a2e904fb5c9fe54d572ff6afc4a8e5cf3e2f285bf87e96ce1565fab96a9fc9b9

Sharing

Copy URL Twitter E-mail

General

Target

a2e904fb5c9fe54d572ff6afc4a8e5cf3e2f285bf87e96ce1565fab96a9fc9b9
Size

11KB
MD5

d57801f361c46267db44269d5fb29752
SHA1

81c41bc214713e8f3d20f5ad31b1a4e983610bcc
SHA256

a2e904fb5c9fe54d572ff6afc4a8e5cf3e2f285bf87e96ce1565fab96a9fc9b9
SHA512

7666b5bd00cb4b9e05032f796d9f7d698e8fa4b17ff12dc0dd983b27823f6c0cd5688440b91c710be9328ac6c63bfa2516ec3908bfe941340be84d254b558f02
SSDEEP

192:X0vAAjgBrXyIFOyUtAOf3XJPVR64P0jYTVatAPOPf:EvLgBrPFgtAOfZPVf0GMtxX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2e904fb5c9fe54d572ff6afc4a8e5cf3e2f285bf87e96ce1565fab96a9fc9b9

Files

a2e904fb5c9fe54d572ff6afc4a8e5cf3e2f285bf87e96ce1565fab96a9fc9b9
.dll windows x86

ac07a551ee55b05d359e480f33b5f0d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc100

ord266
ord1929
ord6010
ord1948
ord316
ord2050
ord1294
ord7322
ord5207
ord1316
ord1480
ord901
ord408
ord265
ord1296

msvcr100

_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
sprintf_s
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_crt_debugger_hook
_amsg_exit
__CppXcptFilter
_except_handler4_common

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

user32

CallNextHookEx
FindWindowA
GetForegroundWindow
PostMessageA
UnhookWindowsHookEx
SetWindowsHookExA

Exports

Exports

??0Cmousehook@@QAE@XZ
??1Cmousehook@@UAE@XZ
??_7Cmousehook@@6B@
?starthook@Cmousehook@@QAEHPAUHWND__@@@Z
?stophook@Cmousehook@@QAEHXZ

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac07a551ee55b05d359e480f33b5f0d4

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1008B

mydata Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 850B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1008B

mydata
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 850B