e07cf60900086117af443976f6d3f802

Sharing

Copy URL Twitter E-mail

General

Target

e07cf60900086117af443976f6d3f802
Size

24KB
MD5

e07cf60900086117af443976f6d3f802
SHA1

6e54a1d4385e4d9a2189a8147584f2e6d0b28918
SHA256

e05ca84bbb696c83f1d76517c25398234a31af3c6263dff1c032656eed14dd01
SHA512

914f614539d9008a813f01d04b7d215233a73883ec6f36ebd8b0e52055abe665154f98d3607b554902cc101ea1ae7e5caac73348b2054176466e3096f81919cf
SSDEEP

384:XJB/dcV8stH6KWoUYcxqlVLi1hFRqQATEffmW401OTOtXRcdYJLz:5B9loHcxqlg1heLTEAeOTOtBcILz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e07cf60900086117af443976f6d3f802

Files

e07cf60900086117af443976f6d3f802
.dll windows:5 windows x86 arch:x86

b4cb6de93e4fbad00cfcff7a81ab391d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\2010-10-01\프로젝트\플러스탭\PlusTab1.0.0.2\adc\Release\adc.pdb

Imports

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
QueryPerformanceCounter
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
GetModuleFileNameW
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

RemovePropW
SetWindowLongW
SetPropW
GetWindowLongW
GetParent
GetClassNameW
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetFocus
CallWindowProcW
MapVirtualKeyW
keybd_event
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DefWindowProcW
GetPropW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW

imm32

ImmNotifyIME
ImmSetCompositionStringW
ImmGetContext
ImmReleaseContext

msvcr90

iswspace
memmove_s
wcsnlen
memcpy_s
wcscpy_s
_vscwprintf
vswprintf_s
??2@YAPAXI@Z
memset
free
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
wcscmp
wcschr
_wcsicmp
wcslen
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler3

Exports

Exports

InstallHook
RemoveHook

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ADCDATA
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4cb6de93e4fbad00cfcff7a81ab391d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

imm32

msvcr90

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.ADCDATA Size: 512B - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.ADCDATA
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1KB - Virtual size: 1KB