23529c08d0f498443a48ceffdbb338683ce4521e33819a0292fe871b1bdf497a

Sharing

Copy URL Twitter E-mail

General

Target

23529c08d0f498443a48ceffdbb338683ce4521e33819a0292fe871b1bdf497a
Size

113KB
MD5

8c1301ed7eb8f7f281968b86e42da67e
SHA1

a037367b31a1612fd1c93d0ac0f6828cbcfa3945
SHA256

23529c08d0f498443a48ceffdbb338683ce4521e33819a0292fe871b1bdf497a
SHA512

e95cc73789f46499d6cae4a7ecf87c73088d023c70d82dfac048ee253681dc26d7a6509283333cc3fb6a057e02b7d9f81a6494d373187357015bde91b24ba4ad
SSDEEP

1536:xRVxq8MegKwm15NQjSaQFnwQ41RTjxB0KNkuzJ4L7sVR:x9q8Memm152/QFnwQGBB0KN/zJ4L7s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23529c08d0f498443a48ceffdbb338683ce4521e33819a0292fe871b1bdf497a

Files

23529c08d0f498443a48ceffdbb338683ce4521e33819a0292fe871b1bdf497a
.dll windows:4 windows x64 arch:x64

6b7fa0fee4689971f06dbb212f4867f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LockResource
LoadResource
SizeofResource
FindResourceA
ExitProcess
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentProcessId
GetModuleFileNameA
GetCurrentThreadId
GetWindowsDirectoryA
CloseHandle
VirtualProtectEx
GetUserDefaultLangID
WriteProcessMemory
HeapReAlloc
CreateFileA
WriteConsoleW
GetConsoleOutputCP
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
WriteFile
GetConsoleCP
GetConsoleMode
Sleep
HeapSize
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA

user32

CallNextHookEx
ShowWindow
SetWindowsHookExA
PostMessageA
FindWindowA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EnableIpChangeHook
InstallHook
UnInstallHook

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PROCHOOK
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b7fa0fee4689971f06dbb212f4867f8

Headers

File Characteristics

Imports

kernel32

user32

version

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 31KB

.pdata Size: 4KB - Virtual size: 4KB

PROCHOOK Size: 16KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 31KB

.pdata
Size: 4KB - Virtual size: 4KB

PROCHOOK
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 1KB - Virtual size: 1KB