98707ec0081ac14452b04e405de36c189b8b17b13018e1444c5e8d4d60c53597

Sharing

Copy URL

Twitter E-mail

General

Target

98707ec0081ac14452b04e405de36c189b8b17b13018e1444c5e8d4d60c53597
Size

946KB
MD5

a4632ffebf20693377ed68d6f8666c9a
SHA1

eb075d311b9129695d85302248ce95840c6abd65
SHA256

98707ec0081ac14452b04e405de36c189b8b17b13018e1444c5e8d4d60c53597
SHA512

12e7173f335e2e7297d388759da193332e6f3757e1aea5d338e343c67c5d98f6f32aadb78ed7e941ce8041c75f4e060aeabf06671cc59a4f1f9959bab1885526
SSDEEP

12288:y3Kt+cs/udJxSmHkgcjSE8gVqxMOLZUuXJP5WZZdPNo0Qlzs5y4CY:y3KtmS7kgcjSE8gVqKOauZPsbT9wsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98707ec0081ac14452b04e405de36c189b8b17b13018e1444c5e8d4d60c53597

Files

98707ec0081ac14452b04e405de36c189b8b17b13018e1444c5e8d4d60c53597
.dll windows:6 windows x64 arch:x64

a4579ab022e7af205eec28c5ab057d9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\x64\Release\krkrzHook64.pdb

Imports

kernel32

GetCPInfo
GetLocaleInfoW
CreateThread
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
GetModuleFileNameW
lstrlenW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
CreateDirectoryExW
RemoveDirectoryW
DeleteFileA
GetCurrentDirectoryA
CreateDirectoryExA
RemoveDirectoryA
GetProcAddress
GetModuleHandleW
AllocConsole
SetConsoleOutputCP
SetStdHandle
LoadLibraryW
CloseHandle
GetCurrentProcess
LoadLibraryA
Sleep
VirtualQueryEx
ReadProcessMemory
K32EnumProcessModules
K32GetModuleInformation
CreateToolhelp32Snapshot
GetCurrentProcessId
Thread32First
Thread32Next
VirtualProtect
GetCommandLineW
IsDebuggerPresent
InitializeCriticalSection
FormatMessageA
GetOEMCP
LocalFree
TlsAlloc
CreateEventW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
TerminateThread
QueueUserAPC
WaitForSingleObject
SetEvent
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
VerSetConditionMask
VerifyVersionInfoW
CreateWaitableTimerW
GetModuleHandleA
ReadFile
FindFirstFileW
FindNextFileW
GetFileSizeEx
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
CreateFileA
SetCurrentDirectoryA
WriteConsoleW
SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteFile
CreateDirectoryA
GetACP
IsDBCSLeadByteEx
IsDBCSLeadByte
FormatMessageW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
RtlUnwindEx
VirtualQuery
GetSystemInfo
OpenThread
SetThreadContext
FlushInstructionCache
GetThreadContext
HeapAlloc
RtlUnwind
HeapReAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
RtlPcToFileHeader
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
SwitchToThread
InterlockedFlushSList
VirtualAlloc
VirtualFree
HeapCreate
HeapFree
SuspendThread
ResumeThread

user32

CharPrevExA
CreateWindowExW
GetWindowTextW
SetWindowTextW
DialogBoxParamW
GetDlgItemTextW
CharNextA
MessageBoxA
CreateWindowExA
GetWindowTextA
SetWindowTextA
DialogBoxParamA
GetDlgItemTextA
SetDlgItemTextA
SetWindowsHookExW
MessageBoxW
CharPrevA
SetDlgItemTextW
CharNextExA

gdi32

CreateFontIndirectA
CreateFontIndirectW
TextOutW
TextOutA

shlwapi

PathRemoveFileSpecW

ws2_32

closesocket
getsockname
ioctlsocket
shutdown
select
WSAIoctl
WSAGetLastError
listen
WSARecv
WSASend
WSASocketW
setsockopt
WSAAddressToStringW
getaddrinfo
freeaddrinfo
ntohl
htonl
htons
WSAStartup
WSACleanup
__WSAFDIsSet
accept
bind
connect
getsockopt
getpeername
WSASetLastError
ntohs

advapi32

CryptEnumProvidersA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

Exports

Exports

V2Link
V2LinkHookSTDCALL

Sections

.text
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4579ab022e7af205eec28c5ab057d9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shlwapi

ws2_32

advapi32

Exports

Exports

Sections

.text Size: 700KB - Virtual size: 699KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 30KB - Virtual size: 15.0MB

.pdata Size: 30KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 700KB - Virtual size: 699KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 30KB - Virtual size: 15.0MB

.pdata
Size: 30KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 5KB - Virtual size: 4KB