AndroidLogger[.]v1[.]3[.]7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AndroidLogger.v1.3.7.zip
Size

281KB
MD5

a037f80ad1f6c423fb5ee7d5689ec650
SHA1

67a10c159b9147bdcd78ec234a049a2aa6e7b5b5
SHA256

7972e4999a6ba5e7ee23cf3f297fa7ce7654fa7a6587a216cf3290bb8abd442f
SHA512

39bc63d5a062a102ca48977bd7901505f47b51707c466be412bba8a01cd5afbf680681e0d81f0b1989990d65cdb3e41ca61f23f3eedf5c49c5619fafa5884459
SSDEEP

6144:z/AKWIg/4VZRUGDQq6WyJEa5xa/1udyP+G8X5zXwC7CCsoEHQ:bb2QfnDkfpGPvSzvmC2HQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AndroidLogger/AndroidLogger.dll

Files

AndroidLogger.v1.3.7.zip
.zip

Password: infected
AndroidLogger/AndroidLogger.dll
.dll windows:6 windows x64 arch:x64

Password: infected

60add519c376f85932e465252ff2f159

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

W:\repo\AndroidLogger\notepad-plus-plus-8.6.7\PowerEditor\visual.net\x64\Release\plugins\AndroidLogger\AndroidLogger.pdb

Imports

shlwapi

PathFindFileNameW
StrStrA
StrCatW
StrToIntA

shell32

ShellExecuteW

ws2_32

WSAStartup
send
socket
connect
recv
htons
ioctlsocket
setsockopt
WSAGetLastError
gethostbyname
closesocket
WSACleanup

gdi32

DeleteObject
GetDeviceCaps

comdlg32

GetOpenFileNameW

user32

GetWindowRect
TrackPopupMenu
RemoveMenu
GetCursorPos
DestroyIcon
InvalidateRect
CreateDialogParamW
PostQuitMessage
SetWindowTextW
DialogBoxParamW
DefWindowProcW
CallWindowProcW
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
CheckRadioButton
EndDialog
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
GetDC
MessageBoxA
GetMenuStringW
LoadImageW
ReleaseDC
SetWindowPos
FillRect
CreateWindowExW
CreatePopupMenu
ShowWindow
ClientToScreen
LoadBitmapW
DestroyMenu
SetFocus
LoadIconW
LoadCursorW
GetClientRect
AppendMenuW
GetSysColorBrush
SetTimer
KillTimer
PostMessageW
MessageBoxW
SendMessageW
wsprintfW
RedrawWindow
RegisterClassExW
IsWindowVisible
GetMenu

comctl32

ImageList_Create
ImageList_Add
ImageList_Destroy

kernel32

GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetCommandLineW
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
SetStdHandle
HeapReAlloc
CreateFileW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
WriteFile
HeapSize
GetFileType
GetStdHandle
SetFilePointerEx
GetFileSizeEx
ExitProcess
CreateDirectoryW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
QueryPerformanceFrequency
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
WriteConsoleW
SetEndOfFile
FlushFileBuffers
SetCurrentDirectoryW
CompareStringEx
LCMapStringEx
Sleep
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetEnvironmentVariableW
GetPrivateProfileStringW
RtlUnwind
lstrcpyW
WinExec
lstrcmpW
MulDiv
lstrlenW
GetModuleFileNameW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer

Exports

Exports

CreateLexer
GetLexerCount
GetLexerFactory
GetLexerName
GetLexerStatusText
beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Config/AndroidLogger.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

60add519c376f85932e465252ff2f159

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

ws2_32

gdi32

comdlg32

user32

comctl32

kernel32

Exports

Exports

Sections

.text Size: 434KB - Virtual size: 433KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 7KB - Virtual size: 17KB

.pdata Size: 28KB - Virtual size: 28KB

.rsrc Size: 288KB - Virtual size: 287KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 434KB - Virtual size: 433KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 288KB - Virtual size: 287KB

.reloc
Size: 4KB - Virtual size: 3KB