c734b0530f5a2db717a20273b87d00037d3b0e08ce4794d88d929ed896be4bc0

Sharing

Copy URL Twitter E-mail

General

Target

c734b0530f5a2db717a20273b87d00037d3b0e08ce4794d88d929ed896be4bc0
Size

441KB
MD5

c857293873ea1f4ae54b617ebac1d4ab
SHA1

c208f3182b6d66247630bb6fb66a44f7ab00bfc3
SHA256

c734b0530f5a2db717a20273b87d00037d3b0e08ce4794d88d929ed896be4bc0
SHA512

8daba301b8baf7a7766b3ab0063e7d7c116cb1dccb516150263025157f1c29e32965dc4fef970aeeaed0b50363217f9d08c19b0a03c62f03cfea239bfcfca013
SSDEEP

12288:m+/HqjnST9iCrvjxsrSQerfjTidMzLNxMcZ+65Vu2QJCk:m+rvy27rf/DLNxTE6N6P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c734b0530f5a2db717a20273b87d00037d3b0e08ce4794d88d929ed896be4bc0

Files

c734b0530f5a2db717a20273b87d00037d3b0e08ce4794d88d929ed896be4bc0
.dll windows:6 windows x86 arch:x86

f68baeb552430e3392e4e7b5d4cbcb87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\workspace\workspace\_intrusion_ransom-decrypt_master\build_ransom_decrypt_windows_x86\Release\bin\keycapture32.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
ReadFile
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
GetLastError
Sleep
OpenFileMappingA
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
SetLastError
FreeLibrary
GetModuleHandleW
LoadLibraryExW
ExitProcess
TerminateProcess
VirtualAllocEx
WriteProcessMemory
IsWow64Process
WriteConsoleW
HeapSize
GetProcessHeap
FindClose
K32GetModuleFileNameExA
SetConsoleMode
GetProcAddress
CreateFileA
DisableThreadLibraryCalls
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
GetCurrentThread
GetCurrentProcess
CloseHandle
IsDebuggerPresent
CreateFileW
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetFileType
GetModuleHandleExW
GetConsoleMode
ReadConsoleW
HeapFree
HeapAlloc
GetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
SetEndOfFile
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

ShowWindow

advapi32

CryptGetKeyParam
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptHashData
CryptCreateHash
CryptEncrypt
CryptGenRandom
CryptSetKeyParam
CryptDeriveKey
CryptAcquireContextW
CryptAcquireContextA

Exports

Exports

yr_compiler_add_fd
yr_compiler_add_file
yr_compiler_add_string
yr_compiler_create
yr_compiler_define_boolean_variable
yr_compiler_define_float_variable
yr_compiler_define_integer_variable
yr_compiler_define_string_variable
yr_compiler_destroy
yr_compiler_get_current_file_name
yr_compiler_get_error_message
yr_compiler_get_rules
yr_compiler_load_atom_quality_table
yr_compiler_set_atom_quality_table
yr_compiler_set_callback
yr_compiler_set_include_callback
yr_compiler_set_re_ast_callback
yr_filemap_map
yr_filemap_map_ex
yr_filemap_map_fd
yr_filemap_unmap
yr_filemap_unmap_fd
yr_finalize
yr_get_configuration
yr_hash_table_add
yr_hash_table_add_raw_key
yr_hash_table_add_uint32
yr_hash_table_clean
yr_hash_table_create
yr_hash_table_destroy
yr_hash_table_lookup
yr_hash_table_lookup_raw_key
yr_hash_table_lookup_uint32
yr_hash_table_remove
yr_hash_table_remove_raw_key
yr_initialize
yr_object_print_data
yr_process_close_iterator
yr_process_fetch_memory_block_data
yr_process_get_first_memory_block
yr_process_get_next_memory_block
yr_process_open_iterator
yr_rule_disable
yr_rule_enable
yr_rules_define_boolean_variable
yr_rules_define_float_variable
yr_rules_define_integer_variable
yr_rules_define_string_variable
yr_rules_destroy
yr_rules_get_stats
yr_rules_load
yr_rules_load_stream
yr_rules_save
yr_rules_save_stream
yr_rules_scan_fd
yr_rules_scan_file
yr_rules_scan_mem
yr_rules_scan_mem_blocks
yr_rules_scan_proc
yr_scanner_create
yr_scanner_define_boolean_variable
yr_scanner_define_float_variable
yr_scanner_define_integer_variable
yr_scanner_define_string_variable
yr_scanner_destroy
yr_scanner_get_profiling_info
yr_scanner_last_error_rule
yr_scanner_last_error_string
yr_scanner_print_profiling_info
yr_scanner_reset_profiling_info
yr_scanner_scan_fd
yr_scanner_scan_file
yr_scanner_scan_mem
yr_scanner_scan_mem2
yr_scanner_scan_mem_blocks
yr_scanner_scan_proc
yr_scanner_set_callback
yr_scanner_set_flags
yr_scanner_set_timeout
yr_set_configuration

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f68baeb552430e3392e4e7b5d4cbcb87

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 319KB - Virtual size: 318KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 6KB - Virtual size: 10KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 319KB - Virtual size: 318KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 6KB - Virtual size: 10KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 17KB - Virtual size: 17KB