bb837aa0184f303ccd4efb58a5c980e1

Sharing

Copy URL Twitter E-mail

General

Target

bb837aa0184f303ccd4efb58a5c980e1
Size

72KB
MD5

bb837aa0184f303ccd4efb58a5c980e1
SHA1

3a4ed517ee14094358281b6531253b6d238a2a38
SHA256

3021a013b2073e7ed1b530682c20e3d5ea1406d185d626a54a218585a048168c
SHA512

fe444a777c647745a383d6ac0078e5e781ab9eb30f7c52270987f9c520b139336c3c9bb7a19484f1f4d975319433e590ae4921463d5a760f4fa857f962afb62d
SSDEEP

768:usgd9hBvkwC2iaDo1hbyvVGy4SJ21TjUFKh+QZzt06twJtmGnQKKHliSTpm:vcVQ2iKWKLvU1vSKhnjBtwJpQ9liSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb837aa0184f303ccd4efb58a5c980e1

Files

bb837aa0184f303ccd4efb58a5c980e1
.dll windows:4 windows x86 arch:x86

9c3140c3fe5b32501efe0668d0a47913

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\hook 工程\string\SetHook\Release\SetHook.pdb

Imports

kernel32

GetLastError
SetEvent
ResetEvent
GetModuleFileNameA
Sleep
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetProcAddress
LoadLibraryA
OpenProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateThread
CreateEventA
FlushFileBuffers
ExitProcess
RaiseException
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedExchange
VirtualQuery
SetFilePointer
VirtualProtect
GetSystemInfo
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
GetLocaleInfoA
SetStdHandle
ReadFile

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
FindFirstUrlCacheEntryA

Exports

Exports

GetUrl
InstallHook
Quit
SetHook

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c3140c3fe5b32501efe0668d0a47913

Headers

File Characteristics

PDB Paths

Imports

kernel32

wininet

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 4KB