01bf379ae61c1037bb6afd5465ab8d1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01bf379ae61c1037bb6afd5465ab8d1e
Size

55KB
MD5

01bf379ae61c1037bb6afd5465ab8d1e
SHA1

5a156b3a14f975dd61dedbc6fa92a35935e10f29
SHA256

b6181d9410e6cbb1ef315fe5f9ec205a918e4013747d4bcab1bcbe111ec1d278
SHA512

f956df402b614905fcf9eb47976ead29487caeacab8202b4c7060bd93790b196572e56c415a9eb9d12d2e602b5ab6d1c0f6ca77cffb13e612b7117891c99648d
SSDEEP

1536:GOLs1U1Tt+NM7J49BXtg9PljSOv8mLy5a74QF:GYsDug9W9Nj3vdy5aMY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01bf379ae61c1037bb6afd5465ab8d1e

Files

01bf379ae61c1037bb6afd5465ab8d1e
.dll windows:4 windows x86 arch:x86

ebafac331daa78bdbdc501f931a0bde3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

UnrealizeObject

Exports

Exports

Contador_Imagem
InstallHook
IsHookSet
KeyboardHookProc
MouseHookCallBack
RemoveHook

Sections

CODE
Size: 49KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE