e39149816cf2e06f452e7d5a56f5d07599c921831135356c688b1ccd0b42255f

Sharing

Copy URL

Twitter E-mail

General

Target

e39149816cf2e06f452e7d5a56f5d07599c921831135356c688b1ccd0b42255f
Size

296KB
MD5

e421d7d32100b25dc9e7bf30880e1c3a
SHA1

ac4f400c1d013a7615ca98f72bac9cc4658202d4
SHA256

e39149816cf2e06f452e7d5a56f5d07599c921831135356c688b1ccd0b42255f
SHA512

d00bf696e8e3037105ab81471c5523e5cfda8f75955acd947a7bf1ad9a015017df2a0a16a8be199ae00a60c38864055744ca8bc9ec2315baac44cf19924c9169
SSDEEP

3072:6rGkvTj8T2DRLZ2OPvAnuJWPBgX222Pozs:6Ckrrn2ev7gtl8s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e39149816cf2e06f452e7d5a56f5d07599c921831135356c688b1ccd0b42255f

Files

e39149816cf2e06f452e7d5a56f5d07599c921831135356c688b1ccd0b42255f
.dll windows:4 windows x86 arch:x86

a1c4b6a88936607abc26c660ea3db6e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

recv
__WSAFDIsSet
send
WSAGetLastError
getsockname
getpeername
inet_addr
select
accept
listen
ioctlsocket
gethostbyname
connect
inet_ntoa
htons
htonl
bind
shutdown
closesocket
socket
setsockopt
WSACleanup
WSAStartup

kernel32

CreateSemaphoreA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetConsoleCtrlHandler
IsBadCodePtr
UnhandledExceptionFilter
GetLastError
AllocConsole
SetEndOfFile
SetFilePointer
CreateFileA
MoveFileA
DeleteFileA
CloseHandle
WriteFile
WriteConsoleA
GetStdHandle
OutputDebugStringA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
TerminateProcess
FatalAppExitA
ExitProcess
GetModuleFileNameA
InterlockedIncrement
LoadLibraryA
GetProcAddress
InterlockedDecrement
DebugBreak
SetLastError
TlsFree
ExitThread
CreateThread
RaiseException
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ReleaseSemaphore
InterlockedExchange
SetThreadPriority
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
TlsAlloc
ResumeThread
TlsGetValue
Sleep
GetSystemTime
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetTimeZoneInformation
GetLocalTime
GetCommandLineA

user32

GetAsyncKeyState
MapVirtualKeyA
keybd_event
VkKeyScanA
GetCursorPos
WindowFromPoint
GetParent
GetFocus
SetFocus
SetTimer
KillTimer
RegisterWindowMessageA
GetKeyState
GetKeyboardState
ToAscii
CallNextHookEx
GetClientRect
GetWindowLongA
AdjustWindowRectEx
GetDesktopWindow
GetWindowRect
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
GetSystemMetrics
mouse_event

remotekm_hooks

SetMousePriorityLLHook
SetMouseFilterArea
SetMouseFilterHook_Inside

Exports

Exports

remSetAudienceActiveArea
remSetLecturerActiveArea
remSetLecturerMouseMovePeriod
remStartAudience
remStartLecturer
remStopAudience
remStopLecturer

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1c4b6a88936607abc26c660ea3db6e1

Headers

File Characteristics

Imports

wsock32

kernel32

user32

remotekm_hooks

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 243KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 18KB

.idata Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 18KB

.idata
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 8KB