a9bce1d47adb3f7779809adc1c04726d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9bce1d47adb3f7779809adc1c04726d
Size

8KB
MD5

a9bce1d47adb3f7779809adc1c04726d
SHA1

265b2cd93ba894477c6a9d45b0c9ab65ea88d3b4
SHA256

8f70fee209f1ff4fde13b865618751e3c8cdfb454bb1b964f07c9af90e69be94
SHA512

ea6b0d8f2c0768c6e1e147c132c24a085c4174fb7ec565d23c774bffebae28c53a2ab60d3d279879a42f904cabb4e5268e767a44773eac648721335817fdacdb
SSDEEP

96:u8OBLQ4wNqCMSazNiz91eOdQPIiEuuXLPULrCBB6V4lb0wBzyvkOF01OqKdtr5jp:29wD/VaIiIrvBBBX+vkO+1nilo8EB8j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9bce1d47adb3f7779809adc1c04726d

Files

a9bce1d47adb3f7779809adc1c04726d
.dll windows:4 windows x86 arch:x86

def382fce05e627103853ec619735b26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetSystemInfo
GetProcAddress
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
WideCharToMultiByte
GetTickCount
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetDesktopWindow
CallNextHookEx
GetKeyboardLayout
GetWindowLongA
GetClassNameA
GetKeyState
GetWindowThreadProcessId
ToAsciiEx
GetFocus
PostMessageA
IsWindow
SendMessageA
GetKeyboardState

msvcrt

_onexit
_adjust_fdiv
malloc
_initterm
free
__dllonexit

Exports

Exports

DLL_GetProjectVersion
EnableAltInterception
EnableDiaryTracking
EnableNTInvisible
EnablePreHandle
EnableSpecialKeysLogging
SetHook

Sections

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ