752e1e71928839194341a399972a8a22

General

Target

752e1e71928839194341a399972a8a22
Size

40KB
MD5

752e1e71928839194341a399972a8a22
SHA1

c69d44960d92750bc51a7267d9e28211c77f4e38
SHA256

8f076eb54569ce9c4a75000b19c8d6eacb287bee2bf636a616dfb2f8781729ba
SHA512

f3d0c89707106463a6b38aee59b2a6fcda0489a033e45661a713a33c0b21c07b595eda15a524ef5fe122675439de512d39b8cb84523047e28a80c5051607acfd
SSDEEP

384:p6/d5/HpD/m84XTvTeeeCmlI1jKnm3xygGoB0NudIrpNboIbpfMs4Tr:A/TlpKTvayKnmB2oB0N+IVdomM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
752e1e71928839194341a399972a8a22

Files

752e1e71928839194341a399972a8a22
.dll windows:4 windows x86 arch:x86

c7b8e1182bdd511447fc472cbcd01dcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathStripPathA

kernel32

GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
lstrcmpiA
VirtualProtect
VirtualQuery
GetVersionExA
Module32Next
OpenProcess
Module32First
CreateToolhelp32Snapshot
TerminateProcess
GetModuleHandleA
CloseHandle
WritePrivateProfileStringA
ReadProcessMemory
GetModuleFileNameA
DisableThreadLibraryCalls
HeapFree
VirtualFree
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
ExitProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeW

user32

SetWindowsHookExA
CallNextHookEx
FindWindowA
GetWindowThreadProcessId

Exports

Exports

?HookProc@@YGJHIJ@Z
InstallHook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7b8e1182bdd511447fc472cbcd01dcc

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.HookSec Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.HookSec
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB