hotkeyp_64bit[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

hotkeyp_64bit.zip
Size

377KB
MD5

4dc7c1386fa199b0a36ef38fa0738471
SHA1

3419db7b042713760bdddc055e70085482e5f470
SHA256

7df266c5b0fd004d3fbdb83c132fe5c73adb6ca38c0ee3d382b6954f17f050ad
SHA512

159ffa6e016095070e35d3cb9bdd6d2ce1cb020efa6ee03bedf42313ecde8b86a07b37729185d9492c93219e9b32f72aa31b0cb5459efe27a0b0abdab0ff7681
SSDEEP

6144:voJ9TQ7T/mljw4iwTmEwhvP5SuJ3OFe2m4uC3nM/RqtNT1/gSNDh7oGMyw57B7dT:UkX+ljFiikP5fJ+Fe2m/C80tgSZhffIb

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HotkeyP.exe
unpack001/hook.dll
unpack001/hook64.dll
unpack001/hook64.exe

Files

hotkeyp_64bit.zip
.zip
HotkeyP.exe
.exe windows:5 windows x64 arch:x64

dad5c2069851ca76e5da2a724649c54b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW

comctl32

PropertySheetW
InitCommonControlsEx
ImageList_Create
ImageList_GetImageCount
ImageList_Add
ImageList_ReplaceIcon

ws2_32

closesocket
connect
htons
inet_addr
recv
socket
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError

kernel32

GetModuleFileNameW
LockResource
SetUnhandledExceptionFilter
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
LoadResource
lstrlenW
CreateProcessW
ExpandEnvironmentStringsW
FindResourceW
SearchPathW
GetVersionExW
MultiByteToWideChar
MulDiv
GetExitCodeProcess
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileSize
ReadFile
CreateFileW
GetUserDefaultLangID
QueryDosDeviceW
Module32FirstW
Module32NextW
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
EnumSystemLocalesW
WideCharToMultiByte
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
WriteFile
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetLastError
HeapSize
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetCommandLineW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetFileType
ReadConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetSystemPowerState
GetComputerNameW
GetPriorityClass
SetPriorityClass
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileA
GetFullPathNameW
RemoveDirectoryW
GetDiskFreeSpaceExA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetTempPathW
GetDriveTypeW
GetDriveTypeA
GetModuleHandleA
LoadLibraryA
lstrcpynW
GetTickCount
SystemTimeToFileTime
GetSystemTime
WinExec
CloseHandle
FindClose
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GlobalFree
GlobalUnlock
GlobalLock
TlsAlloc
GlobalSize
GlobalAlloc
GetProcAddress
FreeLibrary
Sleep
GetProcessHeap
QueryPerformanceCounter
LoadLibraryExW
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableW
OutputDebugStringW
SetEndOfFile
GetUserDefaultLCID
SetEnvironmentVariableA

user32

OffsetRect
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
LoadCursorW
LoadIconW
LoadImageA
IsDialogMessageW
RegisterHotKey
UnregisterHotKey
WaitForInputIdle
GetKeyNameTextW
CallNextHookEx
LoadMenuA
SetMenu
GetMenuItemID
InsertMenuW
SetMenuItemInfoW
EnumChildWindows
GetShellWindow
DestroyMenu
CreatePopupMenu
GetMenuStringW
GetMenu
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
SetCapture
ToUnicode
GetKeyboardState
GetFocus
DefDlgProcW
GetDialogBaseUnits
GetDlgCtrlID
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
CopyRect
GetDlgItemInt
SetDlgItemInt
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MoveWindow
CallWindowProcW
PostThreadMessageW
RegisterWindowMessageW
DestroyWindow
IsWindow
RegisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClipboardFormatW
LockWorkStation
GetGUIThreadInfo
SystemParametersInfoW
EnumDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
LoadImageW
DestroyIcon
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetWindowThreadProcessId
GetClassNameW
EnumWindows
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
GetDesktopWindow
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
IsRectEmpty
FillRect
MapWindowPoints
ScreenToClient
SetCursor
SetCursorPos
ShowCursor
MessageBoxW
GetClientRect
RedrawWindow
EndPaint
BeginPaint
TrackPopupMenuEx
DeleteMenu
AppendMenuW
GetMenuItemCount
GetSubMenu
GetDlgItemTextA
EnableMenuItem
GetCursorPos
GetWindowRect
GetWindowTextW
SetWindowTextW
InvalidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DrawTextW
GetSystemMetrics
IsWindowUnicode
KillTimer
MapVirtualKeyW
mouse_event
keybd_event
VkKeyScanExW
GetAsyncKeyState
GetKeyState
SetFocus
CharToOemBuffW
EmptyClipboard
EnumClipboardFormats
GetClipboardData
SetClipboardData
GetClipboardOwner
CloseClipboard
OpenClipboard
SendDlgItemMessageW
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
ShowWindowAsync
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
DefWindowProcW
AttachThreadInput
PostMessageW
SendMessageTimeoutW
SendMessageTimeoutA
ExitWindowsEx
GetKeyboardLayout
SetForegroundWindow
GetForegroundWindow
SetTimer
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SendMessageW
SetDlgItemTextA

gdi32

TextOutW
TextOutA
MoveToEx
SetTextAlign
SetTextColor
StretchBlt
SetBkMode
SetBkColor
Rectangle
LineTo
GetStockObject
CreateSolidBrush
CreatePen
CreateFontIndirectW
GetObjectW
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

comdlg32

CommDlgExtendedError
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

DuplicateTokenEx
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthority
GetTokenInformation
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegDeleteKeyA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
StartServiceW
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegSetValueExA
RegQueryValueExW
OpenProcessToken
RegQueryValueExA

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
FindExecutableW
ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileW
ShellExecuteW
SHBindToParent
SHGetDesktopFolder
ord25
SHAddToRecentDocs
SHEmptyRecycleBinW
ExtractIconExW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
PropVariantClear

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WhatsNew.txt
WhatsNew_CZ.txt
help.chm
.chm
hook.dll
.dll windows:4 windows x86 arch:x86

0341dd2384a2e495628b0b437c16baad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
CallNextHookEx
SendMessageA
IsWindow
FindWindowA

msvcrt

??3@YAXPAX@Z
sprintf
??2@YAPAXI@Z
strchr
strtol

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

Exports

Exports

_CallWndProc@12
_CallWndProcD@12
_GetMsgProc@12
_KeyboardProc95@12
_MouseProc95@12

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 742B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hook64.dll
.dll windows:5 windows x64 arch:x64

9be235e82459e0cb207d22423e4d94b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPEAX_K@Z
??3@YAXPEAX@Z
strtol
strchr
sprintf

user32

FindWindowA
PostMessageA
IsWindow
SendMessageA
CallNextHookEx

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA

Exports

Exports

CallWndProc
CallWndProcD
GetMsgProc

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hook64.exe
.exe windows:5 windows x64 arch:x64

5e606c62474ecc10020e5afb0d0e4262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetCommandLineA
FreeLibrary

user32

GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
RegisterClassA
CreateWindowExA
MessageBoxA
SetWindowLongPtrA
SetWindowsHookExA
UnhookWindowsHookEx

msvcrt

memset
strrchr

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
language/Aiuto-it.chm
.chm
language/Ajuda.chm
.chm
language/Catalan.lng
language/Chinese (Simplified).lng
language/Danish.lng
language/French.lng
language/German.lng
language/Greek.lng
language/Italiano.lng
language/Japanese.lng
language/Nederlands.lng
language/Polish.lng
language/Portugus brasileiro.lng
language/Russian.lng
language/Slovak.lng
language/Spanish.lng
language/Ukrainian.lng
language/cz.chm
.chm
language/gr.chm
.chm
language/jp_help.chm
.chm
language/ru.chm
.chm
language/Česky.lng

Sharing

General

Malware Config

Signatures

Files

dad5c2069851ca76e5da2a724649c54b

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 225KB - Virtual size: 224KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 14KB - Virtual size: 66KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 25KB - Virtual size: 25KB

0341dd2384a2e495628b0b437c16baad

Headers

File Characteristics

Imports

user32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 742B

.data Size: 4KB - Virtual size: 32B

.rsrc Size: 4KB - Virtual size: 664B

.reloc Size: 4KB - Virtual size: 200B

9be235e82459e0cb207d22423e4d94b2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

advapi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 926B

.data Size: - Virtual size: 32B

.pdata Size: 512B - Virtual size: 72B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

5e606c62474ecc10020e5afb0d0e4262

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 1024B - Virtual size: 808B

.rdata Size: 1024B - Virtual size: 898B

.data Size: - Virtual size: 24B

.pdata Size: 512B - Virtual size: 48B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 14KB - Virtual size: 66KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 742B

.data
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 664B

.reloc
Size: 4KB - Virtual size: 200B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 926B

.data
Size: - Virtual size: 32B

.pdata
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1024B - Virtual size: 808B

.rdata
Size: 1024B - Virtual size: 898B

.data
Size: - Virtual size: 24B

.pdata
Size: 512B - Virtual size: 48B

.rsrc
Size: 1KB - Virtual size: 1KB