d4fa099453ec5a513bc8818f03a1f641

Sharing

Copy URL Twitter E-mail

General

Target

d4fa099453ec5a513bc8818f03a1f641
Size

260KB
MD5

d4fa099453ec5a513bc8818f03a1f641
SHA1

46415439a85ebe277d8cf1665070e54fb29788c7
SHA256

3ad63be0cb59c2747caff0ad529143df089bf9ffcb43c761e9126c498b08e315
SHA512

9912cabf043127d91c3444d5d66a5d345596979921a679dd383f1a7a2f14a95a3953bd594e14b85243140bb73a278ab503f1d87f8c26ef862507906243d7ea8d
SSDEEP

3072:lLG5WvTDC0qiqYe/VyYc9Qy0/PR/BoVp1MFp/pAg0FuafDlP8YF:Y5OZLe/VyYc2y0/hBL/pAOSF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4fa099453ec5a513bc8818f03a1f641

Files

d4fa099453ec5a513bc8818f03a1f641
.dll windows:4 windows x86 arch:x86

dbb03c33c5499942f045a9de53c21281

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\My Documents\My Projects\Input Method Editor\NewCJ\branches\7.xx\Utility\Fake NewCJ\Hook Layer Implementation\Debug\Hook Layer Implementation.pdb

Imports

kernel32

GetModuleFileNameA
FormatMessageA
IsBadWritePtr
IsBadReadPtr
GetLastError
GlobalAlloc
GlobalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
CloseHandle
lstrlenA
lstrcatA
lstrcpyA
CompareStringW
CompareStringA
GetLocaleInfoW
ReadFile
SetEndOfFile
GetSystemInfo
VirtualProtect
CreateFileA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
HeapValidate
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
GetProcAddress
LoadLibraryA
RtlUnwind
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
ExitProcess
GetModuleHandleA
FatalAppExitA
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetCurrentThread
WideCharToMultiByte
GetTimeZoneInformation
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetProcessHeap
FreeLibrary
VirtualQuery
InterlockedExchange
SetFilePointer
SetStdHandle
FlushFileBuffers
InitializeCriticalSection
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA

user32

UnhookWindowsHookEx
SendMessageA
GetKeyState
GetKeyboardState
CallNextHookEx
VkKeyScanA
FindWindowA
SetWindowsHookExA
wsprintfA
MessageBoxA

Exports

Exports

DisableHookImpl
EnableHookImpl
GetKeyStateInHookDLL
HookKeyImpl
SetKeyStateInHookDLL
UnHookKeyImpl

Sections

.textbss
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbb03c33c5499942f045a9de53c21281

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.textbss Size: - Virtual size: 88KB

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 42KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 9KB

.textbss
Size: - Virtual size: 88KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 42KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 9KB