26e43206e9d3b69f08d8316146430c2f

Sharing

Copy URL Twitter E-mail

General

Target

26e43206e9d3b69f08d8316146430c2f
Size

21KB
MD5

26e43206e9d3b69f08d8316146430c2f
SHA1

168aa52e14e5ead1cf5692510d40788c7e47e861
SHA256

e4f4e2879e3121c993a38be329de67e1e4a9fd498ee87e8c3fb3df65ffb03c9b
SHA512

fdfa5ddcc9b17128e50bc49b188a9d55bf5e09619db377599ebac1caeea9f8b6615ea0342f6085feca740e35fd5b05f6fb84c623f512a1b77ca93d82ac244a30
SSDEEP

384:k+e5/nWGv+pVtCrW6qTNVbewTI32R6Gabj6VbU3fK8EtO8wSc3xvMvBZSOWwYel7:kNnXMaW6q2wTI32zabGhU3CJY8wSc3xO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e43206e9d3b69f08d8316146430c2f

Files

26e43206e9d3b69f08d8316146430c2f
.dll windows:4 windows x86 arch:x86

c04b950153e69649e26b0defa3778912

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
HttpSendRequestA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetCurrentProcessId
MultiByteToWideChar
GetModuleFileNameA
WideCharToMultiByte
lstrcpyA
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetTempPathA

user32

FindWindowA
MessageBoxA
SendMessageA
SetWindowLongA

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA

msvcr80

fopen
fwrite
fclose
sprintf
strncmp
printf
_vsnprintf
memset
_malloc_crt
_encoded_null
free
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??3@YAXPAX@Z
??2@YAPAXI@Z
_strdup
memcpy
__CxxFrameHandler3
_encode_pointer

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c04b950153e69649e26b0defa3778912

Headers

File Characteristics

Imports

version

wininet

shell32

kernel32

user32

advapi32

msvcr80

msvcp80

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB