143771c0905b7cedc94681f1be97ee4c8805df6d2c16c730cc653a12acfac37d

Sharing

Copy URL Twitter E-mail

General

Target

143771c0905b7cedc94681f1be97ee4c8805df6d2c16c730cc653a12acfac37d
Size

788KB
MD5

d14c7fb3f0a359a33694cdf1a8e942cd
SHA1

4740c7c38ffc64c2b159782b21201653e081d123
SHA256

143771c0905b7cedc94681f1be97ee4c8805df6d2c16c730cc653a12acfac37d
SHA512

b4de9877a0a7b02721866ddf575e797fa0bd06890bf2e3143a7e2e7baa39e7f497346bffc42057a461210bbf77de51e4b006757137d45374cff885a766bd59b2
SSDEEP

12288:vRO4B1XhL5G/+WTQS2rHLVaSbX3Wi+ay9X2KsECJapIQ7T5CXuhwOeoDq+s:A4vhNgTr+hjD61tCJaKQRCQFD1

Score

N/A

Malware Config

Signatures

Files

143771c0905b7cedc94681f1be97ee4c8805df6d2c16c730cc653a12acfac37d
.dll windows x86

3fa01f9d2bb916ed96a7066f395b3989

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateEventA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyMenu

advapi32

RegQueryValueExA

oleaut32

SysReAllocStringLen

version

GetFileVersionInfoSizeA

gdi32

SetWindowOrgEx

ole32

CoUninitialize

comctl32

ImageList_Remove

winmm

sndPlaySoundA

ksreglib.vmp

ks_CheckKey

Exports

Exports

HookOff
HookOn

Sections

CODE
Size: - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4.6MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 782KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa01f9d2bb916ed96a7066f395b3989

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

winmm

ksreglib.vmp

Exports

Exports

Sections

CODE Size: - Virtual size: 639KB

DATA Size: - Virtual size: 9KB

BSS Size: - Virtual size: 4.6MB

.idata Size: - Virtual size: 8KB

.edata Size: - Virtual size: 84B

.vmp0 Size: - Virtual size: 43KB

.rsrc Size: 4KB - Virtual size: 189KB

.vmp1 Size: - Virtual size: 324KB

.vmp2 Size: 782KB - Virtual size: 782KB

.reloc Size: 512B - Virtual size: 84B

CODE
Size: - Virtual size: 639KB

DATA
Size: - Virtual size: 9KB

BSS
Size: - Virtual size: 4.6MB

.idata
Size: - Virtual size: 8KB

.edata
Size: - Virtual size: 84B

.vmp0
Size: - Virtual size: 43KB

.rsrc
Size: 4KB - Virtual size: 189KB

.vmp1
Size: - Virtual size: 324KB

.vmp2
Size: 782KB - Virtual size: 782KB

.reloc
Size: 512B - Virtual size: 84B