26f9eba9f9bcb9d328eb04d2f4decfa5

Sharing

Copy URL Twitter E-mail

General

Target

26f9eba9f9bcb9d328eb04d2f4decfa5
Size

1.5MB
MD5

26f9eba9f9bcb9d328eb04d2f4decfa5
SHA1

fb6d3ad7e81cb7d8009df52436e1577255be15c3
SHA256

e3dafc116e9423ff94f12f6db530a5e82ab1f9942a825028db78b545807643cb
SHA512

7da2c35876a0e777b27c3d9948a38ad4155858f9b430d71b8f023d562dbf13e42ecfb560b7ef8d0e5ab4035a93954ee88ab1f0f1174ceddcafd00c18d4b308bd
SSDEEP

24576:vjW3R2LS7K2ZTovfKSidj0qQx4Bj05fRUH5s0EmuGGjBoB2mTdQ5:vjWB2LV2ZTpSidgvvRE5LuGGjBo4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26f9eba9f9bcb9d328eb04d2f4decfa5

Files

26f9eba9f9bcb9d328eb04d2f4decfa5
.exe windows:6 windows x86 arch:x86

2b89fcb3bd093d9b0a59090fedb4556e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
EventWrite
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
IsValidSid
CopySid
AddAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
EqualSid
GetNamedSecurityInfoW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegGetValueW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
LsaClose
LsaFreeMemory
LsaLookupNames2
LsaOpenPolicy
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
ConvertSidToStringSidW
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
TraceEvent
LookupAccountSidW
ChangeServiceConfigW
StartServiceW
SetSecurityInfo
GetAce
GetSecurityInfo
SetSecurityDescriptorControl
LookupAccountNameW

kernel32

InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
GetModuleFileNameW
LocalFree
IsWow64Process
GetCurrentProcess
lstrcmpW
ResetEvent
SetProcessWorkingSetSize
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
InterlockedExchangeAdd
CompareStringOrdinal
MultiByteToWideChar
WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
CreateEventW
GetFileAttributesW
RemoveDirectoryW
UnregisterWaitEx
DeleteFileW
CopyFileW
RegisterWaitForSingleObject
FindNextFileW
FindFirstFileW
QueueUserWorkItem
FormatMessageW
lstrcmpiW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
GetDynamicTimeZoneInformation
GetComputerNameW
WideCharToMultiByte
lstrlenA
LocalAlloc
HeapFree
GetProcessHeap
GetProductInfo
GetVersionExW
GetTempPathW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
LoadLibraryExA
PowerCreateRequest
InterlockedCompareExchange64
SetLastError
GetTickCount64
PowerClearRequest
PowerSetRequest
WaitForSingleObject
Sleep
GetTickCount
GetLastError
InterlockedCompareExchange
HeapSetInformation
CompareStringW
OpenEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
lstrlenW
ExitProcess
GetCommandLineW
GetStartupInfoW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetModuleHandleA
LoadLibraryA
OpenMutexW
CreateMutexW
ReleaseMutex
GetFileAttributesExW
CompareFileTime
FreeLibraryAndExitThread
DuplicateHandle
LoadLibraryExW
FreeResource
GetFileSize
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
FileTimeToDosDateTime
FindClose
GetTempFileNameW
GlobalFree
ExpandEnvironmentStringsW
VirtualFree
OpenFileMappingW
VirtualAlloc
GetCurrentThread
SetFileAttributesW
CreateDirectoryW
GetFileSizeEx
SetFilePointerEx
ReadFile
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFullPathNameW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
RegEnumValueW
RegQueryInfoKeyW
RegGetKeySecurity
GetModuleHandleW
LoadLibraryW
OutputDebugStringA
SetUnhandledExceptionFilter
GetVersionExA

msvcrt

_CIsqrt
_ftol2_sse
_CIpow
_cexit
_initterm
strncpy_s
??1type_info@@UAE@XZ
realloc
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_time64
wcschr
strncmp
_ultoa_s
_strlwr_s
strcpy_s
_wtol
_wcsicmp
floor
ceil
swscanf
wcstol
_wcsnicmp
wcsncmp
_wcslwr_s
_wcstoui64
_errno
wcstoul
iswdigit
towupper
memcpy
qsort_s
_CxxThrowException
_ftol2
calloc
bsearch
memset
malloc
_purecall
free
wcscpy_s
_wputenv
__CxxFrameHandler3
memmove_s
memcpy_s
strchr
_vsnwprintf
_vsnprintf
wcsrchr
wcsstr
memmove
wcstok_s
__set_app_type

user32

wvsprintfA
CharLowerBuffW
CharUpperBuffW
PeekMessageW
DispatchMessageW
CharNextA
TranslateMessage
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
RegisterPowerSettingNotification
CharUpperW
wvsprintfW
UnregisterPowerSettingNotification
UnregisterClassA

oleaut32

VarBstrCmp
VariantChangeTypeEx
SafeArrayGetElement
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
CreateErrorInfo
SetErrorInfo
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
PropVariantClear
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoUnmarshalInterface
IIDFromString
CoTaskMemAlloc
PropVariantCopy
StringFromGUID2
CoCreateGuid
CoCreateInstance

wsock32

htons
WSAGetLastError
ntohs

iphlpapi

GetAdaptersAddresses
GetIpForwardTable
NotifyAddrChange
GetBestInterfaceEx
GetIpNetEntry2
SendARP
ResolveIpNetEntry2
CancelIPChangeNotify
GetIpAddrTable

shlwapi

PathFileExistsW
StrCmpNW
PathFindFileNameW
StrStrIW
PathAppendW
ord437
HashData

ntdll

NtQuerySystemTime
RtlFreeHeap
RtlAllocateHeap
RtlIpv4StringToAddressExW
RtlInitUnicodeString
RtlInitString
NtAllocateLocallyUniqueId
RtlFreeUnicodeString
RtlNtStatusToDosError

userenv

RegisterGPNotification
UnregisterGPNotification

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

Sections

.text
Size: 943KB - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 460KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b89fcb3bd093d9b0a59090fedb4556e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

iphlpapi

shlwapi

ntdll

userenv

wtsapi32

Sections

.text Size: 943KB - Virtual size: 943KB

.data Size: 11KB - Virtual size: 22KB

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 460KB - Virtual size: 1.0MB

.text
Size: 943KB - Virtual size: 943KB

.data
Size: 11KB - Virtual size: 22KB

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 460KB - Virtual size: 1.0MB