79aa8b087c3835e87e07493b1ccfa1d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79aa8b087c3835e87e07493b1ccfa1d1
Size

24KB
MD5

79aa8b087c3835e87e07493b1ccfa1d1
SHA1

336bdea04e2f7547dad4061a9203887eae6dcc95
SHA256

c661acf89e298152c863e2dfeba1b29b7df83246111d1cf92c0263d66decf212
SHA512

3425005cc493d0fd545d96a8dc325bc4de7afe9dd66a21e62266f62ed869729d083fc4e86e9bd26931ef9e14355e95d9f55176691a07104e6c757a83eec95999
SSDEEP

96:CqwOsvfAx7HEcPBG0M9pk8e9OGckhTGw8hWnZC:VpsXAE6NGphe95zTGpWZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79aa8b087c3835e87e07493b1ccfa1d1

Files

79aa8b087c3835e87e07493b1ccfa1d1
.dll windows:4 windows x86 arch:x86

826eecaf82f253ee9ce2d50cdbc5b936

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyboardState
ToAscii

msvcrt

strcpy
memmove
memcpy
strlen
malloc
_initterm
free
_adjust_fdiv

Exports

Exports

GetData
KeylogOff
KeylogOn
KeylogOpt

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 515B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ