026239b441a3addfa85051ae8cc0c577

Sharing

Copy URL Twitter E-mail

General

Target

026239b441a3addfa85051ae8cc0c577
Size

410KB
MD5

026239b441a3addfa85051ae8cc0c577
SHA1

1125c23fd741971c2b0bc84de113dac3a6edff80
SHA256

13413d859347813610bb8ace24babbf0627ce69c84c385576bf537b2385a05b0
SHA512

91e4c1e15a6184b683d3af5d39fb8c82ce360291fee4fa500f7049bde00368bd2799555b6a9c66a1740655f7f2ba7c7c6427b5ecbb853a779df5a5495ae66f4c
SSDEEP

6144:IglC5T/IQBhn+a63lU9ysbzTJW5nojRk7qEaNWBzWXsPQymXMdGnGo9a9T33EbSE:IglC5LbTYlYfk7T7JWXMCOQSbU27Jk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
026239b441a3addfa85051ae8cc0c577

Files

026239b441a3addfa85051ae8cc0c577
.exe windows:4 windows x86 arch:x86

bcb8eb0243c8d3263c0d9315edf019f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wvsprintfA
OffsetRect
InvertRect
SendNotifyMessageW
IsWindowVisible
ChangeClipboardChain
DdeQueryConvInfo
DdeImpersonateClient
DlgDirListA
GetWindowTextLengthW
ExcludeUpdateRgn
DrawFocusRect
ExitWindowsEx
DlgDirListW

gdi32

SetMapperFlags
CreateDCW
Arc
GetCharWidthFloatW
FlattenPath
ExtFloodFill
SetTextAlign
CancelDC

kernel32

HeapReAlloc
GetStartupInfoA
SetHandleCount
WriteFile
GetProcAddress
GetVersionExA
GetCommandLineW
GetCurrentProcess
GetEnvironmentVariableA
GetSystemTimeAsFileTime
GetModuleHandleA
GetTickCount
InitializeCriticalSection
GetFileType
CreateRemoteThread
InterlockedExchange
ReadConsoleOutputAttribute
TlsGetValue
TerminateProcess
GetModuleFileNameW
GetStartupInfoW
TlsAlloc
HeapDestroy
HeapCreate
TlsSetValue
GetCurrentThread
GetEnvironmentStringsW
GetVersion
HeapAlloc
GetEnvironmentStrings
SetLastError
GetStdHandle
VirtualAlloc
DeleteCriticalSection
RtlUnwind
Sleep
MultiByteToWideChar
GetCurrentThreadId
GetLastError
TlsFree
VirtualQuery
FindAtomW
GetFileAttributesW
EnterCriticalSection
HeapFree
OpenSemaphoreA
IsBadWritePtr
VirtualFree
GetModuleFileNameA
LoadLibraryA
GetCommandLineA
ExitProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetConsoleCursorPosition
LeaveCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetTimeFormatA
LocalShrink
FreeEnvironmentStringsA

comdlg32

ChooseFontW
GetFileTitleW

wininet

GetUrlCacheGroupAttributeA
InternetQueryOptionW
FtpSetCurrentDirectoryW
InternetQueryOptionA
RunOnceUrlCache
GopherOpenFileA

advapi32

LookupAccountNameW
AbortSystemShutdownA
InitiateSystemShutdownW
CryptSetProviderA

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcb8eb0243c8d3263c0d9315edf019f4

Headers

File Characteristics

Imports

user32

gdi32

kernel32

comdlg32

wininet

advapi32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 4KB - Virtual size: 21KB

.data Size: 276KB - Virtual size: 276KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 4KB - Virtual size: 21KB

.data
Size: 276KB - Virtual size: 276KB

.rsrc
Size: 5KB - Virtual size: 5KB