4e1f0f21c2426ccf9b26879b58a533cf89ec981dd3ef33df74f8b7f29e4263e1

Sharing

Copy URL Twitter E-mail

General

Target

4e1f0f21c2426ccf9b26879b58a533cf89ec981dd3ef33df74f8b7f29e4263e1
Size

76KB
MD5

37b86d1502a214ec3ca56cd25788099e
SHA1

c1942362e3e4854cd7f6943950fbbc6709d9184c
SHA256

4e1f0f21c2426ccf9b26879b58a533cf89ec981dd3ef33df74f8b7f29e4263e1
SHA512

de296a35d9a1b7b3d57b25b6faec864b66196343d44a0fc2f5598a45a88a14cc0f6c47559efce8a9637273bae74f05672258430b5a58f33a4e00dc5d1615d423
SSDEEP

1536:NlrPlypfVrAciNO4OvqESOC6LZO2BXuZGVoEQXD+65+61E:CTcccOC6LZpBXLVofbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e1f0f21c2426ccf9b26879b58a533cf89ec981dd3ef33df74f8b7f29e4263e1

Files

4e1f0f21c2426ccf9b26879b58a533cf89ec981dd3ef33df74f8b7f29e4263e1
.exe windows:4 windows x86 arch:x86

dda96381c522c7b5d0f1a03da5274040

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\codesvn\鼠标记录\KBaseProject\release\KMouseClick.pdb

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
GetSystemDirectoryW
GetVolumeInformationW
GetPrivateProfileStringW
WritePrivateProfileStringW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
Sleep
GetVersionExW
WideCharToMultiByte
GetProcAddress
GlobalFree
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
OpenProcess
GetModuleFileNameW
CreateFileMappingA
UnmapViewOfFile
GetTickCount
MapViewOfFile
OpenFileMappingA
CloseHandle
GlobalAlloc

user32

GetWindowLongW
GetParent
wsprintfW
SetWindowPos
SetForegroundWindow
SendMessageW
GetDC
ReleaseDC
GetCursorPos
SendInput
RegisterHotKey
MessageBoxW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
GetSystemMetrics
CreateWindowExW
ShowWindow
UpdateWindow
GetWindowTextW
GetWindowThreadProcessId
WindowFromPoint
EndDialog
EndPaint
BeginPaint
GetAsyncKeyState
DefWindowProcW
DestroyWindow
DialogBoxParamW
InvalidateRect
UnregisterHotKey
KillTimer
SetTimer

gdi32

SelectObject
CreateSolidBrush
SetTextColor
GetStockObject
RoundRect
TextOutW
SetBkMode
CreateFontW

shell32

ShellExecuteA

gdiplus

GdipDeletePen
GdipSetPenColor
GdipCreatePen1
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawEllipse
GdiplusStartup

comctl32

ord17

psapi

GetModuleFileNameExW

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

shlwapi

StrStrIA

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
memmove
sprintf_s
exit
memset
??3@YAXPAX@Z
strlen
_wtoi
wcstoul
wcscat_s
wcscpy
wcslen

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dda96381c522c7b5d0f1a03da5274040

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

gdiplus

comctl32

psapi

wininet

shlwapi

msvcr80

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 21KB