26892cda1d727475be9b7d35be5839f7

Sharing

Copy URL Twitter E-mail

General

Target

26892cda1d727475be9b7d35be5839f7
Size

425KB
MD5

26892cda1d727475be9b7d35be5839f7
SHA1

69bb73648980c50c2a53f7644b06ddc4c71edb1c
SHA256

1387c456a321c09280761d72d472afa35b543cb553f70ec55b079a1c2c3d0bb8
SHA512

c8a2ee2c02b425aafe04e73418111902a6f0bae7be0e7995f96377350ad6db280a46447e6b92c9653084ff0651060278e360dc6922844584441240ba70e1170a
SSDEEP

12288:raocifZ4L3NmjHLqtWpbd6cZi30vaBcv9:NpfcyLqodd6cwZ+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26892cda1d727475be9b7d35be5839f7

Files

26892cda1d727475be9b7d35be5839f7
.exe windows:4 windows x86 arch:x86

cc1d8392eca1dca2aee4a2da58660496

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpGetFileA
InternetDialW
HttpQueryInfoW

advapi32

LookupPrivilegeValueA
RegEnumKeyExA
CryptSetProviderA
RegCreateKeyA

kernel32

TlsAlloc
GetCurrentThread
CreateDirectoryW
GetModuleHandleA
GetOEMCP
LockResource
GetModuleFileNameA
GetStdHandle
MultiByteToWideChar
RtlUnwind
GetEnvironmentStringsW
UnhandledExceptionFilter
SetConsoleCP
EnumSystemLocalesA
lstrcpyW
TerminateProcess
HeapFree
QueryPerformanceCounter
GetSystemDefaultLangID
GetPrivateProfileStructW
GetProcAddress
SetConsoleOutputCP
RemoveDirectoryA
UnlockFile
GetStartupInfoW
CreateMutexA
GetTickCount
InterlockedExchangeAdd
VirtualQuery
ExitProcess
GetStartupInfoA
GetDateFormatA
LCMapStringA
GetSystemTimeAsFileTime
lstrcpynA
SetUnhandledExceptionFilter
FreeLibrary
GetTimeFormatA
GetProcessHeap
SetEnvironmentVariableA
InterlockedIncrement
FreeEnvironmentStringsW
GetStringTypeA
InterlockedExchange
IsValidCodePage
SetLastError
SetComputerNameW
LoadLibraryA
GetUserDefaultLCID
GetSystemTimeAdjustment
TlsGetValue
GetEnvironmentVariableW
InterlockedDecrement
GetLastError
EnterCriticalSection
EnumResourceLanguagesW
GetLocaleInfoA
DeleteCriticalSection
GetStringTypeW
GetCPInfo
RtlZeroMemory
HeapCreate
HeapDestroy
HeapReAlloc
GetCommandLineA
FreeEnvironmentStringsA
WriteFile
Sleep
LoadLibraryExW
FileTimeToLocalFileTime
WideCharToMultiByte
CompareStringA
SetConsoleCtrlHandler
GetFileType
GetACP
VirtualFree
GetTimeZoneInformation
CompareStringW
HeapSize
LCMapStringW
ReleaseMutex
GetCurrentProcessId
GetCurrentProcess
GetStringTypeExA
TlsFree
IsDebuggerPresent
GetCurrentThreadId
GetEnvironmentStrings
GetLocaleInfoW
GetCommandLineW
InitializeCriticalSection
TlsSetValue
HeapAlloc
FormatMessageA
GlobalAddAtomA
SetHandleCount
ReadConsoleW
IsValidLocale
VirtualAlloc
GetVersionExA
LeaveCriticalSection
GetModuleFileNameW

comdlg32

FindTextA
PrintDlgA
PageSetupDlgW
PrintDlgW

gdi32

ColorCorrectPalette
GetStockObject
StretchBlt
CreatePolyPolygonRgn
FixBrushOrgEx
GetEnhMetaFileW
GetKerningPairs
GetColorAdjustment

shell32

DragAcceptFiles
SHInvokePrinterCommandW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc1d8392eca1dca2aee4a2da58660496

Headers

File Characteristics

Imports

wininet

advapi32

kernel32

comdlg32

gdi32

shell32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 9KB - Virtual size: 38KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 9KB - Virtual size: 38KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 3KB - Virtual size: 2KB