f6031e3c7033a773655d26a6329e509736a28e294786877abc11c429d9e13e49

Sharing

Copy URL Twitter E-mail

General

Target

f6031e3c7033a773655d26a6329e509736a28e294786877abc11c429d9e13e49
Size

463KB
MD5

781b71ea7e8910629af50d866a2c2bf3
SHA1

5deb11b453502e81fb4408003b4638110fd7b073
SHA256

f6031e3c7033a773655d26a6329e509736a28e294786877abc11c429d9e13e49
SHA512

08929a367fdf3b0e3131e7f29268217b0e52900787cc276841b1260ac7c301ae66bcb2b51a54aba7368b95fc8abfc5b0c6f31f33cbaed3a68ab3bda476898dd2
SSDEEP

12288:1nBXu5rgtdpdZ6ntq526sqrjtm9ocVA9p95o/YteU:Xu5kDpz6t6sEjthEEjyd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6031e3c7033a773655d26a6329e509736a28e294786877abc11c429d9e13e49

Files

f6031e3c7033a773655d26a6329e509736a28e294786877abc11c429d9e13e49
.dll windows:6 windows x64 arch:x64

334dde7f8cb386957eaddf9e96a881e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dr-ag-4256dc7f-we\_work\1\s\Output\bin\Release\JavaHook_x64.pdb

Imports

kernel32

QueryFullProcessImageNameW
LocalFree
GetModuleHandleExW
TerminateProcess
MultiByteToWideChar
FindNextFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
GetFileType
SetStdHandle
ExitProcess
GetConsoleMode
GetConsoleOutputCP
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
FindClose
GetModuleHandleW
GetModuleFileNameW
K32GetModuleBaseNameW
K32EnumProcessModules
FreeLibrary
OpenProcess
ProcessIdToSessionId
GetCurrentProcessId
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WideCharToMultiByte
GetTickCount64
GetCurrentThreadId
OutputDebugStringA
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
GetLastError
FindResourceExW
LockResource
LoadResource
SizeofResource
FindResourceW
GetProcAddress
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteConsoleW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
LCMapStringEx
EncodePointer
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
GetLocaleInfoEx
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
FindFirstFileExW
WakeAllConditionVariable
SleepConditionVariableSRW
RtlUnwind
FlushFileBuffers
HeapCreate
DeleteFileW
WriteFile
SetLastError
CreateFileW
GetCurrentDirectoryW
GetLocalTime
GetTickCount
FormatMessageA
ReleaseSRWLockExclusive
GetCommandLineW
IsDebuggerPresent
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
RaiseException
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsFree
TlsSetValue
SetFilePointerEx
ReadFile
GetFileSizeEx

user32

IsWindow

advapi32

RegGetValueW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoTaskMemFree
StringFromGUID2

oleaut32

VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr64
SymFromAddr
SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymSetOptions

winmm

timeGetTime

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

Exports

Exports

ExecuteJavaInjected
GetHandleVerifier

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

334dde7f8cb386957eaddf9e96a881e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

dbghelp

winmm

version

shlwapi

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB