f7fd16f05d12943c1385ca163c10ec4cc2c1c7cac696dec53ae704be388c7d4a

Sharing

Copy URL Twitter E-mail

General

Target

f7fd16f05d12943c1385ca163c10ec4cc2c1c7cac696dec53ae704be388c7d4a
Size

476KB
MD5

d2085b0cb0314ebe6a97a52a68dbadb0
SHA1

188fb5d05240695f809b393aaf8e0a46a61c7add
SHA256

f7fd16f05d12943c1385ca163c10ec4cc2c1c7cac696dec53ae704be388c7d4a
SHA512

0f06448fb3a84468341734840bf376539a26811972985791a207b591a80496c72192f900e3ec15162d7e03357406d8e638717059e4e96d0b82092a7c9d55e7c5
SSDEEP

12288:nja1Q60/6QuXa8h0t6l7+wp0UMrAmvOXn:ja1QdHuXarKjp0DrZO3

Score

N/A

Malware Config

Signatures

Files

f7fd16f05d12943c1385ca163c10ec4cc2c1c7cac696dec53ae704be388c7d4a
.dll windows x86

c305aec704ad9624ea59388b61605ee6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kload

Log
UnhookFunction
MasterUnhookFunction
HookFunction
RegisterKModule
GetPESInfo
RegisterAfsReplaceCallback
LogWithNumber
LogWithString
LogWithTwoNumbers
loadReplaceFile
splitFileId
MasterHookFunction
dksiSetMenuTitle
GetInputCfg
GetInputTable
KDrawText
KGetTextExtent
LogWithDouble
MasterCallNext
Debug

libpng13

ord138
ord268
ord283
ord306
ord86
ord246
ord128
ord300
ord299
ord82
ord97
ord266
ord231
ord91
ord247
ord83
ord115
ord220
ord217
ord44
ord221
ord285
ord172
ord31
ord32
ord95
ord76
ord107
ord47
ord337
ord307
ord346
ord347
ord242
ord280
ord292
ord264
ord295
ord241
ord36
ord125

user32

wsprintfA

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
StretchDIBits
GetDIBits
DeleteDC
DeleteObject

kernel32

GetCPInfo
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
SetUnhandledExceptionFilter
ReadFile
HeapSize
HeapReAlloc
GetACP
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetModuleFileNameA
RaiseException
RtlUnwind
InterlockedExchange
Sleep
IsProcessorFeaturePresent
UnmapViewOfFile
CloseHandle
GetVersionExA
WideCharToMultiByte
CreateFileW
CreateFileA
CreateFileMappingA
MapViewOfFile
GetFileSize
GetLastError
WriteFile
GetModuleHandleA
GetOEMCP
GetStringTypeA
GetStringTypeW
SetEndOfFile
LCMapStringA
LCMapStringW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
FindClose
FindNextFileA
FindFirstFileA
QueryPerformanceCounter
HeapFree
HeapAlloc
GetProcessHeap
LeaveCriticalSection
VirtualProtect
EnterCriticalSection
IsBadReadPtr
lstrcpyA
lstrcpynA
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c305aec704ad9624ea59388b61605ee6

Headers

File Characteristics

Imports

kload

libpng13

user32

gdi32

kernel32

advapi32

Sections

.text Size: 296KB - Virtual size: 294KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 24KB - Virtual size: 30KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 728B

.reloc Size: 16KB - Virtual size: 13KB

.text Size: 100KB - Virtual size: 100KB

.text
Size: 296KB - Virtual size: 294KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 30KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 728B

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 100KB - Virtual size: 100KB