26a580777795eb0f4cb10ba2f8936f489570035e0bf91dba5e2f10b41477ad73

Sharing

Copy URL Twitter E-mail

General

Target

26a580777795eb0f4cb10ba2f8936f489570035e0bf91dba5e2f10b41477ad73
Size

657KB
MD5

a2e18bf0f68904b3681a48fea607e4f0
SHA1

244d389379646d82fa79912da12877a3fea18826
SHA256

26a580777795eb0f4cb10ba2f8936f489570035e0bf91dba5e2f10b41477ad73
SHA512

124761f50596f72796f65308aa1e63a0303473ccc483925b84b151cf9025efe6ae4987184064e3c79ad9c8f9122228d37338b41819602193fe25c0222b4cfc61
SSDEEP

12288:s1GUmlsEH5bMFzosIKqg9McJpRnn703MmU9xgq:s4UmlsEZbio+Z5JpRnAcXp

Score

N/A

Malware Config

Signatures

Files

26a580777795eb0f4cb10ba2f8936f489570035e0bf91dba5e2f10b41477ad73
.exe windows x86

aa1c93adc9273b473cc1488d866b80a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

pccs_dbengine

sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_double
sqlite3_column_int64
sqlite3_reset
sqlite3_step
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_open16
sqlite3_bind_blob
sqlite3_exec
sqlite3_close
sqlite3_errcode
sqlite3_prepare
sqlite3_column_text
sqlite3_finalize
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_text16
sqlite3_column_table_name
sqlite3_column_name
sqlite3_table_column_metadata
sqlite3_db_handle
sqlite3_column_type
sqlite3_trace
sqlite3_progress_handler
sqlite3_update_hook
sqlite3_bind_int
sqlite3_prepare16

kernel32

GetSystemInfo
VirtualAlloc
VirtualProtect
GetFileAttributesW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
MoveFileW
IsBadCodePtr
DeleteCriticalSection
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
ReadFile
GetProcessHeap
HeapFree
HeapAlloc
WriteFile
HeapSize
HeapValidate
SetFilePointer
SetEndOfFile
FindFirstFileW
GetFileSize
FindClose
SetFileAttributesW
DeleteFileW
GetLastError
MultiByteToWideChar
CloseHandle
CreateProcessW
lstrlenW
SizeofResource
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeProcess
FreeLibrary
CreateMutexW
ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
GetProcAddress
Process32NextW
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
CreateDirectoryW
GetCurrentThreadId
LoadLibraryW
FindResourceW
LoadResource
LockResource
VirtualQuery
CreateEventW
CreateNamedPipeW
SetEvent
GetModuleHandleW
TerminateThread
SetThreadPriority
InterlockedIncrement
DisconnectNamedPipe
TerminateProcess
InterlockedDecrement
CancelIo
PeekNamedPipe
LoadLibraryExW
GetOverlappedResult
CreateThread
ResumeThread
ConnectNamedPipe
RaiseException
ResetEvent
lstrcmpiW
GetTickCount
LocalFree
SetUnhandledExceptionFilter
SetErrorMode
lstrcpyW
GetCommandLineW
GetCurrentThread
WideCharToMultiByte
OpenEventW
SetCommMask
PurgeComm
GetCommState
SetCommState
HeapReAlloc
GetSystemTimeAsFileTime
LoadLibraryA
CreateEventA
OpenEventA
IsDebuggerPresent
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetLocaleInfoA
QueryPerformanceCounter
GetACP
InterlockedExchange
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetStartupInfoW
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
GetFullPathNameW
GetCurrentDirectoryA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CompareStringA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
CompareStringW
SetEnvironmentVariableA
ExitThread
GetCurrentProcessId
GetDriveTypeA

user32

PostThreadMessageW
MessageBoxW
DispatchMessageW
CharNextW
CharUpperBuffW
wsprintfW
CharUpperW
LoadStringW
GetMessageW
TranslateMessage
DefWindowProcW
RegisterClassW
CreateWindowExW
PostMessageW
DestroyWindow
UnregisterClassW
MessageBoxExW
UnregisterClassA
PeekMessageW
MsgWaitForMultipleObjects

advapi32

RegQueryValueExA
DeleteService
OpenThreadToken
SetServiceStatus
ControlService
DeregisterEventSource
OpenServiceW
ReportEventW
GetTokenInformation
RegisterEventSourceW
IsValidSid
GetLengthSid
CopySid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CloseServiceHandle
CreateServiceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitializeSecurityDescriptor
RegEnumKeyExW
SetSecurityDescriptorDacl
CreateProcessAsUserW
RegQueryValueExW
GetUserNameW
RegQueryInfoKeyW
RevertToSelf
RegEnumKeyW
ImpersonateLoggedOnUser
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromCLSID
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoSuspendClassObjects
CoRegisterClassObject
StringFromGUID2
CoUninitialize
CoRevokeClassObject
CoResumeClassObjects
CoInitializeSecurity
CoTaskMemFree

oleaut32

SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysStringLen
VarBstrCmp
SysAllocString
SysStringByteLen
SysAllocStringLen
VarBstrCat

shlwapi

PathAppendW

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa1c93adc9273b473cc1488d866b80a8

Headers

File Characteristics

Imports

userenv

setupapi

wtsapi32

version

pccs_dbengine

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 439KB - Virtual size: 439KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 18KB - Virtual size: 26KB

.rsrc Size: 27KB - Virtual size: 27KB

.rrdata Size: 20KB - Virtual size: 20KB

.text
Size: 439KB - Virtual size: 439KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 18KB - Virtual size: 26KB

.rsrc
Size: 27KB - Virtual size: 27KB

.rrdata
Size: 20KB - Virtual size: 20KB