8a9c9c9db7c5f18e272ea9b4e40574dced54b6a6224acc6afe0352a458016b51

General

Target

8a9c9c9db7c5f18e272ea9b4e40574dced54b6a6224acc6afe0352a458016b51
Size

36KB
MD5

d291b8c1d275289426364e47e494e0b4
SHA1

158a87b5e6ca396a7aa985b7b973946423676e80
SHA256

8a9c9c9db7c5f18e272ea9b4e40574dced54b6a6224acc6afe0352a458016b51
SHA512

218c28cd5181302ef2e17beac219a5d96862d5aaa64ca32cde5a9ed001b2dd99d86e1ecae830d7270f0c2ef1ead86d3d86d8848f19a017d2a8b405203bee3ee0
SSDEEP

384:pw/dz+JtnLCA+jc+Tb6UzKmNmlI5j6hyFcop3XFu5IrpNboNJQ+T:u/p2FN6TbH+u6h/op3XFOIVdoXT

Score

N/A

Malware Config

Signatures

Files

8a9c9c9db7c5f18e272ea9b4e40574dced54b6a6224acc6afe0352a458016b51
.dll windows x86

c7b8e1182bdd511447fc472cbcd01dcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathA

kernel32

GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
lstrcmpiA
VirtualProtect
VirtualQuery
GetVersionExA
Module32Next
OpenProcess
Module32First
CreateToolhelp32Snapshot
TerminateProcess
GetModuleHandleA
CloseHandle
WritePrivateProfileStringA
ReadProcessMemory
GetModuleFileNameA
DisableThreadLibraryCalls
HeapFree
VirtualFree
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
ExitProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeW

user32

SetWindowsHookExA
CallNextHookEx
FindWindowA
GetWindowThreadProcessId

Exports

Exports

?HookProc@@YGJHIJ@Z
InstallHook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7b8e1182bdd511447fc472cbcd01dcc

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.HookSec Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.HookSec
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB