26d789cebcbe81b39eb8457b415bed4dd158e83949f832255478f69b66da4444

Sharing

Copy URL Twitter E-mail

General

Target

26d789cebcbe81b39eb8457b415bed4dd158e83949f832255478f69b66da4444
Size

4.0MB
MD5

15fa87c56285167f56b5b2a7ac27570b
SHA1

0d8042260a3de7d649c6e85a9ba8b71aafbe0295
SHA256

26d789cebcbe81b39eb8457b415bed4dd158e83949f832255478f69b66da4444
SHA512

3e8d2e6d6fa0054b082efbad702e734c67c387409957f0f3285223da6ae2735d9f3592bfc4df51bfbeb152d0cf1d6ec56d6f2d1ae534c6ebf2894d9525e16cdd
SSDEEP

98304:ICoyZBdXgibADJXKko0ch6DvSmVbl7Po+nR:ICoyxglNXlcKBVbl/R

Score

1^/10

Malware Config

Signatures

Files

26d789cebcbe81b39eb8457b415bed4dd158e83949f832255478f69b66da4444
.exe windows x86

cb8760b86cc5194f98b353ac8fa51c23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
PeekNamedPipe
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
FreeResource
DecodePointer
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateThread
DeleteCriticalSection
GetLastError
RaiseException
FindResourceExW
FindResourceW
WaitForMultipleObjects
LoadResource
InitializeCriticalSectionAndSpinCount
LockResource
GetTickCount
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
GetExitCodeThread
TerminateThread
GetWindowsDirectoryW
GetLogicalDriveStringsW
lstrlenW
lstrcmpiW
FreeLibrary
GetEnvironmentVariableA
CompareFileTime
GetSystemDirectoryW
SleepEx
GetCommandLineW
GetLocalTime
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
VirtualProtect
GetFileAttributesW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SizeofResource
HeapDestroy
CreateFileW
GetModuleFileNameW
FormatMessageW
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetACP
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
GlobalAlloc
VerSetConditionMask
MulDiv
VerifyVersionInfoW
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
LocalFree
GetModuleHandleA
lstrcpynW
lstrcpyW
GlobalFree
LocalAlloc
CreateProcessW
GetVersionExW
FindClose
GetEnvironmentVariableW
GetDriveTypeW
GetTempPathW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileA
SetFileAttributesW
FindFirstFileW
FindNextFileW
MoveFileW
MoveFileExW
ReleaseMutex
CreateMutexW
VirtualQuery
InitializeCriticalSection
DeviceIoControl
GetSystemDirectoryA
SetCurrentDirectoryA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
ResumeThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
ReadConsoleW
GetFileAttributesExW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
LoadLibraryW
ReadFile
GetFileSize
GetProcAddress
CloseHandle
OpenProcess
InterlockedDecrement
InterlockedIncrement

user32

RegisterClassW
SetPropW
GetPropW
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
UnionRect
InflateRect
SetCaretPos
PostMessageW
SetCursor
LoadCursorW
SendMessageW
GetSystemMetrics
GetClientRect
GetWindowRect
GetWindowLongW
FindWindowW
MonitorFromWindow
GetMonitorInfoW
InvalidateRgn
SetWindowTextW
MapVirtualKeyExW
SetRect
CopyRect
OffsetRect
GetKeyNameTextW
MessageBoxW
GetUserObjectInformationW
CreateAcceleratorTableW
CharNextW
IsWindow
ShowWindow
GetGUIThreadInfo
UpdateWindow
DrawTextA
wsprintfA
GetKeyboardLayout
FillRect
DrawTextW
MoveWindow
IsWindowVisible
BringWindowToTop
IsZoomed
SetFocus
SetForegroundWindow
InvalidateRect
ClientToScreen
UnregisterClassW
GetWindowTextLengthW
GetWindowTextW
EqualRect
DefWindowProcW
MonitorFromPoint
LoadImageW
IsWindowEnabled
UnregisterHotKey
RegisterHotKey
ActivateKeyboardLayout
DestroyWindow
EnableWindow
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
DrawIconEx
DestroyIcon
PrivateExtractIconsW
GetCaretPos
ShowCaret
HideCaret
CallWindowProcW
IsChild
IsIconic
CharPrevW
IsRectEmpty
IntersectRect
GetSysColor
SetTimer
KillTimer
SetWindowRgn
ScreenToClient
GetCursorPos
GetUpdateRect
EndPaint
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
GetWindowRgn
UpdateLayeredWindow
wsprintfW
GetProcessWindowStation
GetMessageW
GetWindow
GetParent
MapWindowPoints
SetWindowLongW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetWindowPos
PtInRect
BeginPaint

gdi32

CreateDIBSection
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
CreateCompatibleBitmap
GetTextExtentPoint32W
GetClipBox
GetObjectA
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
GetTextExtentPointA
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateRoundRectRgn
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
SetTextColor
MoveToEx
TextOutW
GdiFlush
PtInRegion
CreatePatternBrush
GetCharABCWidthsW
BitBlt
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
CreateRectRgn
GetBitmapBits
CombineRgn
SetBitmapBits
GetDeviceCaps
CreatePen
CreateFontIndirectW
CreateDIBitmap
LineTo

advapi32

RegSetValueExW
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ord51
DragQueryFileW
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemFree
ReleaseStgMedium
CoInitializeEx
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathRemoveFileSpecW
SHDeleteKeyW
PathIsDirectoryW
ord219
PathCombineW
PathFileExistsW

gdiplus

GdipLoadImageFromStreamICM
GdipCreateSolidFill
GdipDisposeImage
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipLoadImageFromStream
GdipSetPenMode
GdipCloneImage
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipAddPathLine
ord1
GdipCloneBrush
GdipMeasureString
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteBrush
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipAddPathEllipseI
GdipCreatePen1

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

psapi

EnumProcesses
GetProcessImageFileNameW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

urlmon

URLDownloadToFileW
ObtainUserAgentString

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

ws2_32

getnameinfo
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
gethostbyname
gethostname
WSAStartup
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
shutdown
htons
getsockopt
getsockname
getpeername
ntohs
connect
bind
WSAGetLastError
closesocket
recv
send

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext

wldap32

ord145
ord219
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb8760b86cc5194f98b353ac8fa51c23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

imm32

psapi

version

urlmon

comctl32

ws2_32

crypt32

wldap32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 590KB - Virtual size: 590KB

.data Size: 53KB - Virtual size: 81KB

.rsrc Size: 7.8MB - Virtual size: 7.8MB

.reloc Size: 118KB - Virtual size: 117KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 590KB - Virtual size: 590KB

.data
Size: 53KB - Virtual size: 81KB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 118KB - Virtual size: 117KB