e1fd739d62b6002a3ad746d6ebc34584

Sharing

Copy URL Twitter E-mail

General

Target

e1fd739d62b6002a3ad746d6ebc34584
Size

70KB
MD5

e1fd739d62b6002a3ad746d6ebc34584
SHA1

85c17208d439684437a1c4dc008757bce28da072
SHA256

570905a8e18adc0869af9455473dc94907d92b02a2fbad38b23a6324514dc73a
SHA512

5fea78433bd3bb61bfe632bc79116a6c44b48af22edb45b97f935164cca007576603eb7ca3698aa78159546592440b6798d48806137c997dcd2fad70eb62bbdf
SSDEEP

768:0+JjX5w68ePDJZMzfWfn00TXqb2ZoYLkXTY3zRo4FJEKbLCB8onOzVSAjzphe:0+JjV7DgOfnnTXqrKkEo4FKkAOzVSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1fd739d62b6002a3ad746d6ebc34584

Files

e1fd739d62b6002a3ad746d6ebc34584
.dll windows:4 windows x86 arch:x86

009215efd38e2a16d9cc24efbf6bd33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
VirtualFree
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LocalFree
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate

user32

RegisterWindowMessageA
SendMessageTimeoutA
SendMessageA
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA

ole32

CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SysAllocString

Exports

Exports

?IsPasswordPage@@YGKXZ
?QueryPasswordEdit@@YGHXZ
?QueryPasswordPage@@YGHXZ
?SetHook@@YGHPAUHWND__@@0I@Z
?UnsetHook@@YGHPAUHWND__@@0@Z

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HOOKDAT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

009215efd38e2a16d9cc24efbf6bd33d

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 32B

.HOOKDAT Size: 4KB - Virtual size: 8B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 32B

.HOOKDAT
Size: 4KB - Virtual size: 8B

.reloc
Size: 4KB - Virtual size: 2KB