26e413f59afb8860a3ebd41eec68d74f6724ac4b13a0325df3c460b9776cb643

Sharing

Copy URL

Twitter E-mail

General

Target

26e413f59afb8860a3ebd41eec68d74f6724ac4b13a0325df3c460b9776cb643
Size

495KB
MD5

30a995d0b5ebbaf54c8a5067affed0ae
SHA1

c9ab3fcf8bf6a952dba920345fcbe471e1db191b
SHA256

26e413f59afb8860a3ebd41eec68d74f6724ac4b13a0325df3c460b9776cb643
SHA512

6f7695e7533c8a7a3c0ef05958638f4acbb87486cca806e36b37411b4d805637aa4c2db4f6894c607b2e0aa5b12f094beed1bb718820a2e51aca3779c392d9c3
SSDEEP

6144:OKKxWHKr8Ip+dP7+/e2UKIFA8QDmxfFROYKG+fgpFzysdOl49T24Qf6a6yut1qQ2:OKNHg8vSW28U8fFR77+bWna6wFh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e413f59afb8860a3ebd41eec68d74f6724ac4b13a0325df3c460b9776cb643

Files

26e413f59afb8860a3ebd41eec68d74f6724ac4b13a0325df3c460b9776cb643
.exe windows:6 windows x86 arch:x86

4946b596cd39451bf0cdbc7979b9cf60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
TlsSetValue
VirtualProtect
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
FormatMessageW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
CancelIoEx
QueueUserAPC
GetProcAddress
LocalFree
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
FormatMessageA
CreateIoCompletionPort
VirtualQuery
GetCurrentProcess
K32GetModuleBaseNameA
CreateThread
InitOnceBeginInitialize
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
InitOnceComplete

msvcp140

?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPAX@Z
_Thrd_yield
_Cnd_init_in_situ
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?classic@locale@std@@SAABV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
_Cnd_wait
_Thrd_id
_Query_perf_counter
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?exceptions@ios_base@std@@QAEXH@Z
?fail@ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?toupper@?$ctype@D@std@@QBEDD@Z
??Bid@locale@std@@QAEIXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Thrd_hardware_concurrency
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Syserror_map@std@@YAPBDH@Z

ws2_32

bind
closesocket
WSASend
ntohl
WSACleanup
WSAStartup
listen
getpeername
WSASetLastError
WSAStringToAddressW
WSASocketW
ntohs
WSAGetLastError
setsockopt
ioctlsocket
WSAAddressToStringW
htons
htonl
getsockopt
WSARecv

mswsock

AcceptEx
GetAcceptExSockaddrs

vcruntime140

memset
__current_exception
_except_handler4_common
memmove
memcpy
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_type_info_compare
_purecall
__std_terminate
memchr

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
abort
_controlfp_s
_beginthreadex
_initialize_narrow_environment
terminate
_errno
_invalid_parameter_noinfo_noreturn
signal
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_set_fmode
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__p__commode

api-ms-win-crt-time-l1-1-0

_gmtime64_s
strftime
_gmtime64
_time64

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull

api-ms-win-crt-string-l1-1-0

strncpy
strcspn

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4946b596cd39451bf0cdbc7979b9cf60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

ws2_32

mswsock

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 256KB - Virtual size: 257KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 256KB - Virtual size: 257KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 13KB - Virtual size: 13KB