26cb2626a3bfeda0f3a0c2e9847de134

Sharing

Copy URL Twitter E-mail

General

Target

26cb2626a3bfeda0f3a0c2e9847de134
Size

40KB
MD5

26cb2626a3bfeda0f3a0c2e9847de134
SHA1

c4a618d04150b4283643377028020990b53aaeb6
SHA256

7b864ce1325de6b2ab235679dc409e8bfd898e63374dd6e1130259347af919b7
SHA512

d412f0ec9e461e8da5ec365b041fecb236384386147b585a55a05c6d75d7a76c408a1ed249df0ecae7d86fffca7aa0a21120c19ed3e8d7e90bb05e5347792c18
SSDEEP

768:LeDwBKtjm0t7ToOQthUclwUzs3OgDRVhFzTC:qDwgt60t7EZtVljzs3OgXC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cb2626a3bfeda0f3a0c2e9847de134

Files

26cb2626a3bfeda0f3a0c2e9847de134
.exe windows:4 windows x86 arch:x86

0b863eb12ccb09c29aacd6a5e78b2304

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

kernel32

lstrcmpA
lstrcmpiA
lstrcpyA
lstrcatA
lstrlenA
lstrlenW
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
SetFilePointer
RtlMoveMemory
RemoveDirectoryA
CloseHandle
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MoveFileA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CompareStringA
lstrcpynA

user32

wsprintfA
GetDC
ReleaseDC

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SysAllocString
SysFreeString

advapi32

GetUserNameA
RegCreateKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shlwapi

StrStrIA
StrRChrA
StrCmpNA
StrChrA

shell32

ShellExecuteA

wsock32

getsockname
gethostname
gethostbyname
connect
closesocket
bind
accept
htons
WSAStartup
inet_addr
listen
socket
send
recv

ws2_32

WSAIoctl

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

gdi32

GetDeviceCaps

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b863eb12ccb09c29aacd6a5e78b2304

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

ws2_32

rasapi32

gdi32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 174KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 174KB

.rsrc
Size: 10KB - Virtual size: 9KB