlugin.class
io/jrat/plugin/keylogger/stub/TitleListener$Kernel32.class
io/jrat/plugin/keylogger/stub/TitleListener$Psapi.class
io/jrat/plugin/keylogger/stub/TitleListener$User32DLL.class
io/jrat/plugin/keylogger/stub/TitleListener.class
io/jrat/plugin/keylogger/stub/activities/Activities.class
io/jrat/plugin/keylogger/stub/activities/Activity.class
io/jrat/plugin/keylogger/stub/activities/Key.class
io/jrat/plugin/keylogger/stub/activities/Time.class
io/jrat/plugin/keylogger/stub/activities/Title.class
io/jrat/plugin/keylogger/stub/codec/Base64.class
jrat/api/stub/StubPlugin.class
jrat/api/stub/utils/OperatingSystem.class
org/jnativehook/GlobalScreen$1.class
org/jnativehook/GlobalScreen$2.class
org/jnativehook/GlobalScreen.class
org/jnativehook/NativeHookException.class
org/jnativehook/NativeInputEvent.class
org/jnativehook/NativeSystem$Arch.class
org/jnativehook/NativeSystem$Family.class
org/jnativehook/NativeSystem.class
org/jnativehook/example/NativeHookDemo$1.class
org/jnativehook/example/NativeHookDemo$2.class
org/jnativehook/example/NativeHookDemo.class
org/jnativehook/keyboard/NativeKeyEvent.class
org/jnativehook/keyboard/NativeKeyListener.class
org/jnativehook/lib/linux/x86/libJNativeHook.so
.elf linux x86
org/jnativehook/lib/linux/x86_64/libJNativeHook.so
.elf linux x64
org/jnativehook/lib/osx/ppc/libJNativeHook.dylib
org/jnativehook/lib/osx/ppc64/libJNativeHook.dylib
org/jnativehook/lib/osx/x86/libJNativeHook.dylib
org/jnativehook/lib/osx/x86_64/libJNativeHook.dylib
.macho macos
org/jnativehook/lib/windows/x86/JNativeHook.dll
.dll windows x86

1b6320612f140cf59b1d34160080eef7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateEventA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_vsnprintf
abort
calloc
exit
fputs
free
malloc
strncmp
vfprintf

user32

ActivateKeyboardLayout
CallNextHookEx
DispatchMessageA
GetAsyncKeyState
GetDoubleClickTime
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetMessageA
GetWindowThreadProcessId
PostThreadMessageA
SetWindowsHookExA
SystemParametersInfoA
TranslateMessage
UnhookWindowsHookEx

Exports

Exports

JNI_OnLoad
JNI_OnUnload
Java_org_jnativehook_GlobalScreen_isNativeHookRegistered
Java_org_jnativehook_GlobalScreen_registerNativeHook
Java_org_jnativehook_GlobalScreen_unregisterNativeHook

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
org/jnativehook/lib/windows/x86_64/JNativeHook.dll
.dll windows x64

c7ab686a1f6f6d26d929670cbcf37f44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateEventA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
_vsnprintf
abort
calloc
exit
fputs
free
malloc
signal
strncmp
vfprintf

user32

ActivateKeyboardLayout
CallNextHookEx
DispatchMessageA
GetAsyncKeyState
GetDoubleClickTime
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetMessageA
GetWindowThreadProcessId
PostThreadMessageA
SetWindowsHookExA
SystemParametersInfoA
TranslateMessage
UnhookWindowsHookEx

Exports

Exports

JNI_OnLoad
JNI_OnUnload
Java_org_jnativehook_GlobalScreen_isNativeHookRegistered
Java_org_jnativehook_GlobalScreen_registerNativeHook
Java_org_jnativehook_GlobalScreen_unregisterNativeHook

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
org/jnativehook/mouse/NativeMouseEvent.class
org/jnativehook/mouse/NativeMouseInputListener.class
org/jnativehook/mouse/NativeMouseListener.class
org/jnativehook/mouse/NativeMouseMotionListener.class
org/jnativehook/mouse/NativeMouseWheelEvent.class
org/jnativehook/mouse/NativeMouseWheelListener.class
plugin.txt

Sharing

General

Malware Config

Signatures

Files

1b6320612f140cf59b1d34160080eef7

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 295B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 2KB - Virtual size: 1KB

c7ab686a1f6f6d26d929670cbcf37f44

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 128B

.rdata Size: 3KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 900B

.xdata Size: 1024B - Virtual size: 712B

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 295B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 56B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 295B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 900B

.xdata
Size: 1024B - Virtual size: 712B

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 295B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 48B