26c40137d44baffaed0feef784b5a6bd

General

Target

26c40137d44baffaed0feef784b5a6bd
Size

14.7MB
MD5

26c40137d44baffaed0feef784b5a6bd
SHA1

cbd0f74afe260641d62a4020e6d3f00d56c14e75
SHA256

5363de7557a8cea70d59831cdeb9f42268f0d8628168c343bcd8f09851d0b6c2
SHA512

12f9c4a04590c72c75796eebcd06e7f8f7c94bd5495c57dee75ab9abbf6d3c8bca8be8edb4d86e2a17cff88116c4449fba491b201cf194859c259f75ae98b4c3
SSDEEP

98304:Bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffn:

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26c40137d44baffaed0feef784b5a6bd

Files

26c40137d44baffaed0feef784b5a6bd
.exe windows:5 windows x86 arch:x86

b3528478d6e70039770a4e007e69930e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

authz

AuthzInitializeContextFromSid
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeResourceManager

advapi32

RegUnLoadKeyW
RegDeleteValueA
IsValidAcl
CryptSignHashA
RegReplaceKeyA
RegCreateKeyExW
RegSaveKeyW
RegRestoreKeyW
RegEnumKeyA
RegLoadKeyW
OpenServiceW
OpenEventLogW
InitializeAcl

kernel32

HeapReAlloc
FileTimeToLocalFileTime
GetSystemDirectoryA
GetACP
FindFirstFileA
GetCurrentThread
GetVersionExA
CreateSemaphoreA
CloseHandle
CreateFileA
LoadLibraryExW
LoadLibraryW
GetModuleHandleA
CreateFileMappingA
GetProcAddress
lstrcmp
DeleteFileW
lstrcmp
GetOEMCP

shell32

DragQueryFileA
SHGetDesktopFolder
SHGetDataFromIDListA
DllUnregisterServer
ShellMessageBoxA
DragAcceptFiles
SHGetDiskFreeSpaceA
SHDefExtractIconA
SHGetFileInfoA
SHCreateShellItem
DuplicateIcon
ShellAboutA
SHFree
ExtractIconW
SHGetMalloc
SHChangeNotify

nddeapi

NDdeShareDelA
NDdeShareGetInfoA
NDdeShareAddA

shlwapi

UrlGetLocationA
UrlIsW
UrlCombineW
UrlCompareA
UrlIsNoHistoryA
UrlUnescapeA
PathCompactPathA
UrlGetPartA
UrlCanonicalizeW
PathCommonPrefixA
UrlEscapeW
PathCombineA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 968B

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.7MB - Virtual size: 75KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3528478d6e70039770a4e007e69930e

Headers

DLL Characteristics

File Characteristics

Imports

authz

advapi32

kernel32

shell32

nddeapi

shlwapi

Sections

.text Size: 17KB - Virtual size: 17KB

.pdata Size: 7KB - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 968B

.rsrc Size: 14.7MB - Virtual size: 75KB

.text
Size: 17KB - Virtual size: 17KB

.pdata
Size: 7KB - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 968B

.rsrc
Size: 14.7MB - Virtual size: 75KB