26c70d030450ad897aeefbd9027ef18a

Sharing

Copy URL Twitter E-mail

General

Target

26c70d030450ad897aeefbd9027ef18a
Size

163KB
MD5

26c70d030450ad897aeefbd9027ef18a
SHA1

099ec2a5535bab6b3a4e661cad73c897def74d8b
SHA256

3a3b98639b7d9d5d548d8940f2e75f70e4e3f038a36d41f1ccc652503952e933
SHA512

e977f374ac0a4c928cf537265e57c75b583901861a9e76b96a8b12ac7c49cf9ea4abf2dd621e1e759897145f8f8645cf6abf14e12e26d92815a170275b648ed7
SSDEEP

3072:/kxG1c7m09fPmNLKG2j3dc8PCWkhsPganGVKrNH1HezTHN+q0:/kP7D9fCLnCrCfsPgsbNH1mt+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26c70d030450ad897aeefbd9027ef18a

Files

26c70d030450ad897aeefbd9027ef18a
.exe windows:5 windows x86 arch:x86

c744a44d7e128acbe3fd4b38880b67b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

ZonesReInit
URLOpenStreamW
URLDownloadToCacheFileA
CoInternetCombineUrl
MkParseDisplayNameEx
GetSoftwareUpdateInfo
GetComponentIDFromCLSSPEC
FindMediaTypeClass
UrlMkBuildVersion
DllInstall
HlinkNavigateString
CreateAsyncBindCtxEx
PrivateCoInstall
IsAsyncMoniker
URLDownloadToCacheFileW
CopyStgMedium
URLDownloadW
DllRegisterServerEx
URLDownloadA
SetSoftwareUpdateAdvertisementState
RevokeFormatEnumerator
FindMimeFromData
RegisterMediaTypeClass
HlinkSimpleNavigateToString
CoGetClassObjectFromURL
URLDownloadToFileA
HlinkSimpleNavigateToMoniker
FaultInIEFeature
CoInternetGetProtocolFlags
ObtainUserAgentString
HlinkNavigateMoniker
IsLoggingEnabledW
CoInternetParseUrl
CDLGetLongPathNameW
CompareSecurityIds
CoInternetGetSecurityUrl
GetClassURL
IsLoggingEnabledA
CreateURLMoniker
UrlMkSetSessionOption

dbghelp

srcfiles
SymUnloadModule
FindExecutableImage
SymMatchFileName
SymFromAddr
SymGetModuleInfoW
SymFindFileInPath
DbgHelpCreateUserDump
SymGetSymFromAddr64
FindFileInPath
lmi
SymGetModuleInfo64
SymEnumerateSymbols64
SearchTreeForFile
SymGetSymPrev
SymEnumerateSymbols
SymGetSymFromName
SymGetLineFromName64
SymGetModuleBase64
ImagehlpApiVersionEx
dh
ImageDirectoryEntryToDataEx
SymEnumSymbols
StackWalk64
sym
SymEnumerateSymbolsW
SymGetTypeInfo
SymGetSymNext64
SymGetSymPrev64
DbgHelpCreateUserDumpW
SymLoadModule

catsrvut

??0CComPlusInterface@@QAE@ABV0@@Z
RegDBBackup
SysprepComplus
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
DllUnregisterServer
??4CComPlusObject@@QAEAAV0@ABV0@@Z
COMPlusUninstallActionW
??1CComPlusComponent@@UAE@XZ
WinlogonHandlePendingInfOperations
??0CComPlusComponent@@QAE@ABV0@@Z
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
??_7CComPlusComponent@@6B@
??0CComPlusObject@@QAE@ABV0@@Z
??_7CComPlusObject@@6B@
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
DllRegisterServer
StartMTSTOCOM
RunMTSToCom
??_7CComPlusMethod@@6B@
FindAssemblyModulesW
RegDBRestore
ManagedRequestW
??0CComPlusMethod@@QAE@ABV0@@Z
CGMIsAdministrator
??_7CComPlusInterface@@6B@
DllCanUnloadNow
QueryUserDllW
??1CComPlusInterface@@UAE@XZ
SysprepComplus2
DllGetClassObject
??4CComPlusComponent@@QAEAAV0@ABV0@@Z

authz

AuthziInitializeAuditQueue
AuthzAddSidsToContext
AuthziInitializeAuditEvent
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthzInitializeResourceManager
AuthziFreeAuditQueue
AuthzInitializeContextFromSid
AuthzFreeAuditEvent
AuthziInitializeAuditParamsFromArray
AuthzOpenObjectAudit
AuthzFreeHandle
AuthziModifyAuditEvent
AuthziInitializeAuditParams
AuthziModifyAuditQueue
AuthzInitializeObjectAccessAuditEvent
AuthziInitializeAuditParamsWithRM
AuthziLogAuditEvent
AuthzGetInformationFromContext
AuthziModifyAuditEventType
AuthzAccessCheck
AuthzFreeResourceManager
AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromToken
AuthzCachedAccessCheck
AuthzFreeContext
AuthziInitializeAuditEventType
AuthziAllocateAuditParams

msvcirt

?in_avail@streambuf@@QBEHXZ
??4istream_withassign@@QAEAAV0@ABV0@@Z
?attach@filebuf@@QAEPAV1@H@Z
?clrlock@ios@@QAAXXZ
??_Difstream@@QAEXXZ
??4istream@@IAEAAV0@ABV0@@Z
?x_maxbit@ios@@0JA
??0istream_withassign@@QAE@PAVstreambuf@@@Z
??_Eostream_withassign@@UAEPAXI@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
?eof@ios@@QBEHXZ
??0filebuf@@QAE@HPADH@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??0istream_withassign@@QAE@ABV0@@Z
?doallocate@streambuf@@MAEHXZ
??0istream_withassign@@QAE@XZ
?pbump@streambuf@@IAEXH@Z
?fill@ios@@QAEDD@Z
?stossc@streambuf@@QAEXXZ
??1ostrstream@@UAE@XZ
??0Iostream_init@@QAE@AAVios@@H@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?close@ifstream@@QAEXXZ
??0istream@@QAE@PAVstreambuf@@@Z
??_8ostream_withassign@@7B@
??_Eios@@UAEPAXI@Z
??5istream@@QAEAAV0@AAI@Z
?fd@filebuf@@QBEHXZ
??0Iostream_init@@QAE@XZ
??5istream@@QAEAAV0@AAF@Z
??_7logic_error@@6B@
?gptr@streambuf@@IBEPADXZ
??5istream@@QAEAAV0@PAC@Z
??1stdiostream@@UAE@XZ

kernel32

WriteProfileSectionA
EnumResourceNamesW
TzSpecificLocalTimeToSystemTime
GetNumberOfConsoleMouseButtons
GetACP
OpenSemaphoreA
SetThreadPriorityBoost
GetSystemWow64DirectoryW
SetUnhandledExceptionFilter
BuildCommDCBW
GetPrivateProfileStructW
QueryPerformanceCounter
ReleaseSemaphore
IsBadHugeReadPtr
GetTickCount
UnregisterWaitEx
Sleep
GetConsoleCP
FillConsoleOutputCharacterA
Thread32Next
GlobalReAlloc
lstrcmp
GetBinaryType
EnumSystemCodePagesA
AddVectoredExceptionHandler
VirtualAlloc
MultiByteToWideChar
Thread32First
LoadLibraryA
AttachConsole
GetSystemTimeAsFileTime
QueryDosDeviceA
GetEnvironmentStrings
QueryDepthSList
GetProcessAffinityMask
EnumerateLocalComputerNamesA
GetNamedPipeHandleStateA
FreeLibraryAndExitThread
SetConsoleScreenBufferSize
VerSetConditionMask
EnumSystemGeoID
GetOEMCP
SetEnvironmentVariableA

user32

GetWindowContextHelpId
LookupIconIdFromDirectory
GetCaretPos
RealGetWindowClassW
CallMsgFilterA
CloseWindowStation
RegisterClassExA
DlgDirSelectExW
SetScrollRange
IsDlgButtonChecked
BeginPaint
LoadImageA
GetMenuItemInfoW
CreateIconIndirect
BuildReasonArray
SetProcessDefaultLayout
DisableProcessWindowsGhosting
GetScrollRange
GetWindowTextLengthA
SendMessageTimeoutW
GetQueueStatus
CopyImage
PtInRect
ShowCursor
DlgDirSelectComboBoxExA
CheckRadioButton
CopyIcon
MessageBoxTimeoutA
GetMenuStringW
UnregisterHotKey
PrivateExtractIconsW
MonitorFromWindow
SetWindowWord

wshrm

WSHGetWildcardSockaddr
WSHGetSockaddrType
WSHGetWinsockMapping
WSHGetBroadcastSockaddr
WSHJoinLeaf
WSHGetWSAProtocolInfo
WSHStringToAddress
WSHAddressToString
WSHOpenSocket2
WSHNotify
WSHGetProviderGuid
WSHGetSocketInformation
WSHEnumProtocols
WSHSetSocketInformation
WSHIoctl
WSHOpenSocket

perfctrs

OpenIPXPerformanceData
CloseNbfPerformanceData
OpenDhcpPerformanceData
CollectNbfPerformanceData
CloseNWNBPerformanceData
CloseIPXPerformanceData
OpenNbfPerformanceData
CollectSPXPerformanceData
CloseDhcpPerformanceData
CollectTcpIpPerformanceData
CloseTcpIpPerformanceData
OpenNWNBPerformanceData
CollectIPXPerformanceData
OpenTcpIpPerformanceData
CloseSPXPerformanceData
OpenSPXPerformanceData
CollectDhcpPerformanceData
CollectNWNBPerformanceData

msvcrt40

??0strstreambuf@@QAE@XZ
rand
puts
_timezone
vprintf
_ismbbkpunct
_wsearchenv
??0filebuf@@QAE@HPADH@Z
memmove
?epptr@streambuf@@IBEPADXZ
?snextc@streambuf@@QAEHXZ
fseek
??_Eiostream@@UAEPAXI@Z
putc
?pbump@streambuf@@IAEXH@Z
_exit
ungetwc
_endthreadex
longjmp
strftime
_ismbcpunct
_getdiskfree
__p__dstbias
_splitpath
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_mbsrchr
??1Iostream_init@@QAE@XZ
??0ostream@@QAE@PAVstreambuf@@@Z

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c744a44d7e128acbe3fd4b38880b67b4

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

dbghelp

catsrvut

authz

msvcirt

kernel32

user32

wshrm

perfctrs

msvcrt40

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 102KB - Virtual size: 251KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 102KB - Virtual size: 251KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 336B