26fdbc218c1102dba445a73d1eb54906

Sharing

Copy URL Twitter E-mail

General

Target

26fdbc218c1102dba445a73d1eb54906
Size

436KB
MD5

26fdbc218c1102dba445a73d1eb54906
SHA1

72835deb8a4dfa69d0df9913d527b9458fc98b66
SHA256

b91085997c9a2bd7deaeb93c04f2f5af6f7df6b7600687e66ffc13cdf4092839
SHA512

94ab764873d5172fc0abc719771a777f2d61622f9f252da0ec37073d644b9a8717b1dfa034715449f595063e68c445f3ec1a503b7875ae53bccb54b09cb19223
SSDEEP

12288:vZq3OBScRBhIwJfLaKU5d5V458Fy/Z4FFhSdFqvFt1m8nlXxFy:k3x4A+9CdM5Zuzod09tM2w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26fdbc218c1102dba445a73d1eb54906

Files

26fdbc218c1102dba445a73d1eb54906
.exe windows:4 windows x86 arch:x86

b66e03035a9fa58795cd2324ac77a105

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleW
GetSaveFileNameA
GetOpenFileNameA
ReplaceTextW
FindTextW
PrintDlgA
LoadAlterBitmap
FindTextA
ChooseFontA
GetOpenFileNameW
ReplaceTextA
PrintDlgW
GetSaveFileNameW
ChooseFontW
PageSetupDlgW
PageSetupDlgA
ChooseColorW

wininet

GopherOpenFileW
CreateUrlCacheGroup
ResumeSuspendedDownload
FtpDeleteFileA
CreateUrlCacheContainerW
FtpOpenFileW
InternetCrackUrlW
GetUrlCacheConfigInfoW
InternetQueryOptionW
HttpSendRequestExA
HttpEndRequestW

user32

OemToCharBuffA
ReuseDDElParam
ChildWindowFromPointEx
DdeSetQualityOfService
DdeGetLastError
DdeUnaccessData
SetMenuItemInfoA
RemovePropW
EnumDisplaySettingsW
GetKeyboardType
EnableWindow
SetUserObjectInformationW
GetComboBoxInfo
CreateIconFromResource
WindowFromDC
OffsetRect
SendMessageA
SendDlgItemMessageA
CharNextExA
SetMenu
InvalidateRect
GetKeyNameTextA
MapDialogRect

shell32

SHGetNewLinkInfo
ShellExecuteW
SHGetPathFromIDListA
CheckEscapesW
ShellAboutW
ExtractAssociatedIconExW
SHGetPathFromIDList
InternalExtractIconListW
SHBrowseForFolderW
SHFormatDrive
FindExecutableA
SHInvokePrinterCommandA
FreeIconList
ShellExecuteExA

kernel32

GetModuleHandleA
GetSystemInfo
GetPriorityClass
SetStdHandle
TerminateProcess
TlsAlloc
SetLastError
ExitProcess
EnumResourceNamesA
GetCurrentThread
GetCommandLineA
IsValidCodePage
MultiByteToWideChar
LCMapStringA
GetSystemTime
TlsSetValue
GetTickCount
OpenEventW
InterlockedCompareExchange
EnumDateFormatsExA
SetCriticalSectionSpinCount
GetStringTypeA
IsBadReadPtr
FlushFileBuffers
FileTimeToDosDateTime
RtlUnwind
InterlockedIncrement
SetEnvironmentVariableA
lstrcpynW
CompareStringW
GetEnvironmentStrings
lstrcatW
GetStdHandle
WriteConsoleOutputCharacterA
FreeEnvironmentStringsW
GetFileType
GetTimeZoneInformation
EnumSystemLocalesA
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetDateFormatA
VirtualProtect
GetModuleFileNameA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
SetHandleCount
GetTimeFormatA
TransactNamedPipe
TlsFree
GetCurrentThreadId
LCMapStringW
ReadConsoleOutputW
EnterCriticalSection
HeapAlloc
DeleteCriticalSection
GetLastError
GetVersionExA
TlsGetValue
CompareStringA
LoadLibraryA
GetLocaleInfoW
IsBadWritePtr
InterlockedExchange
QueryPerformanceCounter
GetCurrentProcess
WriteFile
SetFilePointer
FreeEnvironmentStringsA
HeapCreate
CloseHandle
WideCharToMultiByte
GetWindowsDirectoryW
HeapValidate
SetConsoleTitleW
HeapFree
HeapReAlloc
GetProcAddress
VirtualQuery
GetCurrentProcessId
EnumResourceTypesA
SetCurrentDirectoryW
RtlFillMemory
SetConsoleCtrlHandler
InitializeCriticalSection
LeaveCriticalSection
HeapDestroy
DebugBreak
VirtualAlloc
GetOEMCP
CreateFileMappingW
GetLocaleInfoA
GetStartupInfoA
FindNextFileW
GetEnvironmentStringsW
OutputDebugStringA
IsValidLocale
GetStringTypeW
VirtualFree
GetUserDefaultLCID
GetACP

gdi32

IntersectClipRect
GetBrushOrgEx
CloseMetaFile
ScaleViewportExtEx
CreatePalette
SetLayout
EnumObjects
BeginPath
PlayEnhMetaFileRecord
RemoveFontResourceA
EnumICMProfilesA
SetPolyFillMode
gdiPlaySpoolStream
RealizePalette
EnumFontFamiliesW
DeleteObject
Arc

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b66e03035a9fa58795cd2324ac77a105

Headers

File Characteristics

Imports

comdlg32

wininet

user32

shell32

kernel32

gdi32

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 279KB - Virtual size: 307KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 279KB - Virtual size: 307KB

.rsrc
Size: 6KB - Virtual size: 6KB