26ac9797cc9ead79a41ef5252fa69e3a07afa13bd5bcdbc2ab45a1772c269136

Sharing

Copy URL Twitter E-mail

General

Target

26ac9797cc9ead79a41ef5252fa69e3a07afa13bd5bcdbc2ab45a1772c269136
Size

845KB
MD5

52f23ce56a33235c544f4da2b7b539de
SHA1

18ec9e052bb931880f98d5b8e25a3f294cdd0c30
SHA256

26ac9797cc9ead79a41ef5252fa69e3a07afa13bd5bcdbc2ab45a1772c269136
SHA512

295aef11236715a30ad6e2deadeccd564c5492f53665566f4171262eb4dc952252e0b7e6e35aeab1388275dbb7a8a2845e232048e4cb2e553198c0989ee6a8e4
SSDEEP

24576:Ke6q0nNWZ2rJPpdTfcMRdv6Q4ZYQRB2Wd6wk+ZJU:KeBVZQJpthQZYEUL+ZJU

Score

N/A

Malware Config

Signatures

Files

26ac9797cc9ead79a41ef5252fa69e3a07afa13bd5bcdbc2ab45a1772c269136
.exe windows x86

eb4e31e4a508c577d6101680b5c21fb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiViewModify
MsiProvideQualifiedComponentExA
MsiDeleteUserDataA
MsiReinstallFeatureFromDescriptorA
MsiGetActiveDatabase
MsiViewGetErrorA
MsiEnumComponentsW
MsiDatabaseApplyTransformA
MsiSummaryInfoSetPropertyW
MsiQueryFeatureStateFromDescriptorW
MsiVerifyPackageW
MsiOpenDatabaseW
MsiCloseAllHandles
MsiCreateRecord
MsiSequenceW
MsiEnumRelatedProductsA
MsiConfigureFeatureW

msvcrt

log10
_strtime
setlocale
_timezone
_futime
ferror
_ismbbkalnum
_getwche
_ismbbgraph
_fgetwchar
_aligned_free
wcscpy
_adjust_fdiv
_fgetchar
_j0
_fileinfo
__getmainargs
??0exception@@QAE@ABV0@@Z

cmutil

?GPPI@CIniA@@QBEKPBD0K@Z
?GetLogFilePath@CmLogFile@@QAEPBGXZ
??4CRandom@@QAEAAV0@ABV0@@Z
?WPPI@CIniA@@QAEXPBD0K@Z
?LoadEntry@CIniW@@IBEPAGPBG@Z
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
CmLoadSmallIconW
??4CIniW@@QAEAAV0@ABV0@@Z
??_FCIniA@@QAEXXZ
CmEndOfStrW
?SetFile@CIniW@@QAEXPBG@Z
CmAtolA
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
?GPPB@CIniA@@QBEHPBD0H@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
CmStrStrW
?SetParams@CmLogFile@@QAEJHKPBD@Z
CmLoadImageW
??1CIniW@@QAE@XZ
?SetRegPath@CIniA@@QAEXPBD@Z
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
?Init@CRandom@@QAEXK@Z
??_FCIniW@@QAEXXZ
CmAtolW

kernel32

WaitForSingleObjectEx
IsBadHugeReadPtr
LoadLibraryExW
BuildCommDCBW
OpenProfileUserMapping
DnsHostnameToComputerNameW
VirtualAlloc
GetEnvironmentStringsW
DefineDosDeviceA
HeapCreate
WriteProfileStringA
WaitForMultipleObjects
TerminateThread
SetMessageWaitingIndicator
DeleteFileA
ExpungeConsoleCommandHistoryW
BuildCommDCBAndTimeoutsA
UnlockFile
GlobalHandle
LoadLibraryA
GetSystemWow64DirectoryW
GetProcessVersion
FindAtomW

wtsapi32

WTSCloseServer
WTSEnumerateProcessesA
WTSVirtualChannelOpen
WTSQueryUserConfigW
WTSFreeMemory
WTSVirtualChannelQuery
WTSSetUserConfigW
WTSOpenServerA
WTSVirtualChannelRead
WTSEnumerateServersW
WTSQueryUserToken
WTSLogoffSession
WTSEnumerateProcessesW
WTSVirtualChannelWrite
WTSWaitSystemEvent

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb4e31e4a508c577d6101680b5c21fb3

Headers

DLL Characteristics

File Characteristics

Imports

msi

msvcrt

cmutil

kernel32

wtsapi32

Sections

.text Size: 754KB - Virtual size: 754KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 980B

.text
Size: 754KB - Virtual size: 754KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 980B