bd8383d54dd023c85657d3344719bb07

Sharing

Copy URL Twitter E-mail

General

Target

bd8383d54dd023c85657d3344719bb07
Size

52KB
MD5

bd8383d54dd023c85657d3344719bb07
SHA1

e6018c44f1f22d645ed2719edc905bf82c700071
SHA256

d3c2599eac13c281db56b116ae0f2bc67ba5536f26fbd5ff1df3ddc5239d3469
SHA512

ebf20c3b77c2c1e2cf532a2817f587fabb09beca6035cacb711564b3db137c49deb1d29059b5a74cb35958a9842c2b423566bdb81f624a648a06db11e97fdb56
SSDEEP

768:swiD1TNeXdpKv+X2zuKiMYkTrX33zYtgBXi9/MqKeMx1ldUOo9LWX:oN0dpEOHkTrXstyiCB1dox8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd8383d54dd023c85657d3344719bb07

Files

bd8383d54dd023c85657d3344719bb07
.dll windows:4 windows x86 arch:x86

d584b51ac223b49cd74c7a9380e39582

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
ReadFile
SetFilePointer
CopyFileA
GetModuleHandleA
GetLastError
RtlUnwind
MultiByteToWideChar
GetSystemDirectoryA
CreateFileA
GetFileSize
WriteFile
CloseHandle
GetModuleFileNameA
OutputDebugStringA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetActiveWindow
GetWindowTextW
MessageBoxA
CallNextHookEx
GetKeyState

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

Exports

Exports

GetBuffer
InstallHOOK
IsHooked
UninstallHOOK
_CallMsgProc@12
flush_logfile
install_auto
uninstall_auto

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d584b51ac223b49cd74c7a9380e39582

Headers

File Characteristics

Imports

kernel32

user32

advapi32

imm32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 10KB

.shared Size: 4KB - Virtual size: 9B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.shared
Size: 4KB - Virtual size: 9B

.reloc
Size: 4KB - Virtual size: 3KB