c4e3af37e799eb6687f07e5b64200458

Sharing

Copy URL Twitter E-mail

General

Target

c4e3af37e799eb6687f07e5b64200458
Size

112KB
MD5

c4e3af37e799eb6687f07e5b64200458
SHA1

b1e4efc500e856e9e79b858958d905d254ee1bd9
SHA256

73e615f6c6a1520e241e9e16ea6327cb65d077c1c42516f2455a1c8c9c389ab6
SHA512

989addd601e0fb532c63d98de610373d94e977de31667bd71d8a71d5469331c282313855053d17ff398b176d8c6f2eec99a14be2455c710413fed89e52832edc
SSDEEP

1536:Iv5eiBpVv1T8StH0oB23ouOm90mYoZSm5dLOBDriu23vz:IvfR/tH0J0mYo9MBDmu2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4e3af37e799eb6687f07e5b64200458

Files

c4e3af37e799eb6687f07e5b64200458
.dll windows:4 windows x86 arch:x86

cd189227cf5a4aba630b99dd0ba0f823

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

shlwapi

SHSetValueA
SHGetValueA

kernel32

HeapDestroy
CloseHandle
WriteFile
SizeofResource
CreateFileA
LockResource
LoadResource
FindResourceA
Sleep
CreateThread
GetModuleFileNameA
DeleteFileA
MoveFileExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempPathA
GetCurrentProcessId
GetTickCount
OpenProcess
lstrlenW
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
RaiseException
LCMapStringW
LCMapStringA
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
WriteConsoleA
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapSize
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

user32

TranslateMessage
EnumWindows
UnhookWindowsHookEx
GetWindowThreadProcessId
PostThreadMessageA
DispatchMessageA
GetMessageA
CallNextHookEx
SetWindowsHookExA

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi
SysStringLen
DispCallFunc
VariantClear
SysFreeString

Exports

Exports

HookProc
RunUI

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd189227cf5a4aba630b99dd0ba0f823

Headers

File Characteristics

Imports

psapi

shlwapi

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 96KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB