b7fa5dc92342d1f6d2020de5f3f6395032d68d836a322470ec37000d7853dc30

Sharing

Copy URL

Twitter E-mail

General

Target

b7fa5dc92342d1f6d2020de5f3f6395032d68d836a322470ec37000d7853dc30
Size

1.4MB
MD5

16252d46fe685812e140e34d230eb454
SHA1

d475b131c896b3dcf349f49311d93a7861a61073
SHA256

b7fa5dc92342d1f6d2020de5f3f6395032d68d836a322470ec37000d7853dc30
SHA512

6b28d3108880f8062bf75c01b0823ef645c3a0d7e95e0ca166aa4bc85496e4ed6604b23ac1cba2208babbe25a553363138671885073135c27c7b3d096b41c367
SSDEEP

24576:a6t6c0OEhxgAB0PypJHKP1KvP3GxJqITxSD2YQuJOexup7SBBjYbEfJooAjR1lyW:3dMhxJ/2JqYxSDRQuJOexqSfj+EfJoo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7fa5dc92342d1f6d2020de5f3f6395032d68d836a322470ec37000d7853dc30

Files

b7fa5dc92342d1f6d2020de5f3f6395032d68d836a322470ec37000d7853dc30
.dll windows:6 windows x86 arch:x86

e42a4abd2b3dbda324169cdf24795402

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\Release\wolfHook3.pdb

Imports

kernel32

WideCharToMultiByte
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoW
GetCurrentProcess
lstrcpyW
SetStdHandle
OutputDebugStringA
OutputDebugStringW
ReadProcessMemory
GetModuleFileNameW
AllocConsole
SetConsoleOutputCP
GetCommandLineW
SetEnvironmentVariableW
CloseHandle
GetLastError
PostQueuedCompletionStatus
CancelIoEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
Sleep
WaitForMultipleObjects
QueueUserAPC
GetCurrentProcessId
GetCurrentThreadId
OpenThread
TerminateThread
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualQueryEx
GetModuleFileNameA
MultiByteToWideChar
LoadLibraryA
LocalFree
FormatMessageA
FormatMessageW
GetStartupInfoA
K32EnumProcessModules
K32GetModuleInformation
CreateToolhelp32Snapshot
Thread32First
Thread32Next
QueryPerformanceCounter
SleepEx
GetTickCount
GetTickCount64
LoadLibraryW
VerSetConditionMask
SetLastError
HeapCreate
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
CreateEventW
SetWaitableTimer
CreateWaitableTimerW
GetModuleHandleA
VerifyVersionInfoW
lstrlenW
CreateThread
CreateFileW
SetEndOfFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
HeapQueryInformation
HeapSize
GetProcAddress
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ExitThread
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateDirectoryW
ReadFile
GetSystemInfo
HeapValidate
GetFullPathNameW
GetDriveTypeW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
RtlUnwind
VirtualQuery
VirtualFree
VirtualAlloc
SetThreadContext
GetThreadContext
HeapFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLocaleInfoEx
QueryPerformanceFrequency
RaiseException
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
HeapDestroy
HeapAlloc
HeapReAlloc

user32

MessageBoxW
GetMessageTime
SetTimer
IsWindowVisible
SetWindowTextW
GetWindowTextW
GetClassNameW
CallWindowProcW
GetKeyboardState
ToAscii
IsWindowUnicode
GetWindowLongA
GetWindowLongW
SetWindowLongA
SetWindowLongW

gdi32

CreateFontW
GetGlyphOutlineW

ws2_32

bind
WSAGetLastError
WSACleanup
WSAStartup
__WSAFDIsSet
accept
connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons
listen
ntohl
ntohs
select
setsockopt
shutdown
WSASetLastError
WSAIoctl
WSARecv
WSASocketW
WSAAddressToStringW
getaddrinfo
freeaddrinfo
WSASend
closesocket

winmm

timeSetEvent
timeGetTime

shlwapi

StrStrA
PathRemoveFileSpecW
PathRemoveFileSpecA
StrStrW
StrCmpIW

advapi32

CryptEnumProvidersA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e42a4abd2b3dbda324169cdf24795402

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ws2_32

winmm

shlwapi

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 24KB - Virtual size: 296KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 24KB - Virtual size: 296KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 42KB - Virtual size: 41KB