a0344fe81761575d72af370f6f1089784d8124613004d5b01384e8994c5ea349

Sharing

Copy URL Twitter E-mail

General

Target

a0344fe81761575d72af370f6f1089784d8124613004d5b01384e8994c5ea349
Size

671KB
MD5

a255a178e1d5d439ac5e859530e9a9d1
SHA1

c81c5a5f015a4fbfb16926aa3666ade4e7a51393
SHA256

a0344fe81761575d72af370f6f1089784d8124613004d5b01384e8994c5ea349
SHA512

87c1c1d6baa507ba776be3514baccbe6a57db465219696fbe5189ff43fdcbb3cfe44c804484d05da388d18a1e5aef544eb4783ca6537277a025bb5901f9127d0
SSDEEP

12288:tXoaZO8CFFi+H127kSFdawpBMSz/AKHuRUb2/2fL5fG5dsYYG2l7WD3yK:tXo6aInYWuRU6Y5fOOQ2l75

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0344fe81761575d72af370f6f1089784d8124613004d5b01384e8994c5ea349

Files

a0344fe81761575d72af370f6f1089784d8124613004d5b01384e8994c5ea349
.dll windows:6 windows x86 arch:x86

07fb495a258062dc1f75f65db6d4189f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Dev\game-overlay\bin\Release\n_overlay.pdb

Imports

kernel32

CloseHandle
GetLastError
VirtualQuery
MapViewOfFile
UnmapViewOfFile
GetProcAddress
OpenFileMappingA
LoadLibraryW
GetCurrentThreadId
GetModuleHandleW
OutputDebugStringA
SetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateThread
GetModuleFileNameW
K32GetModuleBaseNameW
LoadLibraryA
CreateProcessA
OpenProcess
FreeLibrary
DisableThreadLibraryCalls
ReleaseMutex
OpenMutexW
WideCharToMultiByte
HeapCreate
VirtualProtect
HeapFree
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
MultiByteToWideChar
CreateFileW
DeleteFileW
GetFileAttributesExW
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
ExitProcess
MoveFileExW
RemoveDirectoryW
SetEnvironmentVariableW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
RtlUnwind
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
RaiseException
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
WaitForSingleObjectEx
InitializeConditionVariable
WakeConditionVariable
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead

user32

GetClientRect
CallWindowProcW
RegisterWindowMessageW
LoadImageW
ScreenToClient
ClientToScreen
GetSystemMetrics
SetWindowPos
CallNextHookEx
SendMessageW
FindWindowA
SetWindowLongW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
IsWindow
PostQuitMessage
DefWindowProcW
CreateWindowExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetCursor
GetCursorPos
SetCursor
SetCursorPos
ShowCursor
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
GetWindowTextW
GetForegroundWindow
IsWindowVisible
DestroyWindow
CreateWindowExA
PostMessageW

shell32

ord165
SHGetSpecialFolderPathW

Exports

Exports

_msg_hook_proc_ov@12

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07fb495a258062dc1f75f65db6d4189f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 507KB - Virtual size: 506KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 507KB - Virtual size: 506KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB