keylogger[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

keylogger.exe
Size

108KB
MD5

2b046bc6c934e824b1527cf7f94cc151
SHA1

b5f5f89d04f256bd658be9ff6b62c67e0dc3216c
SHA256

10b7dcad1a1d47b9f4d043b066ad75537c965ac1db310c07d943c34e4107b03e
SHA512

b1533b5d8dd5ab1b0bfead9500ed9e6623d6e3134d0b0743e0d0995ae12fdbfd1104edeeaf371474004ed3e93d764f3538f3fe914ca4a49b58573805e8daea5f
SSDEEP

3072:olEAVbmcWS/EQ39JWnzIXREWZBaeWE3zsd36VTcbrS8:89JmZS/kzj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
keylogger.exe

Files

keylogger.exe
.exe windows x86

6650ca147c8cda659aa4bda51bbb5c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__register_frame_info

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
K32GetModuleFileNameExW
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_initterm
_iob
_onexit
abort
atoi
calloc
exit
fprintf
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
setlocale
signal
strchr
strerror
strlen
strncmp
vfprintf
wcscmp
wcslen

user32

CallNextHookEx
DispatchMessageA
GetForegroundWindow
GetMessageA
GetWindowTextW
GetWindowThreadProcessId
SetWindowsHookExA
TranslateMessage
UnhookWindowsHookEx

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest

libstdc++-6

_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13get_allocatorEv
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4sizeEv
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5c_strEv
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6lengthEv
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7_M_dataEv
_ZNSolsEPFRSoS_E
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE7is_openEv
_ZNSt14basic_ofstreamIcSt11char_traitsIcEEC1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_Alloc_hiderC1EPcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_local_dataEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE11_M_capacityEj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE12_Alloc_hiderC1EPwRKS3_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_M_local_dataEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_M_set_lengthEj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_S_copy_charsEPwPKwS7_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_S_copy_charsEPwS5_S5_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6appendEPKwj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6insertEjPKw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7_M_dataEPw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7reserveEj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1EOS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1ERKS3_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEED1Ev
_ZSt19__throw_logic_errorPKc
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
__gxx_personality_v0

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6650ca147c8cda659aa4bda51bbb5c3d

Headers

DLL Characteristics

File Characteristics

Imports

libgcc_s_dw2-1

kernel32

msvcrt

user32

winhttp

libstdc++-6

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 2KB - Virtual size: 2KB

/4 Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1KB - Virtual size: 1KB

/14 Size: 512B - Virtual size: 56B

/29 Size: 4KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 175B

/55 Size: 512B - Virtual size: 160B

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 163B

/91 Size: 512B - Virtual size: 504B

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 2KB - Virtual size: 2KB

/4
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

/14
Size: 512B - Virtual size: 56B

/29
Size: 4KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 175B

/55
Size: 512B - Virtual size: 160B

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 163B

/91
Size: 512B - Virtual size: 504B