fdf27bcf6c021e0fc074cd86b18c781c0c5f081f63f4ce12f699f703f81f0495

Sharing

Copy URL Twitter E-mail

General

Target

fdf27bcf6c021e0fc074cd86b18c781c0c5f081f63f4ce12f699f703f81f0495
Size

1.3MB
MD5

2ad0690c2623ad39bcb0adc092d0f40e
SHA1

3b9c9ec911eb2a46a434253c8a9a5605b5478115
SHA256

fdf27bcf6c021e0fc074cd86b18c781c0c5f081f63f4ce12f699f703f81f0495
SHA512

02b212d1890c834b6b2ec6ef14c469348ad96dab76afab17739620ae3e6f98038c7195459f4c78a57f7185141c37736cb44bfc7dcc402efd400ac075191de78b
SSDEEP

24576:ZIp6PjyEOIMMWFZsz7ZEm7diG7oaGSOtJXEgGkkkkkkkzuo:ZIpIWEOI7mZs3ZEm7deftyo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdf27bcf6c021e0fc074cd86b18c781c0c5f081f63f4ce12f699f703f81f0495

Files

fdf27bcf6c021e0fc074cd86b18c781c0c5f081f63f4ce12f699f703f81f0495
.dll windows:6 windows x64 arch:x64

1e50040cdd166d17ac8de2431b381817

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\82cac59564031c74\keyman\windows\src\engine\keyman32\bin\x64\Release\keyman64.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalAlloc
LocalFree
GetCommandLineA
GetLocaleInfoW
GlobalGetAtomNameA
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
GlobalAddAtomA
SetEvent
OpenEventA
MapViewOfFile
UnmapViewOfFile
OpenMutexA
OpenFileMappingA
MultiByteToWideChar
GetVersionExA
GetModuleFileNameA
RaiseException
GetCurrentProcess
SetEndOfFile
HeapSize
CreateFileW
SetStdHandle
HeapReAlloc
GetProcessHeap
SetEnvironmentVariableW
FormatMessageA
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
WriteFile
HeapAlloc
HeapFree
GetLastError
CloseHandle
GetTempFileNameA
GetTempPathA
CreateFileA
GetVersion
GetModuleFileNameW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
SetLastError
FreeEnvironmentStringsW
GetModuleHandleA
TryEnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
ExitProcess
ReadFile
WriteConsoleW
GetModuleHandleExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceFrequency
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetLocaleInfoEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetStdHandle
GetFileType

user32

MessageBeep
GetKeyState
GetMessageExtraInfo
GetKeyboardState
GetKeyboardLayoutNameA
MapVirtualKeyExA
PtInRect
WindowFromPoint
SetForegroundWindow
MapVirtualKeyA
CallNextHookEx
FindWindowA
GetParent
GetActiveWindow
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExW
GetForegroundWindow
keybd_event
RegisterWindowMessageA
GetWindowThreadProcessId
GetClassNameA
SendMessageTimeoutA
SetKeyboardState
wsprintfA
GetGUIThreadInfo
GetKeyboardLayout
wsprintfW
ClientToScreen
GetCaretPos
GetWindowRect
GetSystemMetrics
GetFocus
SetWindowPos
ShowWindow
IsChild
IsWindowUnicode
PostMessageA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
GetSecurityDescriptorSacl
CreateWellKnownSid
RegSetValueExW
RegQueryValueExW
RegEnumValueA
EventUnregister
EventRegister
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
EventWrite

ole32

CoCreateGuid
StringFromGUID2
IIDFromString

Exports

Exports

GetActiveKeymanID
GetKeyboardPreservedKeys
KMDisplayIM
KMGetActiveKeyboard
KMGetContext
KMGetKeyboardPath
KMHideIM
KMQueueAction
KMSetOutput
Keyman_Diagnostic
Keyman_Exit
Keyman_GetInitialised
Keyman_GetLastActiveWindow
Keyman_GetLastFocusWindow
Keyman_Initialise
Keyman_PostControllers
Keyman_PostMasterController
Keyman_RegisterControllerThread
Keyman_RegisterControllerWindow
Keyman_RegisterMasterController
Keyman_ResetInitialisation
Keyman_RestartEngine
Keyman_SendDebugEntry
Keyman_SendDebugExit
Keyman_SendMasterController
Keyman_StartExit
Keyman_UnregisterControllerThread
Keyman_UnregisterControllerWindow
Keyman_UnregisterMasterController
Keyman_WriteDebugEvent
Keyman_WriteDebugEvent2W
Keyman_WriteDebugEventW
SetCustomPostKeyCallback
TIPActivateEx
TIPActivateKeyboard
TIPIsKeymanRunning
TIPProcessKey
km_core_context_clear
km_core_context_get
km_core_context_item_list_size
km_core_context_items_dispose
km_core_context_length
km_core_context_set
km_core_cu_dispose
km_core_event
km_core_get_engine_attrs
km_core_keyboard_dispose
km_core_keyboard_get_attrs
km_core_keyboard_get_imx_list
km_core_keyboard_get_key_list
km_core_keyboard_imx_list_dispose
km_core_keyboard_key_list_dispose
km_core_keyboard_load
km_core_options_list_size
km_core_process_event
km_core_process_queued_actions
km_core_state_action_items
km_core_state_app_context
km_core_state_clone
km_core_state_context
km_core_state_context_clear
km_core_state_context_debug
km_core_state_context_set_if_needed
km_core_state_create
km_core_state_dispose
km_core_state_get_actions
km_core_state_get_intermediate_context
km_core_state_imx_deregister_callback
km_core_state_imx_register_callback
km_core_state_option_lookup
km_core_state_options_to_json
km_core_state_options_update
km_core_state_queue_action_items
km_core_state_to_json

Sections

.text
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHARDAT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e50040cdd166d17ac8de2431b381817

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 774KB - Virtual size: 773KB

.rdata Size: 493KB - Virtual size: 493KB

.data Size: 15KB - Virtual size: 26KB

.pdata Size: 37KB - Virtual size: 36KB

.SHARDAT Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 774KB - Virtual size: 773KB

.rdata
Size: 493KB - Virtual size: 493KB

.data
Size: 15KB - Virtual size: 26KB

.pdata
Size: 37KB - Virtual size: 36KB

.SHARDAT
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB