138b85c85157ba932435f908c18cbd3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

138b85c85157ba932435f908c18cbd3e
Size

152KB
MD5

138b85c85157ba932435f908c18cbd3e
SHA1

3c54256822e2436cda65143d42f1c76abd0a24f7
SHA256

46cc52edeb184b0e18d8f6fa897f2c727b17bdc7bb72a6dba8ba69d5311182c9
SHA512

c2de12df59151e1e877c3265dc5457ee6968f0d87078808c6f8fc1b9035585c91cd3be7284d66eb1c115ca58a345a705e8d766d18bd83162df9844852dc00291
SSDEEP

96:4RB8ayUPbS3lZCa9AlOlClRjlBJeYUe2NFf+nLzce6BIWB0+HuKq82KGL:4TTyqbSQPYYf2N0nK0+3q82KG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
138b85c85157ba932435f908c18cbd3e

Files

138b85c85157ba932435f908c18cbd3e
.dll windows:4 windows x86 arch:x86

3e8d16d8fd974b5742a48720419a2b06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetCurrentProcessId
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
GetModuleHandleA
LoadLibraryExA
LoadLibraryExW
lstrlenA
WideCharToMultiByte
GlobalFree
SetFilePointer
CreateFileA
Sleep
WriteFile
ExpandEnvironmentStringsA
CreateThread
LoadLibraryW
GetProcAddress

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
CharUpperBuffA

imagehlp

ImageDirectoryEntryToData

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
memset
_memicmp
_onexit

Exports

Exports

_Prog_HookAllApps@8
fnDLL
fnFND

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xShared
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ