06e26a3e57804074546873d37c826499

Sharing

Copy URL

Twitter E-mail

General

Target

06e26a3e57804074546873d37c826499
Size

32KB
MD5

06e26a3e57804074546873d37c826499
SHA1

dea5453d6896f00ece809257e5d9b096f4576d28
SHA256

e1047e9c2ee6f1df2f810885e5a1f4e8c634f907e99ab01c880b2d2427c01645
SHA512

3ecb25cc019cfb71809e9d94b942891f468f070fb3a53e621c8b6ee84598cf47be9c32cae501295a2d71887859666cf66a72a5f9f4d03f6f06c810b3d849fedd
SSDEEP

384:5hRWuoSZN4M+ZjRZYhulq9Xab9A/TUgcXN+Enw3ylL8V9lFORq/4:5hgeOoslq9OGTOw3TYq/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06e26a3e57804074546873d37c826499

Files

06e26a3e57804074546873d37c826499
.dll windows:4 windows x86 arch:x86

682df5759d4dc3501c77266188e935a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
VirtualAlloc
IsBadReadPtr
CreateThread
GetPrivateProfileStringA
FreeLibrary
Process32Next
LoadLibraryA
GetSystemDirectoryA
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
GetTempPathA
GlobalAlloc
GlobalLock
WriteFile
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
lstrcpynA
CreateFileA
ReadFile
GetFileSize
CloseHandle
GetTickCount
lstrlenA
lstrcmpiA
lstrcatA
lstrcpyA
lstrcmpA
Sleep
ExitProcess
VirtualProtect
GetProcAddress
OutputDebugStringA

user32

SetWindowsHookExA
CallNextHookEx
GetForegroundWindow
GetClassNameA
EnumWindows
GetSystemMetrics
GetWindowTextA
IsIconic
GetActiveWindow
UnhookWindowsHookEx
ReleaseDC
GetDC
IsRectEmpty
GetWindowThreadProcessId
FindWindowExA
FindWindowA
PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
PostThreadMessageA

gdi32

CreateCompatibleDC
RealizePalette
CreateCompatibleBitmap
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
DeleteObject
BitBlt
SelectObject
GetDIBits

wininet

HttpSendRequestA
InternetQueryDataAvailable
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetConnectA

gdiplus

GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage

netapi32

Netbios

msvcrt

free
malloc
atoi
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
strstr
memmove
strchr

Exports

Exports

Hookoff
Hookon
InstallService
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

682df5759d4dc3501c77266188e935a9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 2KB