0341ebcbfe5524c5ed4025813648fe48

Sharing

Copy URL

Twitter E-mail

General

Target

0341ebcbfe5524c5ed4025813648fe48
Size

5.2MB
MD5

0341ebcbfe5524c5ed4025813648fe48
SHA1

02bde4cfbe0de46082ab4d71785df4cb51fa174f
SHA256

e8276f4917785675dbc5ba347aa0ca9eb3ade5a2b0915b94985c313e7ef1ec7d
SHA512

35e76fbdfa0aa65a612563bca9870b6e9cd802be93149731cf8fc80c72dd6b280546bb3dc9cda1006e8462e4a224f46b0873eb5f6c162fe463a0e37c71b0c34e
SSDEEP

49152:oX+dgwzMTuRN7FyEGla392sVV7mOPXlc+iXSEcJYTQthS/9TTk6yKFdu9w+atQv9:wNwzDFyhaZW/8sQf492KFdu9wDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0341ebcbfe5524c5ed4025813648fe48

Files

0341ebcbfe5524c5ed4025813648fe48
.exe windows:5 windows x86 arch:x86

7cdf6357563f5fd70e466cb994c1e5e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dinput8

DirectInput8Create

kernel32

ReadProcessMemory
VirtualFreeEx
GetUserDefaultLangID
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
lstrcmpW
GetModuleHandleW
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetStringTypeW
GetStringTypeA
CompareStringA
GetLocaleInfoA
GetModuleHandleA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
FlushFileBuffers
VirtualAlloc
GetSystemTimeAsFileTime
GetTickCount
VirtualAllocEx
VirtualFree
InterlockedDecrement
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
SetLastError
InterlockedIncrement
RaiseException
GetConsoleMode
GetConsoleCP
SetFileAttributesW
GetCurrentDirectoryA
SetStdHandle
CreateFileA
GetDriveTypeA
SetFilePointer
GetTimeZoneInformation
ExitThread
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
RtlUnwind
CloseHandle
WideCharToMultiByte
HeapCreate
GetLastError
MultiByteToWideChar
CompareStringW
GetUserDefaultLCID
GetCommandLineW
OpenProcess
CreateThread
ReleaseMutex
CreateMutexW
GlobalAlloc
GlobalUnlock
GlobalLock
IsValidLocale
QueryPerformanceCounter
IsValidLanguageGroup
GetCurrentProcessId
GetVersionExW
FormatMessageW
LocalFree
TlsAlloc
TlsFree
FindNextFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEndOfFile
DeviceIoControl
TlsGetValue
GetLogicalDrives
GetCurrentDirectoryW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
CopyFileW
DeleteFileW
GetFileType
WriteFile
ReadFile
SetFilePointerEx
GetFileInformationByHandle
FindClose
FindFirstFileW
GetFileAttributesExW
CreateFileW
GetFullPathNameW
LoadLibraryW
ResetEvent
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetTimeFormatW
GetDateFormatW
GetProcAddress
SetErrorMode
GetLocaleInfoW
GetLocalTime
TerminateThread
ResumeThread
SetThreadPriority
GetThreadPriority
Sleep
GetSystemInfo
WaitForMultipleObjects
SetEvent
CreateEventW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
DuplicateHandle
TlsSetValue

user32

DestroyWindow
UnregisterClassW
PeekMessageW
PostMessageW
KillTimer
GetWindowLongW
DefWindowProcW
CharNextExA
CallNextHookEx
RegisterClassW
CreateWindowExW
SetWindowLongW
SetTimer
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
GetAsyncKeyState
UnhookWindowsHookEx
GetQueueStatus
GetCursorPos
GetClipboardFormatNameW
SetClipboardViewer
ChangeClipboardChain
GetMenu
ToAscii
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
TrackPopupMenuEx
SetMenuItemInfoW
ToUnicode
LoadIconW
MapWindowPoints
GetWindowThreadProcessId
FindWindowExW
FindWindowW
RegisterClipboardFormatW
CreateCursor
SetCursorPos
DestroyCursor
GetFocus
SetFocus
GetActiveWindow
IsChild
GetDC
ReleaseDC
GetSystemMetrics
GetDesktopWindow
AdjustWindowRectEx
DrawIconEx
GetIconInfo
CreateIconIndirect
HideCaret
CreateCaret
DestroyCaret
SetCaretPos
RegisterWindowMessageW
GetKeyboardLayoutList
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
EndPaint
BeginPaint
InvalidateRgn
GetUpdateRect
SetWindowPos
ClipCursor
GetWindowRgn
FlashWindowEx
GetCaretBlinkTime
MessageBeep
GetParent
WindowFromPoint
GetKeyState
GetSysColorBrush
LoadImageW
GetClassInfoW
SystemParametersInfoW
GetSysColor
SetWindowRgn
UpdateWindow
ScrollWindowEx
GetWindowRect
SetWindowPlacement
GetWindowPlacement
ValidateRgn
InvalidateRect
MoveWindow
IsZoomed
IsIconic
SetForegroundWindow
ReleaseCapture
SetCursor
SetCapture
SendMessageW
DestroyIcon
SetWindowTextW
ScreenToClient
SetParent
ShowWindow
IsWindowVisible
EnableMenuItem
GetSystemMenu
ClientToScreen
GetClientRect
DispatchMessageW

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
OleRun
CoCreateInstance
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
StringFromGUID2
OleInitialize
OleUninitialize
ReleaseStgMedium
DoDragDrop
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoGetMalloc
CoInitialize

advapi32

RegOpenKeyExW
GetTokenInformation
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegFlushKey
OpenProcessToken

ws2_32

WSAAsyncSelect

gdi32

CreateFontIndirectW
CreateBitmap
GetDIBits
CreateDIBSection
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
PtInRegion
GetFontData
SelectPalette
GetObjectW
GetStockObject
GetRegionData
CreateRectRgn
DeleteObject
OffsetRgn
CombineRgn
GetDeviceCaps
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetTextMetricsW
GetTextFaceW
GetOutlineTextMetricsW
GetTextExtentPoint32W
SetGraphicsMode
SetWorldTransform
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
SetTextColor
SetBkMode
SetTextAlign
RealizePalette
GdiFlush
SelectClipRgn
ExtTextOutW

oleaut32

VariantInit
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContext
ImmGetContext

winmm

PlaySoundW

keypress

?Init@KeyboardHook@@QAEXXZ
?UnInit@KeyboardHook@@QAEXXZ
??1KeyboardHook@@QAE@XZ
??0KeyboardHook@@QAE@XZ
?FixHook@KeyboardHook@@QAEXXZ
?KeyDown@KeyboardHook@@UAEXHH@Z
?KeyUp@KeyboardHook@@UAEXHH@Z

Exports

Exports

??0KeyboardHook@@QAE@ABV0@@Z
??4KeyboardHook@@QAEAAV0@ABV0@@Z
??_7KeyboardHook@@6B@

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cdf6357563f5fd70e466cb994c1e5e7

Headers

DLL Characteristics

File Characteristics

Imports

dinput8

kernel32

user32

shell32

ole32

advapi32

ws2_32

gdi32

oleaut32

imm32

winmm

keypress

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 30KB - Virtual size: 50KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 201KB - Virtual size: 200KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 30KB - Virtual size: 50KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 201KB - Virtual size: 200KB