NextHook
Static task
static1
1 signatures
General
-
Target
KuroDLL.dll
-
Size
1.9MB
-
MD5
eb306d319a5ec8704480597acb81b40e
-
SHA1
ec4cd76d70e4ebd60ff321ff4939c6bd23a7887d
-
SHA256
8d37a818067a38c2392745a5b6922e45da7941e73d7a76492eff680948ba4282
-
SHA512
811a06e85f811899a5ffa4e8d083bebff948ba2cf16f5d7ffc7ab0070b8860c2be67c1a7b44eb3df262f55c72bf0113e255c8bb7931c99938efe8a5e876b1ad3
-
SSDEEP
49152:dNKp3BtSLgK7pIcJct5/Db9RVd08JPQnFU:7WB9GJ6/Db9RVd08J
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource KuroDLL.dll
Files
-
KuroDLL.dll.dll windows:6 windows x64 arch:x64
dddfda159bf41ea481a332b0e0ed43c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
shell32
SHGetKnownFolderPath
ShellExecuteA
ole32
CoTaskMemFree
user32
LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowW
UpdateWindow
FindWindowA
PostQuitMessage
PeekMessageA
TranslateMessage
SetLayeredWindowAttributes
DefWindowProcA
MessageBoxA
GetAsyncKeyState
ShowWindow
RegisterClassExW
UnregisterClassW
CallNextHookEx
CreateWindowExW
GetWindowRect
DispatchMessageA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
kernel32
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
IsDebuggerPresent
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetFileSizeEx
CreateFile2
UnmapViewOfFile
CloseHandle
CreateFileMappingFromApp
MapViewOfFileFromApp
FormatMessageA
SetEvent
CreateEventA
UnhandledExceptionFilter
WriteFile
CreateFileW
Sleep
ReadFile
CreateNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
OutputDebugStringA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
GetSystemDirectoryA
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFileInformationByHandle
LocalFree
GetLocaleInfoEx
AreFileApisANSI
GetProcAddress
GetFileInformationByHandleEx
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetFinalPathNameByHandleW
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
d3dcompiler_47
D3DCompile
msvcp140
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Cnd_signal
_Thrd_hardware_concurrency
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Random_device@std@@YAIXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_wait
_Thrd_id
_Query_perf_counter
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?good@ios_base@std@@QEBA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Thrd_detach
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??Bios_base@std@@QEBA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Strxfrm
??Bid@locale@std@@QEAA_KXZ
??1_Locinfo@std@@QEAA@XZ
bcrypt
BCryptGenRandom
ws2_32
getnameinfo
recv
ntohs
send
getsockname
getpeername
WSAStartup
shutdown
select
closesocket
WSACleanup
freeaddrinfo
getaddrinfo
htons
socket
bind
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
setsockopt
WSASetLastError
WSACreateEvent
WSACloseEvent
__WSAFDIsSet
gethostname
htonl
WSAIoctl
WSAResetEvent
getsockopt
recvfrom
sendto
accept
listen
connect
ioctlsocket
WSAGetLastError
d3d11
D3D11CreateDeviceAndSwapChain
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
strstr
strchr
__std_type_info_destroy_list
__current_exception_context
__current_exception
_CxxThrowException
memmove
memchr
strrchr
memcmp
memset
memcpy
__C_specific_handler
__std_type_info_name
__std_type_info_compare
_purecall
__std_exception_copy
__std_exception_destroy
api-ms-win-crt-stdio-l1-1-0
fgetpos
ungetc
fputs
fgetc
fputc
fsetpos
_fseeki64
__stdio_common_vswprintf
feof
_close
_fileno
_lseeki64
fopen
ftell
_write
_read
__acrt_iob_func
fflush
fclose
_open
setvbuf
fread
fseek
__stdio_common_vfprintf
fgets
__stdio_common_vsscanf
_get_stream_buffer_pointers
fwrite
__stdio_common_vsprintf
_wfopen
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strncpy
strncat
toupper
strncmp
isalnum
isblank
isspace
tolower
strcspn
isalpha
strcmp
iscntrl
ispunct
islower
isxdigit
strpbrk
isgraph
strnlen
strspn
_strdup
isdigit
isupper
api-ms-win-crt-heap-l1-1-0
calloc
_callnewh
_aligned_free
free
malloc
realloc
_aligned_malloc
api-ms-win-crt-convert-l1-1-0
atoi
strtol
strtod
wcstombs
strtoll
strtoull
strtoul
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_beginthreadex
terminate
_errno
abort
__sys_nerr
_invalid_parameter_noinfo
__sys_errlist
api-ms-win-crt-filesystem-l1-1-0
_access
_access_s
_lock_file
_stat64
_fstat64
_unlock_file
_unlink
api-ms-win-crt-math-l1-1-0
asin
ceilf
ceil
acosf
acos
atan2
cos
cosf
_fdopen
cosh
exp
floor
floorf
fmod
fmodf
log10
log2
sin
sinf
sinh
sqrt
sqrtf
tan
tanh
pow
log
atan
ldexp
round
_dsign
modf
frexp
api-ms-win-crt-time-l1-1-0
_localtime64_s
_gmtime64_s
clock
_time64
strftime
_gmtime64
_difftime64
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
wldap32
ord200
ord143
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord301
advapi32
CryptCreateHash
CryptEncrypt
CryptAcquireContextA
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptDestroyHash
normaliz
IdnToUnicode
IdnToAscii
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertFindExtension
Exports
Exports
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 352KB - Virtual size: 352KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 49KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ