d4806cac0e6191f7b56ed689b158e4cd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4806cac0e6191f7b56ed689b158e4cd
Size

7KB
MD5

d4806cac0e6191f7b56ed689b158e4cd
SHA1

e5e942afc6b2e895074a2f2c0763522e1bb596e4
SHA256

bd11e515e25e027cd7486b4e0d89fb7fe3e6ac55fe310ca2026fe535cb007e89
SHA512

e3ecb5aaed1fb9f496c7b3ea6539090d6fcbfd7eb4a32c45894ced1d89fd95b16c0722fa31e7a00a4603622d664d676766459816d83696b240a694e1e74c4c65
SSDEEP

96:mQ1nPOEMNjQ5soSaXKdKCcc/LHcZFb8vkaj1/OqKdCHsUGEEwu:B1nmrNjQPW/LMovkaJniS8Ed

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4806cac0e6191f7b56ed689b158e4cd

Files

d4806cac0e6191f7b56ed689b158e4cd
.dll windows:4 windows x86 arch:x86

574ca4e606b06f75dd4a9a23b54134b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetSystemInfo
GetProcAddress
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
WideCharToMultiByte
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetLastError
lstrcmpiA

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetFocus
PostMessageA
IsWindow
SendMessageA
GetWindowThreadProcessId
GetKeyState

msvcrt

_adjust_fdiv
_onexit
__dllonexit
_initterm
malloc
free

Exports

Exports

DLL_GetProjectVersion
EnableDiaryTracking
EnableNTInvisible
EnablePreHandle
GetCapsLockState
SetHook

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ