1aea5dd05b4887f9a4be3a0f678020eb

General

Target

1aea5dd05b4887f9a4be3a0f678020eb
Size

20KB
MD5

1aea5dd05b4887f9a4be3a0f678020eb
SHA1

cd8189e8ff05ee2a6d7d6fa7240d345e22d2c64c
SHA256

77f4ddd4a4eb43c5b60f1d49fb65285a236450baeaccebea789b974bb398b461
SHA512

77ed6c5fdf5b779be87c1a6fd5068f17e34f0b69fe3bc3b58f92e43dfc0a64206035c4a58e6e860baa49d536263c706b7c9269fce4431de9cb4a2e3706d48c00
SSDEEP

384:KHkuWQl4bxehySVAtsjbHPDQYHwbiCqsfSMDM:KDl4BGvMSW9qsHDM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aea5dd05b4887f9a4be3a0f678020eb

Files

1aea5dd05b4887f9a4be3a0f678020eb
.dll windows:4 windows x86 arch:x86

d3e798a47332156ee0b7ed560a78b649

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

VkKeyScanA
UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
MapVirtualKeyA
GetMessageA
GetKeyboardState
GetForegroundWindow
GetClassNameA
CallNextHookEx
wsprintfA

kernel32

GetProcAddress
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WideCharToMultiByte
VirtualProtectEx
TerminateProcess
Sleep
SetFilePointer
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
DisableThreadLibraryCalls
DuplicateHandle
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
Module32First
Module32Next
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
ReadFile
ReadProcessMemory
RtlZeroMemory
SetFileAttributesA

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 44B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3e798a47332156ee0b7ed560a78b649

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 44B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 44B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB