e67c43c02bb3f5cb3f640585add18de4385d860880378bf86dd9f4f998b02196

Sharing

Copy URL Twitter E-mail

General

Target

e67c43c02bb3f5cb3f640585add18de4385d860880378bf86dd9f4f998b02196
Size

975KB
MD5

7eb52be65b80d931bd6080f118478c85
SHA1

f2855470cd0b1dc696ced280493aa0793602db1f
SHA256

e67c43c02bb3f5cb3f640585add18de4385d860880378bf86dd9f4f998b02196
SHA512

e79145fd5ef93c55a92f83d4a86af2546db925dd09e0ee7b7d5eff32efd9cba50e60b2a396cbefa56b9d37c7de77ef1cdd4822e7f6d9f0a38f414cbb00c1f6f2
SSDEEP

12288:GgPFAHTFiqtJkwKsPy7rLpaDm8b0rXAgxT06SF1njo6+0SM:zPFAMqjPy7/paSYYQgxo6ixjX+0S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e67c43c02bb3f5cb3f640585add18de4385d860880378bf86dd9f4f998b02196

Files

e67c43c02bb3f5cb3f640585add18de4385d860880378bf86dd9f4f998b02196
.dll windows:6 windows x64 arch:x64

1f423a8d63ed6b6a0b8130d498c81f5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\x64\Release\krkrzHook64.pdb

Imports

kernel32

K32GetModuleInformation
GetThreadContext
GetProcAddress
VirtualAllocEx
ReadProcessMemory
GetModuleHandleW
FlushInstructionCache
CreateRemoteThread
GetExitCodeProcess
GetOEMCP
IsDBCSLeadByteEx
GetCPInfo
GetLocaleInfoW
CreateFileW
GetACP
SetCurrentDirectoryA
MultiByteToWideChar
CreateFileA
CreateThread
IsDBCSLeadByte
WideCharToMultiByte
CreateDirectoryA
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSectionEx
FormatMessageW
RaiseException
DecodePointer
DeleteCriticalSection
K32EnumProcessModules
GetCommandLineW
LoadLibraryW
GetCurrentDirectoryW
CreateDirectoryW
CreateDirectoryExA
RemoveDirectoryW
GetCurrentDirectoryA
DeleteFileA
DeleteFileW
SetCurrentDirectoryW
RemoveDirectoryA
CreateDirectoryExW
SetStdHandle
SetConsoleOutputCP
AllocConsole
LoadLibraryA
FindFirstFileW
VirtualProtect
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
DeviceIoControl
K32EnumProcessModulesEx
Thread32Next
Thread32First
GetFileAttributesW
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateProcessW
CreateProcessA
IsDebuggerPresent
VirtualQueryEx
InitializeCriticalSection
ReadFile
GetFileSizeEx
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
GetModuleHandleA
PostQueuedCompletionStatus
CreateEventW
SetEvent
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
ResumeThread
SuspendThread
WaitForSingleObject
K32GetModuleFileNameExW
SetEndOfFile
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetFilePointerEx
K32GetModuleBaseNameA
CloseHandle
GetLastError
Sleep
GetEnvironmentVariableW
lstrlenW
GetCurrentProcess
SetEnvironmentVariableW
WriteProcessMemory
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
RtlUnwind
GetFileType
GetFileInformationByHandle
GetDriveTypeW
RtlUnwindEx
VirtualQuery
GetSystemInfo
OpenThread
SetThreadContext
HeapAlloc
HeapReAlloc
HeapFree
HeapCreate
VirtualFree
VirtualAlloc
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
SwitchToThread
InterlockedFlushSList

user32

DialogBoxParamW
SetDlgItemTextA
CreateWindowExA
MessageBoxA
GetDlgItemTextW
SetWindowTextA
GetWindowTextW
GetWindowTextA
GetDlgItemTextA
DialogBoxParamA
SetWindowTextW
CreateWindowExW
SetWindowsHookExW
CharNextA
CharPrevExA
SetDlgItemTextW
CharPrevA
CharNextExA
MessageBoxW

gdi32

TextOutA
CreateFontIndirectA
CreateFontIndirectW
TextOutW

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptEnumProvidersA

shlwapi

StrStrIW
PathRemoveFileSpecW

ntdll

RtlPcToFileHeader

ws2_32

freeaddrinfo
WSAGetLastError
htons
htonl
getsockopt
WSARecv
WSAAddressToStringW
ntohs
ioctlsocket
getsockname
getpeername
WSAStartup
getaddrinfo
WSASocketW
WSASetLastError
listen
shutdown
ntohl
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
WSACleanup
setsockopt
connect

Exports

Exports

V2Link
V2LinkHookSTDCALL

Sections

.text
Size: 723KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 15.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f423a8d63ed6b6a0b8130d498c81f5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shlwapi

ntdll

ws2_32

Exports

Exports

Sections

.text Size: 723KB - Virtual size: 722KB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 32KB - Virtual size: 15.1MB

.pdata Size: 30KB - Virtual size: 30KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 723KB - Virtual size: 722KB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 32KB - Virtual size: 15.1MB

.pdata
Size: 30KB - Virtual size: 30KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 5KB - Virtual size: 4KB