26d9ca61dd11b9d0095eb56c93d02864

Sharing

Copy URL Twitter E-mail

General

Target

26d9ca61dd11b9d0095eb56c93d02864
Size

7.4MB
MD5

26d9ca61dd11b9d0095eb56c93d02864
SHA1

67f1dd44176c0523a94e067afbdfe49deb6e3d5f
SHA256

57c364d78d2f4afba63cf14aa60270e0bb78e75f90d1bb2fc2099fa2437d85bc
SHA512

fd711c90a5732991ebd146cb8f044f31380e61549bd689f55c3d495caa08965d946aa0a24635ac52ee4cc3c0a01bb60e66768a277979692a8130b6776c457974
SSDEEP

196608:euS0p1MHkeo6X9DEM77m0cKYnpVGVfNvMt1JmFWLxgyxvxRUQqaM:K0p1MNo8FEXjKGpVYfNktX6yRxLM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d9ca61dd11b9d0095eb56c93d02864

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

26d9ca61dd11b9d0095eb56c93d02864
.exe windows:4 windows x86 arch:x86

60a830223a24c3ab0aeed10011b638af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
lstrcmpW
CompareStringW
GlobalFree
ResumeThread
SetEvent
ResetEvent
CreateEventW
LoadLibraryW
GetProcAddress
GetPrivateProfileSectionNamesW
FormatMessageW
CopyFileW
SetFilePointer
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
EnterCriticalSection
GetModuleHandleW
lstrlenW
RaiseException
LeaveCriticalSection
WriteFile
CloseHandle
ReadFile
GetFileSize
MultiByteToWideChar
CreateFileW
IsBadWritePtr
GetSystemTimeAdjustment
MulDiv
GetLocalTime
MoveFileW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GlobalUnlock
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetTickCount
WritePrivateProfileStringW
DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetWindowsDirectoryW
GetSystemDirectoryW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
GetLastError
CreateMutexW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GlobalLock
GlobalAlloc
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
IsBadReadPtr
GetDiskFreeSpaceExW
WideCharToMultiByte
HeapSize
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
HeapReAlloc
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetVersionExW
ExitProcess
WaitForSingleObject
Sleep
CreateProcessW

user32

LoadStringW
CharNextW
GetActiveWindow
DestroyWindow
DefWindowProcW
SendMessageW
GetClientRect
MessageBoxW
ShowWindow
ExitWindowsEx
UnregisterClassA
DrawTextW
DispatchMessageW
TranslateMessage
UpdateWindow
PeekMessageW
SetRect
GetUpdateRect
IsWindowEnabled
SetRectEmpty
GetCursorPos
DrawFocusRect
PtInRect
SetCursor
OffsetRect
GetCapture
GetDlgCtrlID
GetClassInfoExW
KillTimer
ScreenToClient
RegisterWindowMessageW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
RegisterClassExW
SetTimer
InvalidateRect
EnableMenuItem
LoadCursorW
SetCapture
GetWindowTextW
IsChild
GetClassNameW
ReleaseCapture
GetSystemMenu
GetFocus
SetFocus
BeginPaint
InvalidateRgn
FillRect
EndPaint
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
GetDC
PostQuitMessage
ReleaseDC
ClientToScreen
GetDlgItemTextW
IsWindow
SetDlgItemTextW
PostMessageW
EnableWindow
GetParent
SetWindowTextW
GetDlgItem
SetWindowPos
LoadImageW
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
MapWindowPoints
MoveWindow
GetWindowLongW
GetWindow
CallWindowProcW
SetWindowLongW
CreateWindowExW

gdi32

CreateFontW
GetDeviceCaps
CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
BitBlt
DeleteDC
DeleteObject
CreateFontIndirectW
GetObjectW
SelectObject
SetTextColor
CreateSolidBrush
SetBkMode
GetStockObject

advapi32

RegEnumKeyExW
AdjustTokenPrivileges
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleInitialize
CoUninitialize
CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal

oleaut32

OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringLen
SysAllocString
VariantInit
OleLoadPicture
VariantClear
SysFreeString

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx
DestroyPropertySheetPage
CreatePropertySheetPageW
_TrackMouseEvent
PropertySheetW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60a830223a24c3ab0aeed10011b638af

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

Sections

.text Size: 224KB - Virtual size: 221KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 17.9MB - Virtual size: 17.9MB

.text
Size: 224KB - Virtual size: 221KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 17.9MB - Virtual size: 17.9MB