5a1a99f8af170f0a67a716e11e0eae6a

Sharing

Copy URL Twitter E-mail

General

Target

5a1a99f8af170f0a67a716e11e0eae6a
Size

84KB
MD5

5a1a99f8af170f0a67a716e11e0eae6a
SHA1

967cc25707a6a874082e31040863be97893ff2bd
SHA256

b890c4637ff41e15c7b247e6bcbcc9a3e9a6f807ef0907a03a8e279c40905a4d
SHA512

224a980288858ce9fdb7d0b924af175fce78a286a22c603dedcbce38a99918bc77adbe67e3f5382ea27917b6474df4d2f2d5e773c2d4784bed09578a7de0630a
SSDEEP

768:LLxRroV1Fa0VsbyLi6q3Q9uJTuXMi5ki2UcGw1QMGb6WGoyMtAGR29UnZUIJxosf:0Lp8TuciqRUcr1Qxb6WGrLIZUWosD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a1a99f8af170f0a67a716e11e0eae6a

Files

5a1a99f8af170f0a67a716e11e0eae6a
.dll windows:4 windows x86 arch:x86

b0dcacde23af6614ba0837cd37bcbb49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
DeviceIoControl
CloseHandle
TerminateProcess
GetStdHandle
SetHandleCount
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
ReadFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetProcAddress
GetOEMCP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetVersionExA
GetCurrentProcess
HeapReAlloc
HeapSize
IsBadCodePtr
GetACP
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr

user32

CallNextHookEx
PostMessageA
SendMessageA
GetParent
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
IsCharAlphaNumericA
GetWindow
GetClientRect
EnumChildWindows
GetAsyncKeyState
GetGUIThreadInfo

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

netapi32

Netbios

Exports

Exports

_StartHook
_StopHook

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0dcacde23af6614ba0837cd37bcbb49

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 17KB

.SHARDAT Size: 4KB - Virtual size: 12B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 17KB

.SHARDAT
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 4KB