7e8bc803e677c0b2fbc75c123a5efcb643297f44e02644f6cead78b4f8187767 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e8bc803e677c0b2fbc75c123a5efcb643297f44e02644f6cead78b4f8187767
Size

40KB
MD5

a385b986d05af7092e7a6069d6673045
SHA1

509d7279566d8e02b76efb6d5422c4f785bdcd13
SHA256

7e8bc803e677c0b2fbc75c123a5efcb643297f44e02644f6cead78b4f8187767
SHA512

d34d5ba60187c3eb67b59d52049c63094158da5372002fbb62066f76da2704574e172d7bb1a3f7ef84869b15249ef8695d62b3f97c8fb54b4b719b19c5a4fa25
SSDEEP

192:OMj8KLu0zFpdL+sv+++fBzOmyZ2fBPeg3CLis6pIY+slyW+sKihmfAwDnP:iYES+0JY5CYVQW+OhmoEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e8bc803e677c0b2fbc75c123a5efcb643297f44e02644f6cead78b4f8187767

Files

7e8bc803e677c0b2fbc75c123a5efcb643297f44e02644f6cead78b4f8187767
.dll windows:4 windows x86 arch:x86

5da2185f75930f206971a93722b8cbee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CallNextHookEx
RegisterWindowMessageW
SetWindowsHookExW
GetWindow
UnhookWindowsHookEx
GetClassNameW
SendMessageW
GetWindowModuleFileNameW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
Sleep
GetModuleFileNameW

msvcrt

wcscpy
wcscat
_wtoi
__dllonexit
_onexit
malloc
_initterm
_adjust_fdiv
??3@YAXPAX@Z
_wcsicmp
wcspbrk
_wcsnicmp
wcslen
??2@YAPAXI@Z
__CxxFrameHandler
wcsncmp
_wgetcwd
wcsstr
_itow
wcstok
wcscmp
free

Exports

Exports

InstallAppHook
InstallApsHooks
ReleaseAppsHooks
_ConfigHookHandler@12

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ