a7c3d569e41299bfc00250a4b2c336aaab7d4ff1cfdca56d30c8690534048a85

Sharing

Copy URL

Twitter E-mail

General

Target

a7c3d569e41299bfc00250a4b2c336aaab7d4ff1cfdca56d30c8690534048a85
Size

1.1MB
MD5

820d72231d40c873b56f554eb5b95c68
SHA1

b4327f15da937ed2f8296096a8d6f4c8d37b248e
SHA256

a7c3d569e41299bfc00250a4b2c336aaab7d4ff1cfdca56d30c8690534048a85
SHA512

ff893f921b115e8e43a255a863d90413b55359871eb62349364aea77d3d7d9c22bb19f7ea869b6ceea2003268404e63efa041e075d53163d6e4672b0ce036f72
SSDEEP

24576:j6xN5seLMtSnojtPgYfmrPgIE4Lj5PtGmlzVYerHm:GxLsoPgJ4Lj51GmlzVYerHm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c3d569e41299bfc00250a4b2c336aaab7d4ff1cfdca56d30c8690534048a85

Files

a7c3d569e41299bfc00250a4b2c336aaab7d4ff1cfdca56d30c8690534048a85
.dll windows:6 windows x86 arch:x86

9b62fbae85ab1ea24083b48f1d4f157b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\Release\krkr2Hook.pdb

Imports

kernel32

lstrlenW
GetCommandLineW
GetCurrentDirectoryW
SetErrorMode
GetProcAddress
LoadLibraryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
GetModuleHandleW
CreateDirectoryExA
CreateDirectoryExW
OutputDebugStringW
SetStdHandle
AllocConsole
SetConsoleOutputCP
CloseHandle
Sleep
GetCurrentProcess
CreateThread
LoadLibraryA
K32EnumProcessModulesEx
K32GetModuleBaseNameA
K32GetModuleInformation
GetEnvironmentVariableW
SetEnvironmentVariableW
IsDebuggerPresent
WaitForSingleObject
GetCurrentProcessId
CreateRemoteThread
GetCurrentThread
SuspendThread
ResumeThread
GetThreadContext
VirtualProtect
VirtualAllocEx
VirtualQueryEx
GetModuleFileNameW
WriteProcessMemory
K32EnumProcessModules
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleA
LocalFree
FormatMessageA
FormatMessageW
VerifyVersionInfoW
GetLocaleInfoW
GetCPInfo
WriteConsoleW
SetEndOfFile
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
ReadProcessMemory
GetOEMCP
GetACP
WideCharToMultiByte
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitThread
ReadFile
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
MultiByteToWideChar
GetFullPathNameW
GetDriveTypeW
RtlUnwind
VirtualQuery
OpenThread
SetThreadContext
FlushInstructionCache
HeapAlloc
HeapReAlloc
HeapFree
HeapCreate
SleepEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
GetStringTypeW
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
SwitchToThread
InterlockedFlushSList
VirtualAlloc
VirtualFree

user32

SetDlgItemTextW
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
SetWindowTextW
GetWindowTextA
GetWindowTextW
MessageBoxA
DialogBoxParamW
DialogBoxParamA
CreateWindowExW
CreateWindowExA
MessageBoxW
SetWindowTextA

gdi32

TextOutA
CreateFontIndirectW
CreateFontIndirectA
TextOutW

advapi32

CryptGenRandom
RegGetValueW
RegOpenKeyW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptEnumProvidersA

oleaut32

VariantClear
VariantInit

shlwapi

StrStrIW
StrCmpW
PathRemoveFileSpecW

ws2_32

closesocket
__WSAFDIsSet
connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons
bind
listen
ntohl
ntohs
select
shutdown
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASocketW
WSAAddressToStringW
getaddrinfo
accept
freeaddrinfo
setsockopt

Exports

Exports

V2LinkHook
_V2LinkHookSTDCALL@4
doEvals

Sections

.text
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b62fbae85ab1ea24083b48f1d4f157b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

oleaut32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 880KB - Virtual size: 879KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 29KB - Virtual size: 15.0MB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 880KB - Virtual size: 879KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 29KB - Virtual size: 15.0MB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 32KB - Virtual size: 32KB