2c49d87ff550decdde25d72bd9f0cdf5afc952936451f501abea111c9d38a697

Sharing

Copy URL Twitter E-mail

General

Target

2c49d87ff550decdde25d72bd9f0cdf5afc952936451f501abea111c9d38a697
Size

1.4MB
MD5

873b81346a010c7207d9c2a8c278de10
SHA1

08c90c884c04043e16275ad5dfa72a2a322fe3e9
SHA256

2c49d87ff550decdde25d72bd9f0cdf5afc952936451f501abea111c9d38a697
SHA512

c1d61042c96aba646557a0692f9b44db2c9d73261de1f2b2d07200c3e3f4fa8a428464a95b635199151f8118c61672bb5f4525799890ea5747c5778d3d46bcbc
SSDEEP

24576:j6t6c0OEhxgAB0PypJHKP1KvP3GxJqITxSD2YQuJOexup7SBBjYbEfJooAjR1lyW:udMhxJ/2JqYxSDRQuJOexqSfj+EfJoo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c49d87ff550decdde25d72bd9f0cdf5afc952936451f501abea111c9d38a697

Files

2c49d87ff550decdde25d72bd9f0cdf5afc952936451f501abea111c9d38a697
.dll windows:6 windows x86 arch:x86

e42a4abd2b3dbda324169cdf24795402

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\Release\wolfHook3.pdb

Imports

kernel32

WideCharToMultiByte
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoW
GetCurrentProcess
lstrcpyW
SetStdHandle
OutputDebugStringA
OutputDebugStringW
ReadProcessMemory
GetModuleFileNameW
AllocConsole
SetConsoleOutputCP
GetCommandLineW
SetEnvironmentVariableW
CloseHandle
GetLastError
PostQueuedCompletionStatus
CancelIoEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
Sleep
WaitForMultipleObjects
QueueUserAPC
GetCurrentProcessId
GetCurrentThreadId
OpenThread
TerminateThread
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualQueryEx
GetModuleFileNameA
MultiByteToWideChar
LoadLibraryA
LocalFree
FormatMessageA
FormatMessageW
GetStartupInfoA
K32EnumProcessModules
K32GetModuleInformation
CreateToolhelp32Snapshot
Thread32First
Thread32Next
QueryPerformanceCounter
SleepEx
GetTickCount
GetTickCount64
LoadLibraryW
VerSetConditionMask
SetLastError
HeapCreate
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
CreateEventW
SetWaitableTimer
CreateWaitableTimerW
GetModuleHandleA
VerifyVersionInfoW
lstrlenW
CreateThread
CreateFileW
SetEndOfFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
HeapQueryInformation
HeapSize
GetProcAddress
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ExitThread
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateDirectoryW
ReadFile
GetSystemInfo
HeapValidate
GetFullPathNameW
GetDriveTypeW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
RtlUnwind
VirtualQuery
VirtualFree
VirtualAlloc
SetThreadContext
GetThreadContext
HeapFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLocaleInfoEx
QueryPerformanceFrequency
RaiseException
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
HeapDestroy
HeapAlloc
HeapReAlloc

user32

MessageBoxW
GetMessageTime
SetTimer
IsWindowVisible
SetWindowTextW
GetWindowTextW
GetClassNameW
CallWindowProcW
GetKeyboardState
ToAscii
IsWindowUnicode
GetWindowLongA
GetWindowLongW
SetWindowLongA
SetWindowLongW

gdi32

CreateFontW
GetGlyphOutlineW

ws2_32

bind
WSAGetLastError
WSACleanup
WSAStartup
__WSAFDIsSet
accept
connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons
listen
ntohl
ntohs
select
setsockopt
shutdown
WSASetLastError
WSAIoctl
WSARecv
WSASocketW
WSAAddressToStringW
getaddrinfo
freeaddrinfo
WSASend
closesocket

winmm

timeSetEvent
timeGetTime

shlwapi

StrStrA
PathRemoveFileSpecW
PathRemoveFileSpecA
StrStrW
StrCmpIW

advapi32

CryptEnumProvidersA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e42a4abd2b3dbda324169cdf24795402

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ws2_32

winmm

shlwapi

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 24KB - Virtual size: 296KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 24KB - Virtual size: 296KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 42KB - Virtual size: 41KB