d44fc9903b264a7d63f343614b65cbb1

General

Target

d44fc9903b264a7d63f343614b65cbb1
Size

100KB
MD5

d44fc9903b264a7d63f343614b65cbb1
SHA1

00073d8ad9a62b3afcc421936241520762497921
SHA256

04bcb9e963595a9d9314fde95caa1891ba8c820c97074da9f057c39966be1665
SHA512

aa25971012a0e9fa218fe7f1374c2dd1ce567ef3eb10dfed116a45d78d4364e77948f32fb3d6769921e729ae0c88a1e3d4ed89624da7706613b13350ee8b6dc2
SSDEEP

192:d5r5bs23QKBYQ8HHkKK06RQgAG/OsYhgv:d5r5bfeXKln/OZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d44fc9903b264a7d63f343614b65cbb1

Files

d44fc9903b264a7d63f343614b65cbb1
.dll windows:4 windows x86 arch:x86

1a716ed9add2f8b2513d5c55e4277658

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\!Work\!!!COMM!!!\$1000_Ch_TAN\lib\Release\lib.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
strstr
_strupr
strncpy
sprintf
wcsstr
wcscmp
strcspn
srand

kernel32

DisableThreadLibraryCalls
CreateThread
GetVersionExA
lstrcatA
GetSystemDirectoryA
Sleep
WriteFile
VirtualQuery
LoadLibraryExW
GetCurrentProcess
LoadLibraryW
Module32First
lstrcmpiA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
LoadLibraryExA
VirtualProtect
CreateToolhelp32Snapshot
Module32Next
CloseHandle
GetCurrentProcessId
WriteProcessMemory
CreateFileA
SetFilePointer
lstrlenA
GetTickCount
GetWindowsDirectoryA

user32

wsprintfA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

_PerformHook@4

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a716ed9add2f8b2513d5c55e4277658

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

imagehlp

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 988B

Shared Size: 76KB - Virtual size: 72KB

.reloc Size: 4KB - Virtual size: 968B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 988B

Shared
Size: 76KB - Virtual size: 72KB

.reloc
Size: 4KB - Virtual size: 968B