8028fa135114abc358b709604c8a438a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8028fa135114abc358b709604c8a438a
Size

24KB
MD5

8028fa135114abc358b709604c8a438a
SHA1

61f71e446b4657a8c99810836f1a23ca0d7a32ff
SHA256

c75d8a6d940dc3f5724b6791cfd73695adadee02f1e77f58a48379b2fce444f9
SHA512

5ff74328624798ab396163171716ab9c83280679825473f43c38d07ca771f95d127e187d3eba8c66630b793f0e700da1ded9578979a165fc9d2f24bc10d08a6b
SSDEEP

96:CsI0akI1JxFtz0TX7yUsJ2JdIxaEXuR0cmsZE:CsrakI1JtwHSJ2JixauS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8028fa135114abc358b709604c8a438a

Files

8028fa135114abc358b709604c8a438a
.dll windows:4 windows x86 arch:x86

8665ab338871da130d259020888cb0dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1176
ord1575
ord1168
ord1577
ord1182
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord537
ord2818
ord2614
ord800
ord342
ord540
ord1578
ord600
ord1116
ord826
ord269

msvcrt

??1type_info@@UAE@XZ
__CxxFrameHandler
??2@YAPAXI@Z
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??3@YAXPAX@Z
_mbscmp

kernel32

LocalFree
lstrcpyA
OpenProcess
GetModuleHandleA
LocalAlloc

user32

GetWindowThreadProcessId
EnumChildWindows
FindWindowA
SetWindowsHookExA
SetWindowTextA
GetWindowTextA
GetClassNameA
GetWindow
UnhookWindowsHookEx
CallNextHookEx
FindWindowExA

Exports

Exports

sethook
unhook

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MySec
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ