File Path | Type and Hashes |
---|
Match Rules |
---|
File Name: | KHYnZx4nz.zk |
File Type: | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
SHA1: | f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12 |
MD5: | a88491a1e76fd8e433adad53bd330d31 |
First Seen Date: | 2016-12-24 09:46:58.745892 ( ) |
Number of Clients Seen: | 4 |
Last Analysis Date: | 2016-12-24 09:46:58.745892 ( ) |
Human Expert Analysis Date: | 2019-12-24 16:58:56.356909 ( ) |
Human Expert Analysis Result: | Malware |
Property | Value |
---|---|
number of sections | 5 |
compilation time stamp | 0x5848354C [Wed Dec 7 16:14:04 2016 UTC] |
LegalCopyright | Copyright \xa9 1999-2013 |
FileDescription | BASS |
FileVersion | 2.4.10 |
CompanyName | Un4seen Developments |
Translation | 0x0000 0x04b0 |
entry point | 0x415d96 (.text) |
machine type | Intel 386 or later - 32Bit |
file size | 187110 |
sha256 | e407a9b7adba2587150d66ec638a4a9b64d57ac23b320c0f7df02668479c61da |
mime type | application/x-dosexec |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|---|---|---|---|---|
.text | 0x1000 | 0x22070 | 0x22200 | 7.168980[SUSPICIOUS] | - |
.rdata | 0x24000 | 0x216d | 0x2200 | 7.009640[SUSPICIOUS] | - |
.data | 0x27000 | 0xa240 | 0x400 | 4.992754 | - |
.rsrc | 0x32000 | 0x3570 | 0x3600 | 4.109366 | - |
.reloc | 0x36000 | 0x2dd2 | 0x2e00 | 5.884982 | - |
-
KERNEL32.dll
- CloseHandle
- GetOEMCP
- TlsFree
- GetACP
- InterlockedDecrement
- GetEnvironmentStringsW
- TlsAlloc
- GetFileSize
- FlushFileBuffers
- GetConsoleMode
- DeleteFileW
- LCMapStringW
- IsProcessorFeaturePresent
- WriteFile
- LoadLibraryW
- RaiseException
- GetModuleFileNameW
- ExitProcess
- IsValidCodePage
- InitializeCriticalSectionAndSpinCount
- GetCurrentThreadId
- UnhandledExceptionFilter
- GetLastError
- IsDebuggerPresent
- GetModuleHandleW
- GetConsoleCP
- GetLocalTime
- HeapReAlloc
- GetCurrentProcessId
- DeleteCriticalSection
- RtlUnwind
- LoadLibraryExW
- GetModuleFileNameA
- SetLastError
- SetUnhandledExceptionFilter
- EnterCriticalSection
- LocalFree
- SetFilePointerEx
- InterlockedIncrement
- FreeEnvironmentStringsW
- GetCPInfo
- HeapDestroy
- GetCommandLineA
- TlsSetValue
- HeapAlloc
- GetFileType
- WriteConsoleW
- TlsGetValue
- GetStdHandle
- GetSystemTimeAsFileTime
- lstrlenA
- SetStdHandle
- OutputDebugStringW
- WideCharToMultiByte
- Sleep
- GetStartupInfoW
- GetCurrentProcess
- HeapFree
- GetStringTypeW
- MultiByteToWideChar
- GetProcessHeap
- QueryPerformanceCounter
- VirtualQuery
- FreeLibrary
- TerminateProcess
- LeaveCriticalSection
- GetProcAddress
- CreateFileW
- HeapSize
- GetCommandLineW
-
USER32.dll
- SendMessageA
- wvsprintfW
- wsprintfW
- CharLowerA
-
GDI32.dll
- AbortPath
- AnimatePalette
- BeginPath
- AngleArc
-
ole32.dll
- CoInitializeSecurity
- CoInitialize
- CoSetProxyBlanket
- CoUninitialize
- CoCreateInstance
-
OLEAUT32.dll
- SysFreeString
- VariantInit
- SysAllocString
- VariantClear
-
msvcrt.dll
- __set_app_type
- _exit
-
msi.dll
- None
RT_BITMAP
RT_VERSION