cemuhook_1262d_0577[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

cemuhook_1262d_0577.zip
Size

6.4MB
MD5

1627f908284aabd87fa70e06b069af74
SHA1

e0268dd045f6abc077cfb6416284506791fbea19
SHA256

62c47873eaa2f1f07f80e207ebbbf122648623ed2639ca137c6c1be1ac3172b7
SHA512

e1aeb7a93d03ffb97bb0f64a51ff8d3f1bddbfadcc5b1a56d75a8442ac56086228802fad0568bb395f814a5285b254bd11e7ab4d2f768f786f237c7de76f4489
SSDEEP

196608:ltzXMKq/BKADiBITDryitplB4a/JBks0p4q1:vzy7DiB0DrltbB4q3C1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cemuhook.dll
unpack001/keystone.dll

Files

cemuhook_1262d_0577.zip
.zip
Go to project website for updates.url
cemuhook.dll
.dll windows x64

5333bbae8cda2246877a8b03c35e3370

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeBeginPeriod

kernel32

GetVersionExW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetFocus
CharUpperBuffW

advapi32

RegDeleteKeyW
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ExtractIconExW

uxtheme

GetThemeBackgroundExtent

ws2_32

htons

shlwapi

SHAutoComplete

msimg32

GradientFill

comctl32

ImageList_GetImageInfo

rpcrt4

RpcStringFreeW

gdi32

SelectClipRgn

winspool.drv

DocumentPropertiesW

comdlg32

PrintDlgW

ole32

OleInitialize

wtsapi32

WTSSendMessageW

Exports

Exports

wxSetApp

Sections

.text
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmx0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmx1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keystone.dll
.dll windows x64

0971ee9ea879e536cfe2b637fd89aea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetCurrentProcess
GetSystemInfo
VirtualQuery
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeSListHead

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_exception_copy
memcpy
memset
__C_specific_handler
memcmp
__vcrt_InitializeCriticalSectionEx
memchr
__std_terminate
_purecall
__std_type_info_destroy_list
__std_exception_destroy
__CxxFrameHandler3
_CxxThrowException
memmove

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_crt_atexit
_register_onexit_function
_cexit
_initterm
_initterm_e
abort
_initialize_onexit_table
exit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
_callnewh
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

isalpha
isalnum
isxdigit
isdigit
strncmp

api-ms-win-crt-stdio-l1-1-0

_get_osfhandle
_read
_lseek
_close
_write
_open_osfhandle
__stdio_common_vsprintf
_isatty

api-ms-win-crt-math-l1-1-0

_fpclass

Exports

Exports

ks_arch_supported
ks_asm
ks_close
ks_errno
ks_free
ks_open
ks_option
ks_strerror
ks_version

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5333bbae8cda2246877a8b03c35e3370

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

uxtheme

ws2_32

shlwapi

msimg32

comctl32

rpcrt4

gdi32

winspool.drv

comdlg32

ole32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 6.0MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: - Virtual size: 464KB

.pdata Size: - Virtual size: 165KB

.rodata Size: - Virtual size: 1KB

_RDATA Size: - Virtual size: 2KB

.vmx0 Size: - Virtual size: 3.5MB

.vmx1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 79KB - Virtual size: 78KB

.rsrc Size: 2KB - Virtual size: 1KB

0971ee9ea879e536cfe2b637fd89aea8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 434KB - Virtual size: 433KB

.rdata Size: 301KB - Virtual size: 301KB

.data Size: 9KB - Virtual size: 11KB

.pdata Size: 21KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 6.0MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: - Virtual size: 464KB

.pdata
Size: - Virtual size: 165KB

.rodata
Size: - Virtual size: 1KB

_RDATA
Size: - Virtual size: 2KB

.vmx0
Size: - Virtual size: 3.5MB

.vmx1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 79KB - Virtual size: 78KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 434KB - Virtual size: 433KB

.rdata
Size: 301KB - Virtual size: 301KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 21KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 7KB