26ffef7bb412f2acd5fd3b16f80984c2

Sharing

Copy URL Twitter E-mail

General

Target

26ffef7bb412f2acd5fd3b16f80984c2
Size

299KB
MD5

26ffef7bb412f2acd5fd3b16f80984c2
SHA1

a11e6130fdeecdd11491ed02dbabc4a6e0605c27
SHA256

9cb768d6cf5dba5405c6ca7608838e4883d98b67ca55aa2cc28f761287ffb082
SHA512

631223bcd0676e6515fbe9291225d262469b3d7dea23247d03dae0b74a251edc9069c0f1e4c59bd0250c122f9bf98b90a57993f805f917ec629a241816a6b9ab
SSDEEP

6144:VUzkRSv38F0rkW1rppYwcyVVP/VQISzqJRps:VhYamvNpYwcgXnY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26ffef7bb412f2acd5fd3b16f80984c2

Files

26ffef7bb412f2acd5fd3b16f80984c2
.exe windows:5 windows

d22ecb6cd99eeb4be4ff237d5733c622

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetVersionExW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CreateToolhelp32Snapshot
Process32FirstW
GetLastError
Process32NextW
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
CreateRemoteThread
WaitForSingleObject
GetCurrentThreadId
FindResourceExW
WideCharToMultiByte
CreateFileW
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
WriteFile
GetSystemDirectoryW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
GetStringTypeW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
SetEndOfFile
GetConsoleMode
DeleteFileW
GetModuleFileNameW
GetTempPathW
GetTickCount
CloseHandle
GetCurrentProcess
GetCurrentProcessId
Sleep
GetFileAttributesW
CreateThread
GetProcAddress
LoadLibraryW
GetConsoleCP
HeapCreate
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer

user32

LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DispatchMessageW
PrintWindow
GetSystemMetrics
GetWindowDC
SetCursorPos
SendInput
GetWindowTextW
WindowFromPoint
GetWindowRect
FindWindowW
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
DialogBoxParamW

gdi32

DeleteDC
GetDIBits
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
BitBlt
DeleteObject

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteW

ws2_32

WSAStartup
socket
gethostbyname
inet_addr
gethostbyaddr
htons
connect
closesocket
send
recv

Sections

.text
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

tgDSERR
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d22ecb6cd99eeb4be4ff237d5733c622

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

Sections

.text Size: 129KB - Virtual size: 132KB

.rdata Size: 30KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 276KB

.rsrc Size: 121KB - Virtual size: 124KB

.reloc Size: 5KB - Virtual size: 12KB

tgDSERR Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 129KB - Virtual size: 132KB

.rdata
Size: 30KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 276KB

.rsrc
Size: 121KB - Virtual size: 124KB

.reloc
Size: 5KB - Virtual size: 12KB

tgDSERR
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB