26afe62d51914bed82eb1a06261e5b730eee090f3d75219f9a951a6ea85128ea

Sharing

Copy URL Twitter E-mail

General

Target

26afe62d51914bed82eb1a06261e5b730eee090f3d75219f9a951a6ea85128ea
Size

176KB
MD5

102f78ad0fb6a339e3ef534c972e4b30
SHA1

29dbcdca3bbef09d2c3d533b7306a3b9aa9356ec
SHA256

26afe62d51914bed82eb1a06261e5b730eee090f3d75219f9a951a6ea85128ea
SHA512

2167a45fea51e97ce13892fd19c19287f9b559b7e65d3ee4a6987034f83c7fed155980549f5367375ac9d94f73d5fee789eca614ecfecac831a9143b4b16d683
SSDEEP

3072:W1yvUnb13BqaH4t8K7GhnOPAPqDcF2/F6VVx2ers1a7NGRiz/6HHKlfCys+dZy2B:bYWaM8HnOHDcF2en7NGA/7Vi+Bq4r

Score

N/A

Malware Config

Signatures

Files

26afe62d51914bed82eb1a06261e5b730eee090f3d75219f9a951a6ea85128ea
.exe windows x86

87c025985a5976919c5df2206d3662eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord986
ord5914
ord4159
ord2621
ord1205
ord6117
ord6571
ord1640
ord1876
ord5460
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2955
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4669
ord4490
ord4345
ord4338
ord1729
ord4647
ord5022
ord4493
ord4492
ord4512
ord4962
ord971
ord2058
ord4645
ord5508
ord5956
ord4037
ord3268
ord420
ord720
ord2393
ord969
ord4388
ord3141
ord5824
ord640
ord2405
ord3909
ord6021
ord323
ord4382
ord4554
ord5122
ord4563
ord5092
ord5127
ord5128
ord6937
ord2801
ord2740
ord2859
ord2450
ord535
ord1883
ord5751
ord4155
ord2990
ord3415
ord5024
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3058
ord3065
ord6336
ord2510
ord5244
ord1746
ord5577
ord3172
ord5653
ord4421
ord4954
ord4859
ord4387
ord3454
ord3198
ord6175
ord4623
ord4430
ord734
ord715
ord4824
ord1265
ord5440
ord1081
ord5605
ord2761
ord5597
ord4021
ord4083
ord5620
ord1082
ord6081
ord4617
ord5710
ord1147
ord3442
ord4238
ord415
ord2246
ord3517
ord482
ord2652
ord5583
ord1669
ord922
ord3176
ord4129
ord4616
ord437
ord705
ord6383
ord6194
ord406
ord2379
ord6055
ord1776
ord5290
ord3402
ord3610
ord567
ord656
ord1829
ord6199
ord879
ord882
ord3874
ord4275
ord6400
ord3693
ord1641
ord3573
ord3706
ord4297
ord4133
ord4299
ord3223
ord3221
ord4386
ord1093
ord2593
ord2042
ord777
ord1871
ord613
ord289
ord4317
ord5788
ord1264
ord2394
ord2129
ord2564
ord2563
ord6009
ord5787
ord5875
ord4287
ord4284
ord3138
ord5789
ord6442
ord5981
ord6215
ord2864
ord1083
ord1992
ord501
ord773
ord3571
ord5785
ord4220
ord2584
ord3654
ord2438
ord1644
ord3948
ord5823
ord3664
ord4003
ord2635
ord1176
ord1568
ord5268
ord2727
ord2730
ord2729
ord6467
ord1130
ord6242
ord1905
ord1920
ord4589
ord4899
ord4341
ord4349
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4960
ord5240
ord3748
ord1725
ord4432
ord784
ord5260
ord1233
ord4333
ord4480
ord603
ord1969
ord273
ord3174
ord5766
ord6131
ord6216
ord4370
ord738
ord3256
ord5882
ord2920
ord2012
ord2455
ord6270
ord2371
ord4508
ord3317
ord996
ord2775
ord5037
ord3993
ord3976
ord786
ord5903
ord2962
ord1706
ord2461
ord430
ord519
ord1748
ord4042
ord1652
ord429
ord4613
ord5053
ord4614
ord4262
ord517
ord4889
ord4963
ord6189
ord2754
ord4023
ord4330
ord3797
ord6340
ord2254
ord2161
ord3769
ord2175
ord2521
ord6192
ord6186
ord5794
ord2516
ord1658
ord4375
ord4852
ord3384
ord2535
ord4538
ord3356
ord3092
ord2299
ord2301
ord2642
ord1200
ord1199
ord4476
ord3089
ord1768
ord3677
ord441
ord4257
ord4229
ord3095
ord2527
ord3620
ord361
ord915
ord4191
ord400
ord702
ord4448
ord4685
ord4676
ord4362
ord5088
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4147
ord1842
ord5871
ord2494
ord2627
ord2626
ord5883
ord2120
ord5282
ord6828
ord4724
ord975
ord5279
ord4242
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5064
ord5248
ord2444
ord3395
ord3730
ord807
ord554
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord674
ord796
ord3813
ord529
ord366
ord2080
ord6000
ord2117
ord4457
ord6195
ord3870
ord2558
ord6069
ord3522
ord4357
ord4204
ord2915
ord5572
ord5442
ord5199
ord6329
ord354
ord5186
ord268
ord3318
ord1979
ord665
ord2884
ord4610
ord788
ord4214
ord4274
ord4160
ord939
ord940
ord1148
ord4234
ord2370
ord324
ord3597
ord4425
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord5730
ord2003
ord5198
ord5940
ord4695
ord1146
ord3619
ord2860
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord4615
ord6347
ord941
ord537
ord5503
ord2818
ord3196
ord3447
ord641
ord858
ord860
ord6403
ord5750
ord561
ord540
ord815
ord800
ord3738
ord4424
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord520
ord3715
ord6451

msvcrt

_stricmp
_mbsninc
_mbschr
_vsnprintf
_setmbcp
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_mbsnbcpy
atol
_itoa
atoi
wcslen
_mbstok
_CxxThrowException
_snprintf
__argv
__argc
_splitpath
__CxxFrameHandler
_mbsupr
_mbsinc
_mbslen
_mbsnbcmp
_mbscmp
_mbsstr
_adjust_fdiv
_ismbcalpha

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegSetValueA
RegDeleteKeyA

kernel32

GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrcpynA
GetModuleHandleA
GetProcAddress
LoadLibraryA
FormatMessageA
WideCharToMultiByte
GetProfileStringA
GlobalAlloc
GlobalFree
MulDiv
LocalFree
LocalAlloc
LocalLock
LocalUnlock
SetLastError
MultiByteToWideChar
SetErrorMode
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetLocaleInfoA
GetCurrentDirectoryA
GlobalLock
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
lstrlenA
GetModuleFileNameA
GetFileAttributesA
GetLastError
CloseHandle
FreeLibrary
GetVersionExA
GetProcessHeap
HeapAlloc
HeapFree
GetComputerNameA
CreateDirectoryA
GetVersion

gdi32

Rectangle
GetObjectA
GetStockObject
SelectObject
GetTextExtentPoint32A
BitBlt
DPtoLP
SetBrushOrgEx
CreateCompatibleBitmap
CreatePen
EnumFontFamiliesA
PathToRegion
DeleteObject
WidenPath
EndPath
BeginPath
PatBlt
RoundRect
GetTextMetricsA
Polygon
Ellipse
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
RectInRegion
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateFontIndirectA
CreateBrushIndirect
CreatePenIndirect
GetEnhMetaFileBits
CloseEnhMetaFile
CreateEnhMetaFileA
GetDeviceCaps
CreateDCA
CreateCompatibleDC
GetCurrentObject

user32

InvalidateRect
CreateWindowExA
DestroyWindow
GetKeyState
GetSysColor
OffsetRect
DrawFocusRect
GetCapture
SetCapture
SetCaretPos
ReleaseCapture
SetCursor
CreatePopupMenu
AppendMenuA
ClientToScreen
ScreenToClient
UpdateWindow
CreateCaret
GetSysColorBrush
GetClientRect
DestroyCaret
SetFocus
IsClipboardFormatAvailable
SystemParametersInfoA
GetWindowLongA
GetMessagePos
RegisterClipboardFormatA
GetFocus
GetWindowContextHelpId
WinHelpA
PostMessageA
GetParent
SetForegroundWindow
GetMenu
GetDlgItem
UnionRect
MessageBoxA
IntersectRect
InflateRect
GetSystemMetrics
CopyRect
SendMessageA
IsIconic
InSendMessage
LoadCursorA
LoadIconA
wsprintfA
EnableWindow
LoadStringA
RegisterWindowMessageA
IsRectEmpty
EqualRect
GetWindowDC
ReleaseDC
SetWindowLongA
SetRect

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetFileInfoA
ShellAboutA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cchhuzh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

87c025985a5976919c5df2206d3662eb

Headers

DLL Characteristics

File Characteristics

Imports

mfc42

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

shell32

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 38KB - Virtual size: 39KB

cchhuzh Size: - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 38KB - Virtual size: 39KB

cchhuzh
Size: - Virtual size: 4KB