26d203139c0b96891a5a0a0fdc6f3098

Sharing

Copy URL Twitter E-mail

General

Target

26d203139c0b96891a5a0a0fdc6f3098
Size

112KB
MD5

26d203139c0b96891a5a0a0fdc6f3098
SHA1

39c713dcd12a3e5aa34c8e61a85f219fc74f34a3
SHA256

6bd9c9d352eb58ce7e792232b7769c14aa022bb057ee88e0ea48dfab1d1711dd
SHA512

b35f1909f389beb24c0651d92265657e874151ac061e895685680763c0e823fcfcaf30353e058dd063de6ffdefa12a348843b0bc7014d3a2cd476e5fa03fb18a
SSDEEP

3072:gIrOfKsz39XXqxiGsPDtdyoufjGoNQgYPSA:zST9XXztooubGoiPT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d203139c0b96891a5a0a0fdc6f3098

Files

26d203139c0b96891a5a0a0fdc6f3098
.exe windows:5 windows x86 arch:x86

85bbbd47df4467d6355f4f2d6a46211c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerSetConditionMask
QueueUserAPC
GetConsoleAliasExesLengthW
ContinueDebugEvent
SetConsoleMenuClose
GetSystemDefaultLCID
GetUserDefaultLangID
GetPrivateProfileSectionW
GetProfileSectionA
LoadLibraryA
GetCPInfoExW
DeleteFileA
VirtualAllocEx
RemoveDirectoryA
VerifyConsoleIoHandle
GetModuleHandleA
FindAtomW
SetFileAttributesW
VirtualAlloc
MapUserPhysicalPagesScatter
ReadFileEx

user32

FlashWindowEx
SetWindowRgn
DestroyWindow
TranslateMessageEx
DdeUnaccessData
DdeImpersonateClient
InternalGetWindowText
PostMessageW
DdeSetUserHandle
GetMenuBarInfo
DrawTextA
CreateWindowStationW
GetProcessWindowStation
CharToOemW
UnregisterUserApiHook
DdeCreateStringHandleA
ValidateRect
SoftModalMessageBox
UpdateLayeredWindow

ntdll

RtlDeleteElementGenericTable
RtlSetBits
RtlSetAttributesSecurityDescriptor
NtAccessCheckByTypeResultList
RtlAddAccessDeniedAce
RtlWriteRegistryValue
NtLockVirtualMemory
ZwDeleteBootEntry
ZwUnloadKeyEx
RtlQueueWorkItem
RtlCreateAndSetSD
NtInitiatePowerAction
ZwWriteRequestData
_stricmp
RtlSetSecurityObject
NtCreateJobSet
NtQueryMutant
RtlAddCompoundAce
NtRestoreKey
ZwSetLowEventPair

perfproc

CloseSysProcessObject
OpenSysProcessObject
CollectSysProcessObjectData

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85bbbd47df4467d6355f4f2d6a46211c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

perfproc

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 58KB - Virtual size: 186KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 388B

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 58KB - Virtual size: 186KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 388B