4401b5818838ae0b767a0bdbec8815fb | Triage

Sharing

General

Target

4401b5818838ae0b767a0bdbec8815fb
Size

31KB
MD5

4401b5818838ae0b767a0bdbec8815fb
SHA1

aa67b943d23febb8b31ec259544b21cb0c514a85
SHA256

c9b7318c8e52843ec1a978eb38d5e13f0850550abf3c026c501614fb5cc43651
SHA512

98f6df2be99d3ea3e0b93d9ad9dbc4f57142521eb68290ed28f6701e99dcbd553016e5eeaeb1390670f676f4f6c06adb2ad2578431eef504c09248d35db0f3eb
SSDEEP

768:w6bUhnfLQe+kC6hN+J7EM1v6hhdO2QZ77YT3cjTn0boN:w6whnDx9291ChXy77YTQ0bA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4401b5818838ae0b767a0bdbec8815fb

Files

4401b5818838ae0b767a0bdbec8815fb
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisableKeyboardHook9X
EnableKeyBoardHook9X
HookOffRegionProcess
HookOnRegionProcess
HookOnRegionProcessOld
StartHookOn
StartHookZBProc
StopHookOff
StopHookZBProc

Sections

nsp0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsp1
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE