39e842b02619e5121a7fcfc0b70ab2b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39e842b02619e5121a7fcfc0b70ab2b8
Size

15KB
MD5

39e842b02619e5121a7fcfc0b70ab2b8
SHA1

b5d62c4eae0ea3c4523e052940de37dc05f5028a
SHA256

5993fc5f6580ccbee8c8eeb2d087875e568e5a6688ba199a77374489fe5f7e6f
SHA512

4ce67a981ef38495a1904f6da4b537c8e7c7bf2f6b1fc840219d652616504043cef719d231e574a8d09099f944ebb037035b0ebe1d5c01efb0bfc2716acbc378
SSDEEP

384:/y0ONtWtgvR2jxcmhwHtNWjF5VtOGTyQ/:/uaq+5gwF0ky

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39e842b02619e5121a7fcfc0b70ab2b8

Files

39e842b02619e5121a7fcfc0b70ab2b8
.dll windows:4 windows x86 arch:x86

62c6facdc326969766b36b828ff566da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
GetForegroundWindow
GetClassNameA
CallNextHookEx
wsprintfA

kernel32

LoadLibraryA
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WideCharToMultiByte
VirtualProtectEx
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
Module32First
Module32Next
MultiByteToWideChar
Process32First
Process32Next
ReadFile
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ