2C26D5907D186E2D9723D73D20785303A972D07B

Sharing

Copy URL

Twitter E-mail

General

Target

2C26D5907D186E2D9723D73D20785303A972D07B
Size

4.2MB
MD5

6dfa982b5a0edb0bbd51ba16c46d9f3c
SHA1

2c26d5907d186e2d9723d73d20785303a972d07b
SHA256

a8eabecac5183dd92d96c18f8b08b41e60c301261e378238f88f260ec5943264
SHA512

35193c3854e2a7cc538f31c855a4993af5cefd36cb241abfe78f72652ffdaa41283e8213921ed7dd092e3291cd18bdf22f8b3e813e4a3f8892b022ae86427c52
SSDEEP

98304:Qs+dQDUqSOP5klcgyruZII0uxO3j2LHGhq:Fk0uxOT2LHMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2C26D5907D186E2D9723D73D20785303A972D07B

Files

2C26D5907D186E2D9723D73D20785303A972D07B
.exe windows:6 windows x64 arch:x64

c8f621da1e95f4b181a292c370aaba77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptUnprotectData

ws2_32

ioctlsocket
shutdown
socket
setsockopt
connect
closesocket
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt

kernel32

GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
CompareStringW
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
GetModuleHandleW
RtlVirtualUnwind
GetEnvironmentVariableW
VirtualFree
GetACP
GetSystemDirectoryA
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetFileSizeEx
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
UnmapViewOfFile
LoadLibraryExW
RtlUnwindEx
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFileInformationByHandle
SetFilePointerEx
DeviceIoControl
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwind

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CryptDecrypt
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
GetUserNameA
CryptExportKey
CryptGetUserKey
CryptGetProvParam

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 923KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8f621da1e95f4b181a292c370aaba77

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

kernel32

user32

advapi32

bcrypt

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 923KB - Virtual size: 923KB

.data Size: 31KB - Virtual size: 47KB

.pdata Size: 144KB - Virtual size: 144KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 923KB - Virtual size: 923KB

.data
Size: 31KB - Virtual size: 47KB

.pdata
Size: 144KB - Virtual size: 144KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 41KB - Virtual size: 40KB