27e8ef1ac7d599e38307a7987a5c4549f8ab8111d88b0ee33abab92d94e806b3

Sharing

Copy URL Twitter E-mail

General

Target

27e8ef1ac7d599e38307a7987a5c4549f8ab8111d88b0ee33abab92d94e806b3
Size

129KB
MD5

a627dd7345d272a55b02af99df335d50
SHA1

bc65e3c0130900b3e02d5436ddb2d652cfbd6eb7
SHA256

27e8ef1ac7d599e38307a7987a5c4549f8ab8111d88b0ee33abab92d94e806b3
SHA512

c6b46b60f37daf7a1779c1341296fc8da3eb22db49c03cc702f2e0c9e66596e3eef4461a8656c53b31080762c1c2f22a772a31289b23330515c0f0b6571c71c9
SSDEEP

1536:Dv8cdIAW1xm2yEzlbbgNtkB8d2Thn2PufV5r7KXKNKZ:DvpdzW1x/Wtd2T8ufv2XKNK

Score

N/A

Malware Config

Signatures

Files

27e8ef1ac7d599e38307a7987a5c4549f8ab8111d88b0ee33abab92d94e806b3
.dll windows x86

7ea05e58d3aacc0892953018f8431b37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathA

kernel32

lstrcmpiA
GetModuleHandleA
VirtualProtect
OutputDebugStringA
GetVersionExA
DisableThreadLibraryCalls
GetModuleFileNameA
CreateNamedPipeA
IsBadWritePtr
CloseHandle
PeekNamedPipe
ReadFile
LoadLibraryW
InterlockedExchange
VirtualQuery
InitializeCriticalSection
DisconnectNamedPipe
TlsSetValue
GetLastError
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?HookProc@@YGJHIJ@Z
InstallHook
RemoveHook
_InstallHook@0
_RemoveHook@0

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ea05e58d3aacc0892953018f8431b37

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 9KB

.HookSec Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 9KB

.HookSec
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB