c26e48059b3634ef45be2787d6d7a5ae2d3a9aac421ac801aaf5d740a533c422

General

Target

c26e48059b3634ef45be2787d6d7a5ae2d3a9aac421ac801aaf5d740a533c422
Size

36KB
MD5

11fb10afb0b89276c74f7ed7896ea370
SHA1

538ecd1b128c2fd51103767a9023f74f2ee38460
SHA256

c26e48059b3634ef45be2787d6d7a5ae2d3a9aac421ac801aaf5d740a533c422
SHA512

8c6b73f8732300d617c2459b423fe1456c35ce9d56f1998b377353f879058876b21ad5026461c3c72958f9c2d4a21f5adefe261c8202a4aac54e8cbc0d858a19
SSDEEP

768:xrlF6dP7xTVfFozHRb1pw6ANpmxwoUrfbG:xA9TVfFobhTP8mKoafbG

Score

N/A

Malware Config

Signatures

Files

c26e48059b3634ef45be2787d6d7a5ae2d3a9aac421ac801aaf5d740a533c422
.dll windows x86

562096b41452cb273ececc50a860f7bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
OpenFileMappingA
Thread32Next
UnmapViewOfFile
CreateToolhelp32Snapshot
CloseHandle
CreateFileMappingA
GetCurrentThreadId
LoadLibraryA
lstrlenA
Process32First
Process32Next
Thread32First
GetCurrentProcessId
FreeEnvironmentStringsA
SetFilePointer
EnterCriticalSection
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetVersionExA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
RtlUnwind
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

GetWindowLongA
CallNextHookEx
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

Exports

Exports

SetHookReceiver
StartAPIHook
StartDebugHook
StartPasswordProtect
StopAPIHook
StopDebugHook
StopPasswordProtect

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

562096b41452cb273ececc50a860f7bb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB