556bd9c22b2876e1e13abf497c4eaa3b

General

Target

556bd9c22b2876e1e13abf497c4eaa3b
Size

19KB
MD5

556bd9c22b2876e1e13abf497c4eaa3b
SHA1

7e1ade5fc4bd1f5c21dae8178c9030399bad9ce9
SHA256

ca8c91b126429c5c6ea915bac2aba938007013b1f6b46377b707390b28988cb8
SHA512

b19f4f139c1ee695410391c0046dc796b0a5ded73545dfdf70e50601427a4384b06313ef9fb1222f3399c252419fed2749987f7db198051c122a79d9684eb777
SSDEEP

384:+BAHM8tBbYHwczNvDDHMz3iNoscS4GtcKa:+BYMLrz9KKos6OcKa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556bd9c22b2876e1e13abf497c4eaa3b

Files

556bd9c22b2876e1e13abf497c4eaa3b
.dll windows:4 windows x86 arch:x86

5bb51d7f5182d8a252d17ea6ff077293

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

VkKeyScanA
UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
MapVirtualKeyA
GetMessageA
GetKeyboardState
GetForegroundWindow
GetClassNameA
CallNextHookEx
wsprintfA

kernel32

GetProcAddress
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WideCharToMultiByte
VirtualProtectEx
TerminateProcess
Sleep
SetFilePointer
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
DisableThreadLibraryCalls
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
Module32First
Module32Next
MultiByteToWideChar
Process32First
Process32Next
ReadFile
ReadProcessMemory
RtlZeroMemory
SetFileAttributesA

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 44B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bb51d7f5182d8a252d17ea6ff077293

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 44B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 44B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB