63ce772f06de8d73b3e7df84144d15e057bbea1f013bdcb80a32aa7b7751f239

Sharing

Copy URL

Twitter E-mail

General

Target

63ce772f06de8d73b3e7df84144d15e057bbea1f013bdcb80a32aa7b7751f239
Size

958KB
MD5

50bb8a830f44cf56a23bc6caa62e8089
SHA1

f3c6f94582d5e94e84249737be0b8b5d54499b0e
SHA256

63ce772f06de8d73b3e7df84144d15e057bbea1f013bdcb80a32aa7b7751f239
SHA512

e88bc4cf961809862710073949ce13631b57f1afbd050a8d8055ee2101971d4d141e4e26837360f90e22667b5253c892f8141e6b06702d7a4cd5efb376c93b17
SSDEEP

24576:g0MBZOAMfS1w+UAlHsvf+wg4kJ7tR32mv:g0q+f+UAq2wg4kJ7xv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63ce772f06de8d73b3e7df84144d15e057bbea1f013bdcb80a32aa7b7751f239

Files

63ce772f06de8d73b3e7df84144d15e057bbea1f013bdcb80a32aa7b7751f239
.dll windows:6 windows x86 arch:x86

bf0875dd32a2841156df679d03839923

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\pc\Documents\pcfiles\projects\MetaHookSv\Release\VGUI2Extension.pdb

Imports

kernel32

TlsGetValue
TlsFree
MultiByteToWideChar
FindClose
HeapSize
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
DeleteCriticalSection
SetStdHandle
SetFilePointerEx
GetFileSizeEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
RaiseException
CloseHandle
GetThreadPriority
TlsAlloc
GetCurrentThread
GetLastError
Sleep
InitializeCriticalSectionAndSpinCount
TlsSetValue
IsDebuggerPresent
GetCommandLineA
LoadLibraryA
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringA
EnterCriticalSection
QueryPerformanceCounter
GetSystemInfo
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
QueryPerformanceFrequency
GetCurrentThreadId
WideCharToMultiByte
GetVersionExA
GetCurrentProcessId
GetModuleHandleA
FreeLibrary
GetProcAddress
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetStartupInfoW
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwind
InterlockedFlushSList
SetLastError
LoadLibraryExW
ExitProcess
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
GetModuleFileNameW
HeapReAlloc
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
WriteConsoleW

user32

GetIconInfo
GetWindowThreadProcessId
SetWindowLongA
CallWindowProcA
GetWindowLongA
EnumWindows
RealGetWindowClassA
keybd_event
GetKeyboardLayoutList
GetKeyboardLayout
ActivateKeyboardLayout
GetDC
ReleaseDC
DestroyIcon

gdi32

RemoveFontResourceA
DeleteDC
SetTextAlign
SetMapMode
CreateCompatibleDC
GetDIBits
GetObjectA
AddFontResourceA
ExtTextOutW
ExtTextOutA
GetTextMetricsA
CreateFontA
SelectObject
CreateDIBSection
GetTextExtentPoint32A
EnumFontFamiliesExA
GetCharABCWidthsA
SetTextColor
SetBkMode
GetCharABCWidthsW
MoveToEx
SetBkColor
GetGlyphOutlineW
DeleteObject
GetDeviceCaps

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetFileInfoA

imm32

ImmNotifyIME
ImmSetConversionStatus
ImmSetCandidateWindow
ImmGetCandidateListW
ImmGetProperty
ImmGetConversionStatus
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

Exports

Exports

CreateInterface

Sections

.text
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf0875dd32a2841156df679d03839923

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

imm32

Exports

Exports

Sections

.text Size: 678KB - Virtual size: 678KB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 22KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 678KB - Virtual size: 678KB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 22KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 73KB - Virtual size: 72KB