PassatHook[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

PassatHook.dll
Size

1.6MB
MD5

de601872b48aa63e1c4b69be09f9434b
SHA1

cf9cf78ea5d4a920d5336b19e1209e110a78c10e
SHA256

0c9b40abd8814852ce54d5e0cb11a7f2b8330c7954ceabf017057e34b5084392
SHA512

6d04c93c5be1edef1e0361ada2860514a78e617a28349ee38839ff38a11c13ab89dcb6a24e498b08d8023810bb1f2687ee7ad081acc37a21a262f984ffdd7ef7
SSDEEP

24576:rW+cGRiUs0WKUg6WnMNb/cQWppxCs9oqGHhHFnpqCIqV8FsDc5tTG3GPfJv:ymaKjxnobc79VmrpJV8F95tq3Gv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PassatHook.dll

Files

PassatHook.dll
.dll windows:6 windows x86 arch:x86

595d5878ae517951ae8625f1a9267ad8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree

user32

ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CallWindowProcW
MessageBoxA
SetWindowLongW
ShowWindow
FindWindowW
FlashWindowEx
GetDC
GetCursorPos

kernel32

SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStdHandle
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
ReadFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
WriteFile
FreeLibraryAndExitThread
GetModuleHandleA
GetLastError
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
K32GetModuleInformation
GetTimeZoneInformation
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetModuleHandleExW
IsValidCodePage
GetACP
GetCommandLineA
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
ReleaseSRWLockExclusive
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdi32

CreateFontA
SelectObject
CreateCompatibleDC
EnumFontFamiliesExW
CreateFontW
DeleteDC
GetFontData
DeleteObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 975KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

595d5878ae517951ae8625f1a9267ad8

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

user32

kernel32

imm32

gdi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 37KB - Virtual size: 975KB

_RDATA Size: 10KB - Virtual size: 9KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 37KB - Virtual size: 975KB

_RDATA
Size: 10KB - Virtual size: 9KB

.reloc
Size: 50KB - Virtual size: 50KB