justhook[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

justhook.dll
Size

824KB
MD5

43a7e76260dfedfd189821455121fdc9
SHA1

0c27ce2e1f3857ef183db22fdcf7400786fb5e6b
SHA256

0d9594f2f23967af9d814b9c3fb4e302fef94218783432d11413a3a1eb2766b0
SHA512

9c685d3d60d3aadb8477c8bc6f9fecf23a3aa28e51b954ec695e82180ec02103554518cffbb57dcbbe9616e5e911843bdb7131da7f8de6ddfc4a46256c5c22f8
SSDEEP

12288:1f/s+9fGaa3qrDGSRQ6CqaYJg9Gn53Y68b7DPXd+isEH9:1Hs+9fHGKqsQ6CqaYJg9Gn53Y5bnd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
justhook.dll

Files

justhook.dll
.dll windows:6 windows x64 arch:x64

915f416ef83b97f211333b2126d2c38b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
CloseHandle
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualProtect
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SetLastError
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
GetCurrentThread
Sleep
CreateThread
TerminateProcess
FlushInstructionCache
GetVolumeInformationW

user32

DefWindowProcW
CallWindowProcW
SetCursor
LoadCursorW
ScreenToClient
ClientToScreen
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongPtrW
GetWindowLongPtrW
RegisterClassExA
CreateWindowExA
GetAsyncKeyState
GetSystemMetrics
MessageBoxW
GetCursorPos

msvcp140

_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

winmm

PlaySoundW

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memchr
memset
memmove
_CxxThrowException
memcmp
__std_exception_destroy
__std_exception_copy
strstr
_purecall
memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
system
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
_wfopen
__stdio_common_vsscanf
fwrite
ftell
fseek
freopen
fputs
fflush
fclose
fopen_s
fread

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_mkdir

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-math-l1-1-0

powf
atan2f
pow
fmodf
acosf

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

915f416ef83b97f211333b2126d2c38b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3dcompiler_43

d3d11

winmm

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 394KB - Virtual size: 394KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 328KB - Virtual size: 332KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 9KB - Virtual size: 8KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 394KB - Virtual size: 394KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 328KB - Virtual size: 332KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 9KB - Virtual size: 8KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB