72513e27847184584463edecce5b90e2

General

Target

72513e27847184584463edecce5b90e2
Size

19KB
MD5

72513e27847184584463edecce5b90e2
SHA1

d31f191aa56c1493a622ed4252e2ba1a093ef008
SHA256

ca819e0cb93e37f4e8353f9e360d3db092f9aae7ba53b87baeb3018451523a49
SHA512

ecc02b158614daf20f1a4c627b542310d3f12fa81ea809bd893457708e73603028cbfd2bb06cd94c61affb7acae93ea55be418a116c53191cc7ebf7861639043
SSDEEP

384:v9MLsbsHupnrVoyemNV7fbMdsU1C1Z2MtkaxycT+9q9lQF6g:vMseunoyemNtfAdsU1Cz2MLpSKlb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72513e27847184584463edecce5b90e2

Files

72513e27847184584463edecce5b90e2
.dll windows:4 windows x86 arch:x86

ff54aa61d4a86fd6e8a1774112d3a2d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadContext
DisableThreadLibraryCalls
InitializeCriticalSection
VirtualProtectEx
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
ResetEvent
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
OpenMutexA
CreateEventA
GetLastError
OpenEventA
lstrlenA
FlushInstructionCache
WriteProcessMemory
GetCurrentProcessId
SetLastError
GetModuleHandleW
ResumeThread
VirtualProtect
MapViewOfFileEx
CreateFileMappingA
lstrcmpA
GetCurrentProcess
CreateThread
lstrcpynA
HeapReAlloc
SetThreadContext
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
lstrcmpiA
GetVersionExA
GetProcAddress
VirtualQuery
lstrcpyA
WideCharToMultiByte

user32

SetWindowsHookExA
CallNextHookEx
wsprintfA
BroadcastSystemMessageA
UnhookWindowsHookEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
OpenProcessToken
RegEnumValueA
RegQueryValueExA
RegCreateKeyExA

rpcrt4

UuidToStringA
RpcStringFreeA

Exports

Exports

?HookProc@@YGHHIJ@Z
HookDll
HookIAT
UnHookDll
UpdateProc

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff54aa61d4a86fd6e8a1774112d3a2d9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB