dasdadsa[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

dasdadsa.rar
Size

262KB
MD5

348d1547808f3edb93990318c4f064bb
SHA1

1a9ea9ce866443bfc00a10160394e75ba61bab95
SHA256

3f763a11bbd55310d954266748f6c6a1f646aeea9559d89118f6f0c87e2b6d58
SHA512

6a41971e735dfa76cdaeb0123b5039ed402bc85e99c29170ff31daf2486afd069b1a5c4724ec16ecc104b0cb455a252fa0e1fe370e0e9014185c615a48ef8b5a
SSDEEP

6144:CCnxbFFjjoJPCbaS9yJw/qChx3r3iuntUt6d8ZnL27:pWPYaSE1kx3r3iCyZa7

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Interception/command line installer/install-interception.exe
unpack001/Interception/library/x64/interception.dll
unpack001/Interception/library/x86/interception.dll
unpack001/Interception/samples/x86/axes.exe
unpack001/Interception/samples/x86/cadstop.exe
unpack001/Interception/samples/x86/caps2esc.exe
unpack001/Interception/samples/x86/hardwareid.exe
unpack001/Interception/samples/x86/identify.exe
unpack001/Interception/samples/x86/interception.dll
unpack001/Interception/samples/x86/mathpointer.exe
unpack001/Interception/samples/x86/x2y.exe

Files

dasdadsa.rar
.rar
Interception/command line installer/install-interception.exe
.exe windows:6 windows x86 arch:x86

51850908103fac568ec032763c0d304c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\franci~1\docume~1\projects\interc~1\instal~1\exe\objfre_wxp_x86\i386\install-interception.pdb

Imports

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
MoveFileExA
GetSystemDirectoryA
GetSystemInfo
CloseHandle
FreeResource
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep

msvcrt

free
_callnewh
malloc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
abort
islower
__getmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__uncaught_exception
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_errno
__CxxFrameHandler
exit
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memset
memcpy
_stricmp
setlocale

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/library/interception.h
Interception/library/x64/interception.dll
.dll windows:6 windows x64 arch:x64

fc13c2509303a1017f557c2e52abb49d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

z:\interception-api\library\objfre_win7_amd64\amd64\interception.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
sprintf

kernel32

DeviceIoControl
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
CreateEventA
WaitForMultipleObjects
CloseHandle
Sleep
QueryPerformanceCounter

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/library/x64/interception.lib
Interception/library/x86/interception.dll
.dll windows:6 windows x86 arch:x86

a4e6a4038890da57f612359318213376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\interception-api\library\objfre_wxp_x86\i386\interception.pdb

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter
sprintf

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
CreateFileA
CreateEventA
WaitForMultipleObjects
DeviceIoControl
CloseHandle
GetProcessHeap
HeapFree

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/library/x86/interception.lib
Interception/licenses/commercial-usage/Interception API.pdf
.pdf
- http://www.gnu.org/copyleft/lesser.html
- https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=R4WEY5SQ2JEZC&lc=BR&item_name=Interception%20API%20Lifetime%20License&amount=400%2e00&currency_code=USD&button_subtype=services&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHosted
Interception/licenses/commercial-usage/Interception.pdf
.pdf
- http://oblita.com
Interception/licenses/non-commercial-usage/LGPL 3.0.txt
Interception/samples/x86/axes.exe
.exe windows:6 windows x86 arch:x86

57ffa8dfd9203e80906cb48ca6b5b393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\axes\objfre_wxp_x86\i386\axes.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

?terminate@@YAXXZ
_controlfp
__getmainargs
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit

interception

interception_is_mouse
interception_set_filter
interception_receive
interception_send
interception_destroy_context
interception_wait
interception_is_keyboard
interception_create_context

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/cadstop.exe
.exe windows:6 windows x86 arch:x86

89440cf40445c4898ae4b2bf34d7f753

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\cadstop\objfre_wxp_x86\i386\cadstop.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep

msvcrt

fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
setlocale
abort
islower
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__uncaught_exception
free
memcpy
setvbuf
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
fflush
ungetc
fputc
fgetc
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
memset
malloc
memmove
_callnewh
_errno
__CxxFrameHandler
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z

interception

interception_wait
interception_receive
interception_send
interception_destroy_context
interception_set_filter
interception_is_keyboard
interception_create_context

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/caps2esc.exe
.exe windows:6 windows x86 arch:x86

81a60ecccbb926196001a56bf849d9c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\caps2esc\objfre_wxp_x86\i386\caps2esc.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
GetLastError
CreateMutexA
CloseHandle
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
memset
memcpy
memmove
_unlock
__dllonexit
_lock
?terminate@@YAXXZ
_controlfp
malloc
_callnewh
free
_errno
__CxxFrameHandler
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_onexit

interception

interception_is_keyboard
interception_set_filter
interception_wait
interception_receive
interception_send
interception_destroy_context
interception_create_context

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/hardwareid.exe
.exe windows:6 windows x86 arch:x86

650bd69ed28aa15c23dea3dc8f9a0e8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\hardwareid\objfre_wxp_x86\i386\hardwareid.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep

msvcrt

fgetpos
fseek
fsetpos
fclose
__iob_func
__pctype_func
___lc_codepage_func
___lc_handle_func
setlocale
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
abort
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
malloc
fwrite
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
fgetc
ungetc
___mb_cur_max_func
setvbuf
fflush
ungetwc
fputwc
fgetwc
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
memcpy
memset
_callnewh
free
_errno
__CxxFrameHandler
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
__uncaught_exception

interception

interception_is_mouse
interception_wait
interception_set_filter
interception_get_hardware_id
interception_send
interception_destroy_context
interception_receive
interception_is_keyboard
interception_create_context

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/identify.exe
.exe windows:6 windows x86 arch:x86

0a9b23b45425eb8fb375044328ad1313

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\identify\objfre_wxp_x86\i386\identify.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
InterlockedIncrement

msvcrt

fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
abort
__crtLCMapStringA
__pctype_func
isupper
islower
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
setlocale
memcpy
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
isleadbyte
_iob
_snprintf
_itoa
wctomb
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
___lc_handle_func
___lc_codepage_func
malloc
_callnewh
free
_errno
__CxxFrameHandler
strcspn
??0exception@@QAE@XZ
memchr
localeconv
memset
??1bad_cast@@UAE@XZ
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
__uncaught_exception

interception

interception_is_mouse
interception_set_filter
interception_receive
interception_send
interception_destroy_context
interception_wait
interception_is_keyboard
interception_create_context

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/interception.dll
.dll windows:6 windows x86 arch:x86

a4e6a4038890da57f612359318213376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\interception-api\library\objfre_wxp_x86\i386\interception.pdb

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter
sprintf

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
CreateFileA
CreateEventA
WaitForMultipleObjects
DeviceIoControl
CloseHandle
GetProcessHeap
HeapFree

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/mathpointer.exe
.exe windows:6 windows x86 arch:x86

4043743d3dc402f9d33658127518d6b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\mathpointer\objfre_wxp_x86\i386\mathpointer.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
InterlockedIncrement
GetVersion

msvcrt

___lc_codepage_func
___lc_handle_func
setlocale
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
abort
__crtLCMapStringA
__pctype_func
isupper
islower
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
??1type_info@@UAE@XZ
__uncaught_exception
memcpy
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
isleadbyte
_iob
_snprintf
_itoa
wctomb
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
malloc
_callnewh
free
_errno
__CxxFrameHandler
strcspn
??0exception@@QAE@XZ
memchr
localeconv
memset
_CIexp
_CIcos
_CIsin
??1bad_cast@@UAE@XZ
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
time
difftime
__set_app_type

user32

GetSystemMetrics

interception

interception_is_mouse
interception_set_filter
interception_receive
interception_destroy_context
interception_send
interception_wait
interception_is_keyboard
interception_create_context

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interception/samples/x86/x2y.exe
.exe windows:6 windows x86 arch:x86

30a6f0e5975ac25e8d39d494b8164561

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\interception-api\samples\x2y\objfre_wxp_x86\i386\x2y.pdb

Imports

kernel32

SetPriorityClass
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

?terminate@@YAXXZ
_controlfp
__getmainargs
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit

interception

interception_wait
interception_receive
interception_send
interception_destroy_context
interception_set_filter
interception_is_keyboard
interception_create_context

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51850908103fac568ec032763c0d304c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 424KB - Virtual size: 423KB

.reloc Size: 4KB - Virtual size: 3KB

fc13c2509303a1017f557c2e52abb49d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 512B - Virtual size: 36B

a4e6a4038890da57f612359318213376

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 1024B - Virtual size: 1018B

57ffa8dfd9203e80906cb48ca6b5b393

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

interception

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

89440cf40445c4898ae4b2bf34d7f753

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

interception

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

81a60ecccbb926196001a56bf849d9c8

Headers

DLL Characteristics

File Characteristics

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 424KB - Virtual size: 423KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 1024B - Virtual size: 1018B

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 1024B - Virtual size: 1018B

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB