278d983933a5d04a53320fae03eb79b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

278d983933a5d04a53320fae03eb79b3
Size

28KB
MD5

278d983933a5d04a53320fae03eb79b3
SHA1

043912e2aeed8fadf6e7a2c225a8ab426345d587
SHA256

2b925523295a7aab957132e8589f7f9f2ede4288944f370c8d5ad57a2720f402
SHA512

93ec07686aad01fcb8496cc21289e48b3daaaed914a8acb76a5c9eb313a219afeaa66f5f4e01c1099e6f2088ce48e8bfd2869dd195c6810acd26472ec94010fe
SSDEEP

192:mbJLyde5N9OA3/80hMTFCstOevmjvGi3OIMp1W:mbsdj4k0hM1ujvd3ap1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
278d983933a5d04a53320fae03eb79b3

Files

278d983933a5d04a53320fae03eb79b3
.dll windows:4 windows x86 arch:x86

f17c6c0c4b60b9bc6b73a24937be31f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
FindFirstFileA
FindNextFileA
GetWindowsDirectoryA
GetSystemDirectoryA
FindClose
lstrlenA
GetProfileIntA
lstrcatA
GetProfileStringA

user32

GetActiveWindow
GetParent
GetWindowTextA
EnumChildWindows
GetKeyNameTextA
GetKeyboardState
ToAscii
GetWindowLongA
FindWindowA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA
CallNextHookEx

advapi32

RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey

msvcrt

free
memset
strstr
_mbsstr
sscanf
fgets
fopen
fprintf
fclose
malloc
_adjust_fdiv
_initterm
localtime
time
_chkesp

Exports

Exports

GetCurrentKeyboardCount
_InstallFilter@8
_JournalProc@12
_RemoveFilter@0

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ