0489d984112cecdd4b1b91507d0957e94c716400f97c5a40f4530c623bee7ce3

General

Target

0489d984112cecdd4b1b91507d0957e94c716400f97c5a40f4530c623bee7ce3
Size

17KB
MD5

51193d85fd2cdb9bbee2ed18197af863
SHA1

c92222ec110be4c643fac3a840a18bec7a7831a8
SHA256

0489d984112cecdd4b1b91507d0957e94c716400f97c5a40f4530c623bee7ce3
SHA512

3d65bc3c9715f924fc4184c7f81a17b576e29b4855562146b593ecbd5e6a817ae20528e17a10b6994974d2ab9ed389834ca1584706d0b933eab612f7ea386b63
SSDEEP

384:vbDeFhM9zNdju9I8RLzx7XrzBTRDWrGBJkJn/W/E/J/6WCVWua:vGMnM9TLt7XBUrGqnucxOza

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0489d984112cecdd4b1b91507d0957e94c716400f97c5a40f4530c623bee7ce3

Files

0489d984112cecdd4b1b91507d0957e94c716400f97c5a40f4530c623bee7ce3
.dll windows:5 windows x86 arch:x86

538e0db4adf52b812d69472aa7377703

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
DisableThreadLibraryCalls
lstrcmpiW
CreateThread
WideCharToMultiByte
VirtualFreeEx
MultiByteToWideChar
lstrcmpiA
GetProcAddress
VirtualAllocEx
GetModuleHandleA
GetCurrentProcessId
lstrcmpA
VirtualFree
VirtualAlloc
GetModuleHandleW
GetModuleFileNameA
VirtualProtect
IsBadReadPtr
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW

ntdll

RtlFreeAnsiString
NtQueryInformationThread
NtClose
RtlUnicodeStringToAnsiString
NtOpenProcess
strstr
memset
memcpy

Exports

Exports

getActiveDesktop
getWnd

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

538e0db4adf52b812d69472aa7377703

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1024B - Virtual size: 724B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1024B - Virtual size: 724B