2eea0d821b76d121712ef0fcd894661692538921ce5c419aec560f8a8cbe8ad7

Sharing

Copy URL

Twitter E-mail

General

Target

2eea0d821b76d121712ef0fcd894661692538921ce5c419aec560f8a8cbe8ad7
Size

598KB
MD5

ab5174183ab559cfbe147a64918e166b
SHA1

e04f74673a79dac17dd910321b148ff6b0195ad1
SHA256

2eea0d821b76d121712ef0fcd894661692538921ce5c419aec560f8a8cbe8ad7
SHA512

20940aaa0b0fb84dd41c716b4555ac370cf5ac1ab70f5b1ebdad08e6e67f3f21d0bef82e369bdd35875b0557202cc55fbf437f8dd6a5f03990fef516c8e3d3cb
SSDEEP

12288:2t7Qdj3JZYZAY/WJ6pU+Thfk5+5GlSAlfYkX83JdsIEjXtAx:2YbLYZd/WJ6pzq5+5GlvI3xEjXO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eea0d821b76d121712ef0fcd894661692538921ce5c419aec560f8a8cbe8ad7

Files

2eea0d821b76d121712ef0fcd894661692538921ce5c419aec560f8a8cbe8ad7
.dll windows:5 windows x64 arch:x64

b99f9a62fe823558933b8e1e64f381b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\WorkshopAgent\DevelopProj2\THook\Trunk\Bin\Release\THooksv364.pdb

Imports

kernel32

FindNextFileW
FindFirstFileW
GetSystemInfo
DeleteFileA
RemoveDirectoryA
lstrcmpA
SetFileAttributesA
DeleteFileW
RemoveDirectoryW
lstrcmpW
SetFileAttributesW
CopyFileA
MoveFileA
MoveFileExA
GetFileAttributesExW
GetCommandLineW
SetEvent
OpenEventA
WriteFile
SetFilePointer
OutputDebugStringW
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
FreeLibrary
OpenProcess
CreateThread
GetFileInformationByHandle
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
VirtualProtectEx
GetModuleHandleA
GetProcAddress
FindFirstFileA
GetFileAttributesA
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetLocalTime
GetCurrentProcessId
QueryDosDeviceW
GetDriveTypeA
DefineDosDeviceA
QueryDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetTempPathW
GetTempPathA
CopyFileW
MoveFileExW
CreateDirectoryW
CreateDirectoryA
GetFileAttributesW
MoveFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
FindNextFileA
FindClose
LoadLibraryA
IsBadWritePtr
GetProfileStringA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
GetLastError
Sleep
CreateFileW
GetFileSize
ReadFile
CloseHandle
LocalFree
GetTickCount
GetUserDefaultLCID
FatalAppExitA
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadResource
FindResourceExA
lstrlenA
lstrlenW
GetVersionExA
FormatMessageA
GetACP
FormatMessageW
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
CreateEventA
PulseEvent
ResetEvent
WaitForMultipleObjects
CreateProcessA
CreateProcessW
TerminateProcess
SuspendThread
ResumeThread
TerminateThread
SetPriorityClass
GetPriorityClass
SetThreadPriority
GetThreadPriority
GetCommandLineA
VirtualQueryEx
LoadLibraryW
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
FlsSetValue
RaiseException
RtlPcToFileHeader
GetCPInfo
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
HeapFree
HeapSize
GetModuleHandleW
ExitProcess
LCMapStringW
CompareStringW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy

user32

GetClassNameW
GetWindowLongA
GetWindowRect
RegisterWindowMessageA
GetUpdateRgn
GetForegroundWindow
PostThreadMessageA
IsChild
GetClassNameA
CallNextHookEx
OpenClipboard
EmptyClipboard
CloseClipboard
SetTimer
GetKeyState
FindWindowW
PostMessageA
KillTimer
GetClientRect
ClientToScreen
UnhookWindowsHookEx
GetCursorPos
WindowFromPoint
GetDesktopWindow
EnumChildWindows
EnumWindows
InternalGetWindowText
GetWindowTextA
EnumDesktopWindows
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
MsgWaitForMultipleObjects
GetSystemMetrics
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
SetWindowsHookExA
GetParent
ShowWindow
IsWindowVisible
DestroyWindow
GetWindowThreadProcessId
GetWindowTextW

gdi32

CreateRectRgn
GetRegionData
DeleteObject

advapi32

RegCreateKeyExW
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegConnectRegistryA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
SetFileSecurityA
RegSetKeySecurity
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW

shell32

CommandLineToArgvW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

AddHotkey
DelHotkey
DelHotkeyAll
DisablePrintScreen
EnablePrintScreen
GetLastActiveTick
IsDisablePrintScreen
IsKeyboardHookSet
IsLocked
LockDesktop
RefreshPassthruProcess
SetCallWndProcHook
SetHook
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHook
UnlockDesktop

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ThooksV3
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b99f9a62fe823558933b8e1e64f381b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

version

Exports

Exports

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 9KB - Virtual size: 40KB

.pdata Size: 32KB - Virtual size: 31KB

ThooksV3 Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 9KB - Virtual size: 40KB

.pdata
Size: 32KB - Virtual size: 31KB

ThooksV3
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB