| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | KHYnZx4nz.zk |
| File Type: | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| SHA1: | f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12 |
| MD5: | a88491a1e76fd8e433adad53bd330d31 |
| First Seen Date: | 2016-12-24 09:46:58.745892 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2016-12-24 09:46:58.745892 ( ) |
| Human Expert Analysis Date: | 2019-12-24 16:58:56.356909 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| number of sections | 5 |
| compilation time stamp | 0x5848354C [Wed Dec 7 16:14:04 2016 UTC] |
| LegalCopyright | Copyright \xa9 1999-2013 |
| FileDescription | BASS |
| FileVersion | 2.4.10 |
| CompanyName | Un4seen Developments |
| Translation | 0x0000 0x04b0 |
| entry point | 0x415d96 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 187110 |
| sha256 | e407a9b7adba2587150d66ec638a4a9b64d57ac23b320c0f7df02668479c61da |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x22070 | 0x22200 | 7.168980[SUSPICIOUS] | - |
| .rdata | 0x24000 | 0x216d | 0x2200 | 7.009640[SUSPICIOUS] | - |
| .data | 0x27000 | 0xa240 | 0x400 | 4.992754 | - |
| .rsrc | 0x32000 | 0x3570 | 0x3600 | 4.109366 | - |
| .reloc | 0x36000 | 0x2dd2 | 0x2e00 | 5.884982 | - |
-
KERNEL32.dll
- CloseHandle
- GetOEMCP
- TlsFree
- GetACP
- InterlockedDecrement
- GetEnvironmentStringsW
- TlsAlloc
- GetFileSize
- FlushFileBuffers
- GetConsoleMode
- DeleteFileW
- LCMapStringW
- IsProcessorFeaturePresent
- WriteFile
- LoadLibraryW
- RaiseException
- GetModuleFileNameW
- ExitProcess
- IsValidCodePage
- InitializeCriticalSectionAndSpinCount
- GetCurrentThreadId
- UnhandledExceptionFilter
- GetLastError
- IsDebuggerPresent
- GetModuleHandleW
- GetConsoleCP
- GetLocalTime
- HeapReAlloc
- GetCurrentProcessId
- DeleteCriticalSection
- RtlUnwind
- LoadLibraryExW
- GetModuleFileNameA
- SetLastError
- SetUnhandledExceptionFilter
- EnterCriticalSection
- LocalFree
- SetFilePointerEx
- InterlockedIncrement
- FreeEnvironmentStringsW
- GetCPInfo
- HeapDestroy
- GetCommandLineA
- TlsSetValue
- HeapAlloc
- GetFileType
- WriteConsoleW
- TlsGetValue
- GetStdHandle
- GetSystemTimeAsFileTime
- lstrlenA
- SetStdHandle
- OutputDebugStringW
- WideCharToMultiByte
- Sleep
- GetStartupInfoW
- GetCurrentProcess
- HeapFree
- GetStringTypeW
- MultiByteToWideChar
- GetProcessHeap
- QueryPerformanceCounter
- VirtualQuery
- FreeLibrary
- TerminateProcess
- LeaveCriticalSection
- GetProcAddress
- CreateFileW
- HeapSize
- GetCommandLineW
-
USER32.dll
- SendMessageA
- wvsprintfW
- wsprintfW
- CharLowerA
-
GDI32.dll
- AbortPath
- AnimatePalette
- BeginPath
- AngleArc
-
ole32.dll
- CoInitializeSecurity
- CoInitialize
- CoSetProxyBlanket
- CoUninitialize
- CoCreateInstance
-
OLEAUT32.dll
- SysFreeString
- VariantInit
- SysAllocString
- VariantClear
-
msvcrt.dll
- __set_app_type
- _exit
-
msi.dll
- None
RT_BITMAP
RT_VERSION