26f146435b99dcd766cb3e2aa6a7169e

Sharing

Copy URL Twitter E-mail

General

Target

26f146435b99dcd766cb3e2aa6a7169e
Size

132KB
MD5

26f146435b99dcd766cb3e2aa6a7169e
SHA1

b1e25220f7ce9915e3fc913433789a2f0071fbd9
SHA256

cabffd4dab62cddf13191264e026518c0e23f716009355efe84f417c4d9e72fa
SHA512

3f8c171c1a9844a760b2412a90352f5e91efd9c6ce1e23a31f80bbe56788074dcbd1b6fec9728394941c9f1651395e70efa733578dc63415559bbcbb39179035
SSDEEP

3072:KcdRut9J3276hkzrDiRi8pHP13MFPTFtvt34cMGXzGsSJr+0LUrfLDD6:Kc7CfM6mDiA8D0x4gjGsSJvobLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26f146435b99dcd766cb3e2aa6a7169e

Files

26f146435b99dcd766cb3e2aa6a7169e
.exe windows:4 windows x86 arch:x86

db7b8e0b3b5376e8ae4eb31b1f56ff69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendNotifyMessageA

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetFileSize
CloseHandle
CreateFileA
Sleep
GetTempPathA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
RaiseException
lstrlenA
ExitThread
CreateThread
GetLastError
CreateMutexA
GetCurrentThreadId
ExitProcess
lstrcmpiA
_lclose
_lwrite
_llseek
_lopen
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteFileA
EnterCriticalSection
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
LeaveCriticalSection
HeapFree
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
WriteFile
GetFileType
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
ReadFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
SetStdHandle
SetFilePointer
SetEndOfFile

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegEnumValueA

shell32

SHGetSpecialFolderPathA

ws2_32

ioctlsocket
WSAStartup
gethostbyname
connect
recv
htons
getsockname
socket
setsockopt
WSAGetLastError
bind
listen
closesocket
send
__WSAFDIsSet
select
accept
inet_addr

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

db7b8e0b3b5376e8ae4eb31b1f56ff69

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ws2_32

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 2.6MB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 2.6MB