e639f1b11147ae36c98ab816477426b7ab3879f5ec33f39e5af1e058ad89a26c

Sharing

Copy URL

Twitter E-mail

General

Target

e639f1b11147ae36c98ab816477426b7ab3879f5ec33f39e5af1e058ad89a26c
Size

2.8MB
MD5

3b4f20df7a182757d6b6833e0f933530
SHA1

bad9f624d90eacb1b640d19c0461356c37d103d1
SHA256

e639f1b11147ae36c98ab816477426b7ab3879f5ec33f39e5af1e058ad89a26c
SHA512

7ef2bf2176876114e5f1212e3fa7bf9c814cab19dedeaa09e367eefe3203f1d46d301a6b65093be056897183ba7bbe2d76a51384ba640d9bc79d2dea1a064e96
SSDEEP

49152:3fTEVbhfImIMoLkJZd3vtOt0DcTQfWuyzPct:abBZoLklVOt0DJW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e639f1b11147ae36c98ab816477426b7ab3879f5ec33f39e5af1e058ad89a26c

Files

e639f1b11147ae36c98ab816477426b7ab3879f5ec33f39e5af1e058ad89a26c
.dll windows:5 windows x86 arch:x86

4b8cf4765e2e09117e7b2bbf257c22be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SVN\local\linzx\Release\AutoMacro\AutoMouseKey.pdb

Imports

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipBitmapSetPixel
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromScan0
GdipCloneImage
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdipDrawImageI

kernel32

lstrcatA
FormatMessageW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GetCurrentProcessId
GetVersionExA
CompareStringW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetThreadLocale
FindClose
FindNextFileW
FindFirstFileW
LocalAlloc
GlobalGetAtomNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
GlobalFlags
SetErrorMode
VirtualAlloc
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetCommandLineA
RaiseException
ExitProcess
HeapSize
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
LCMapStringA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
GetProcessHeap
GetModuleHandleA
GetSystemInfo
lstrcmpA
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
SetPriorityClass
DeviceIoControl
GetDiskFreeSpaceExW
GetSystemDirectoryW
CreateDirectoryW
InterlockedExchangeAdd
LocalFree
GetCommandLineW
QueryPerformanceCounter
QueryPerformanceFrequency
FlushFileBuffers
WriteFile
SetFilePointer
ReadFile
CreateProcessW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
VirtualProtectEx
VirtualQueryEx
GetCurrentThreadId
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrlenA
WaitForSingleObject
ExpandEnvironmentStringsW
GetModuleHandleW
GetFileSize
GetFileTime
LoadLibraryA
GetPrivateProfileIntW
lstrcmpiW
GetTickCount
GetSystemDefaultLCID
TerminateThread
Beep
lstrcmpW
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetFileAttributesW
CreateThread
CopyFileW
SetCurrentDirectoryA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFileTime
CreateFileW
SetCurrentDirectoryW
FlushInstructionCache
VirtualProtect
GetCurrentThread
SetThreadPriority
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentDirectoryW
MulDiv
IsBadReadPtr
TlsFree
TlsAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexW
SetLastError
GetVersionExW
GetLastError
GetCurrentProcess
lstrcpynW
lstrcpyW
GetModuleFileNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenW
GetModuleFileNameA
MultiByteToWideChar
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableA
VirtualFree

user32

GetScrollRange
SetScrollRange
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetClassLongW
GetCapture
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
CheckMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
DestroyMenu
CharNextW
GetSysColorBrush
UnregisterClassW
CopyAcceleratorTableW
GetNextDlgGroupItem
PostThreadMessageW
CharUpperW
SetRectEmpty
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
ClientToScreen
SetPropW
CallWindowProcW
RemovePropW
GetPropW
GetMenuState
DrawStateW
FillRect
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
IsMenu
GetMenuItemID
ModifyMenuW
MessageBoxA
CopyRect
ChildWindowFromPoint
IsClipboardFormatAvailable
GrayStringW
DrawTextExW
TabbedTextOutW
DrawTextW
GetWindowLongW
EndPaint
BeginPaint
GetCursorInfo
SetMenu
CreatePopupMenu
CreateMenu
FlashWindowEx
ShowCaret
HideCaret
EnumChildWindows
SetFocus
GetNextDlgTabItem
DestroyAcceleratorTable
GetActiveWindow
IsWindowEnabled
CreateAcceleratorTableW
IsDialogMessageW
TranslateAcceleratorW
SetScrollPos
GetIconInfo
GetCursor
AttachThreadInput
GetWindowThreadProcessId
GetWindowDC
PrintWindow
VkKeyScanW
MessageBeep
InsertMenuW
GetDlgItem
DeleteMenu
GetSysColor
RegisterClassExW
DefWindowProcW
SetWindowTextW
GetWindowTextLengthW
FrameRect
ChangeClipboardChain
SetClipboardViewer
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
WindowFromPoint
ReleaseCapture
SetCapture
SetCursor
LoadCursorW
GetFocus
SetActiveWindow
ExitWindowsEx
SetTimer
CreateWindowExW
IntersectRect
GetDlgCtrlID
IsRectEmpty
GetForegroundWindow
RedrawWindow
GetSubMenu
LoadMenuW
LockWindowUpdate
GetDesktopWindow
GetParent
EnableMenuItem
GetMenuItemCount
UpdateWindow
IsZoomed
RemoveMenu
PtInRect
InvalidateRect
MessageBoxW
GetMessageW
SetWindowPos
SetForegroundWindow
ShowWindow
DrawIcon
IsIconic
RegisterHotKey
UnregisterHotKey
MoveWindow
SetWindowLongW
PostMessageW
OffsetRect
AppendMenuW
GetSystemMenu
LoadBitmapW
mouse_event
KillTimer
SetClipboardData
EmptyClipboard
EnumWindows
GetClassNameW
IsWindowVisible
GetWindowTextW
RegisterClipboardFormatW
CloseClipboard
GetClipboardData
OpenClipboard
IsWindow
EqualRect
SetRect
keybd_event
GetAsyncKeyState
SetCursorPos
GetKeyState
GetCursorPos
IsChild
FindWindowW
GetClassInfoW
LoadIconW
LoadImageW
LoadImageA
DispatchMessageW
TranslateMessage
GetScrollPos
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetMenu
SystemParametersInfoA
PeekMessageW
ReleaseDC
GetDC
GetWindowPlacement
CreateDialogIndirectParamW
EndDialog
GetLastActivePopup
GetMenuStringW
InvalidateRgn
SetWindowRgn
DrawFocusRect
DrawIconEx
GetWindow
ScreenToClient
GetWindowRect
SystemParametersInfoW
GetSystemMetrics
GetKeyNameTextW
MapVirtualKeyW
SendMessageW
DestroyWindow
GetClientRect
EnableWindow
InflateRect

gdi32

GetTextColor
Rectangle
Ellipse
CreateFontW
CreateHatchBrush
SetBkMode
SetBkColor
SetTextColor
PtVisible
CreatePatternBrush
SaveDC
RestoreDC
SetStretchBltMode
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
GetClipBox
GetCurrentObject
DeleteObject
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateEllipticRgn
LPtoDP
GetBkColor
GetRgnBox
SetBitmapBits
GetBitmapBits
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
RoundRect
StretchBlt
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
CreateFontIndirectW
DPtoLP
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectW
GetMapMode
CreateDIBSection
DeleteDC
GetDeviceCaps
GetViewportExtEx
CreateDCW
GetPixel
GetTextExtentPointA
GetTextMetricsA
GetTextMetricsW
CreatePalette
CreateDIBitmap
Escape
ExtTextOutW
TextOutW
RectVisible
CreateBitmap

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteValueW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
GetUserNameW
RegDeleteKeyW
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
ShellExecuteExW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathRelativePathToW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantChangeType
VariantInit
VariantCopy
VariantClear
SafeArrayDestroy
OleCreateFontIndirect
GetErrorInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo

Exports

Exports

InitApp
MsgFilter
PlayFile
StartApp

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b8cf4765e2e09117e7b2bbf257c22be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

winmm

iphlpapi

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 441KB - Virtual size: 440KB

.data Size: 78KB - Virtual size: 339KB

.rsrc Size: 240KB - Virtual size: 244KB

.reloc Size: 167KB - Virtual size: 166KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 441KB - Virtual size: 440KB

.data
Size: 78KB - Virtual size: 339KB

.rsrc
Size: 240KB - Virtual size: 244KB

.reloc
Size: 167KB - Virtual size: 166KB