5729c25ac06fd64452c26e2d80c33e4e70897619880a7971fe7114bbfa9b1fda

Sharing

Copy URL Twitter E-mail

General

Target

5729c25ac06fd64452c26e2d80c33e4e70897619880a7971fe7114bbfa9b1fda
Size

399KB
MD5

2497ca8a0c75394cadb8b378cd85c95a
SHA1

47bf7563c3cde2ec8810a1c7dcab56cc808798f5
SHA256

5729c25ac06fd64452c26e2d80c33e4e70897619880a7971fe7114bbfa9b1fda
SHA512

6ffdda1d639cdfcdb0d761a0e589be241cff9783fcba08591177c320bc427a3d74231e46111f720c5c4a76c5c08d1b72d60087a78b12b5f3e29de56f09e90105
SSDEEP

12288:o4OqbcM+pDkMRZU7m241sX0wHw6mMGTJ6Zw:VOwcMekU4mcflDZw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/devinhook.dll

Files

5729c25ac06fd64452c26e2d80c33e4e70897619880a7971fe7114bbfa9b1fda
.zip
1.cfg
devinhook.dll
.dll windows:6 windows x86 arch:x86

18b935dcc59e65ad9e1603f2d45ddb22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
SetUnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter

user32

FindWindowA

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?copyfmt@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV12@ABV12@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
_Thrd_sleep
_Xtime_get_ticks
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

memset
_purecall
__std_terminate
__std_exception_copy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
memchr
memcpy
memmove
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

atoi
strtoull
atof
strtoul
_wtof
_wtoi
strtol
strtoll
strtod

api-ms-win-crt-string-l1-1-0

tolower
toupper
isxdigit
isdigit

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_errno
terminate
_crt_atexit
_initterm_e
_seh_filter_dll
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

fclose
fgetc
fflush
fputc
fwrite
fgetpos
__stdio_common_vsprintf
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

remainderf
_fdtest
round
__libm_sse2_acosf
__libm_sse2_expf
_CIfmod
__libm_sse2_asinf
__libm_sse2_powf
__libm_sse2_sinf
_except1
__libm_sse2_tanf
ceil
fminf
roundf
__libm_sse2_atanf
_dtest
__libm_sse2_cosf
_dsign

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

api-ms-win-crt-locale-l1-1-0

localeconv

Sections

.text
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18b935dcc59e65ad9e1603f2d45ddb22

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 826KB - Virtual size: 826KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 166KB - Virtual size: 188KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 826KB - Virtual size: 826KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 166KB - Virtual size: 188KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 55KB - Virtual size: 55KB