AltDrag-1[.]1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AltDrag-1.1.zip
Size

87KB
MD5

025f307281b20d5e129107eeaf75e91e
SHA1

7af3952d2ca9f142b26290a48f481e158579c9f7
SHA256

5e1cf4fd8bfbdeca672cd53141019471b344317c81fdefe1ae9cb3f96183bdf9
SHA512

6599c433cdf84305d67e4ab96a586ce5dde8655549677443cf7c09aa43df4349e2066eaa99adfd884ddd3aa0a7dae8df3eec3582485305a9e81cdf7706c8de3e
SSDEEP

1536:SLAXw5xCoGN9E2IeCzcZMWFkkeXX4GTdLMwr+FR/8o7K+OBnMfkpzIVmVe/7xfdU:yAXw/3ivkjXhTdLHr+FRl7FOJMfkxgd4

Score

1^/10

Malware Config

Signatures

Files

AltDrag-1.1.zip
.zip
AltDrag/AltDrag.exe
.exe windows x86

6243b2c5e9dd2e14fd6a6359241240ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

comctl32

DefSubclassProc
PropertySheetW
SetWindowSubclass

kernel32

CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
InitializeCriticalSection
IsWow64Process
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WritePrivateProfileStringW

msvcrt

__dllonexit
__getmainargs
__initenv
_cexit
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_fmode
_initterm
_iob
_itow
_lock
_onexit
_unlock
_vsnwprintf
_wcsicmp
_wfopen
_wtoi
atoi
abort
calloc
exit
fclose
fprintf
free
fwrite
malloc
memcpy
realloc
signal
strchr
strlen
strncmp
strstr
swscanf
vfprintf
wcscat
wcscmp
wcslen
wcsncpy
wcsstr

shell32

ShellExecuteW
Shell_NotifyIconW

shlwapi

PathRemoveFileSpecW

user32

CloseClipboard
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
EmptyClipboard
EnableWindow
EnumWindows
FindWindowW
GetAncestor
GetAsyncKeyState
GetClassNameW
GetCursorPos
GetDlgItem
GetMessageW
GetSystemMetrics
GetWindowPlacement
GetWindowTextW
InsertMenuW
InvalidateRect
IsWindow
LoadImageW
MessageBoxW
OpenClipboard
PostMessageW
PostQuitMessage
RegisterClassExW
RegisterWindowMessageW
SendMessageW
SetClipboardData
SetDlgItemTextW
SetForegroundWindow
SetLayeredWindowAttributes
SetWindowPlacement
SetWindowTextW
SetWindowsHookExW
ShowWindow
ShowWindowAsync
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
WindowFromPoint

wininet

HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
InternetSetOptionW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AltDrag/AltDrag.ini
AltDrag/HookWindows_x64.exe
.exe windows x64

e421a5f65541c1c43b6d74fb37daf7b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_unlock
_vsnwprintf
abort
exit
calloc
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
wcscat
wcslen

shlwapi

PathRemoveFileSpecW

user32

CloseClipboard
CreateWindowExW
DefWindowProcW
DispatchMessageW
EmptyClipboard
FindWindowW
GetMessageW
MessageBoxW
OpenClipboard
PostQuitMessage
RegisterClassExW
SendMessageW
SetClipboardData
SetDlgItemTextW
SetTimer
SetWindowsHookExW
TranslateMessage
UnhookWindowsHookEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AltDrag/hooks.dll
.dll windows x86

1055289474adef7d935105c4dc5f96a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetPrivateProfileStringW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
OpenProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_wcsicmp
_wtoi
abort
calloc
free
fwrite
malloc
realloc
strcmp
strlen
strncmp
swscanf
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsstr

ole32

CoCreateInstance
CoInitializeEx

psapi

GetProcessImageFileNameW

shlwapi

PathRemoveFileSpecW
PathStripPathW

user32

CallNextHookEx
ClientToScreen
CreateWindowExW
DefWindowProcW
DestroyWindow
EnableWindow
EnumDisplayMonitors
EnumWindows
FindWindowW
GetAncestor
GetAsyncKeyState
GetClassNameA
GetClassNameW
GetClientRect
GetCursorPos
GetDoubleClickTime
GetForegroundWindow
GetLayeredWindowAttributes
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
IsIconic
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadImageW
MonitorFromPoint
MonitorFromWindow
MoveWindow
RegisterClassExW
SendInput
SendMessageW
SetClassLongW
SetForegroundWindow
SetLayeredWindowAttributes
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowWindow
ShowWindowAsync
SystemParametersInfoW
UnhookWindowsHookEx
WindowFromPoint

Exports

Exports

CallWndProc@12
CustomWndProc@24
LowLevelKeyboardProc@12
LowLevelMouseProc@12
Unload

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AltDrag/hooks_x64.dll
.dll windows x64

9b296edaf8bef8bd0cb8be101d3ae0ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
OpenProcess
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
_wcsicmp
_wtoi
abort
calloc
free
fwrite
malloc
memcpy
realloc
signal
strlen
strncmp
swscanf
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsstr

psapi

GetProcessImageFileNameW

shlwapi

PathRemoveFileSpecW
PathStripPathW

user32

CallNextHookEx
ClientToScreen
EnumDisplayMonitors
EnumWindows
FindWindowW
GetAncestor
GetAsyncKeyState
GetClassNameW
GetClientRect
GetMonitorInfoW
GetParent
GetWindow
GetWindowLongPtrW
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
IsIconic
IsWindow
IsWindowVisible
IsZoomed
MonitorFromWindow

Exports

Exports

CallWndProc
CustomWndProc
LowLevelKeyboardProc
Unload

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6243b2c5e9dd2e14fd6a6359241240ab

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

shell32

shlwapi

user32

wininet

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 6KB

.rdata Size: 83KB - Virtual size: 83KB

.bss Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 14KB - Virtual size: 15KB

e421a5f65541c1c43b6d74fb37daf7b6

Headers

File Characteristics

Imports

kernel32

msvcrt

shlwapi

user32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 4KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 660B

.xdata Size: 1024B - Virtual size: 596B

.bss Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 2KB

1055289474adef7d935105c4dc5f96a9

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

ole32

psapi

shlwapi

user32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 76B

shared Size: 1024B - Virtual size: 768B

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 184B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

9b296edaf8bef8bd0cb8be101d3ae0ac

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

psapi

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 6KB

.rdata
Size: 83KB - Virtual size: 83KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 14KB - Virtual size: 15KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 4KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 660B

.xdata
Size: 1024B - Virtual size: 596B

.bss
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 76B

shared
Size: 1024B - Virtual size: 768B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 184B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 128B

shared
Size: 1024B - Virtual size: 768B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 612B

.xdata
Size: 1024B - Virtual size: 576B

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 148B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B