a26b744a523d2035e2e5ec99f1d51b74

Sharing

Copy URL Twitter E-mail

General

Target

a26b744a523d2035e2e5ec99f1d51b74
Size

278KB
MD5

a26b744a523d2035e2e5ec99f1d51b74
SHA1

faca23221ca08162c9676600ec4d08839d1afb11
SHA256

b3717100a95eaa4f9e44e152abb094f530ad995a0b21147ddd7ba39eec9c10e3
SHA512

9f46e9c5027244d33dfff3c9c66dcea8d6929b133b6d47810633b3007b3191aee91b2a65b3a541d7d43965c04b23c303ad6715aff0de424bdaf2b430f2c4d1aa
SSDEEP

6144:nsy1RHGpDTG9Tx7WtptA5L2cQC1VTsTfvYK/jf:nsdpe9TKWB2IjsTfAK7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a26b744a523d2035e2e5ec99f1d51b74

Files

a26b744a523d2035e2e5ec99f1d51b74
.exe windows:4 windows x86 arch:x86

fa3e556a0d1084cfd73cd4f4936a6915

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
InitializeCriticalSection
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
GetCurrentProcessId
WaitForMultipleObjects
CreateSemaphoreA
GetSystemTime
Sleep
FileTimeToSystemTime
CreateEventA
SetEvent
OpenEventA
lstrlenA
lstrcpynA
GetShortPathNameA
LoadLibraryA
GetLastError
MultiByteToWideChar
GlobalAlloc
lstrcpyW
lstrcpyA
lstrcmpA
GetVersionExA
CreateMutexA
WaitForSingleObject
GetACP
GetLocalTime
GetTempFileNameA
SystemTimeToFileTime
OpenFile
lstrlenW
GetVersion
GetProcAddress

user32

AppendMenuA
GetDesktopWindow
CharPrevA
CharUpperA
wsprintfA
PeekMessageA
LoadMenuIndirectA
CreateDialogParamA
RemoveMenu
MessageBoxA
CharLowerW
GetClassInfoExW
SetWindowTextA
CharLowerA
IsChild
GetMenuItemID
GetCapture
AppendMenuW
LoadBitmapA
InvalidateRect
GetMenuItemRect
MonitorFromPoint
SendDlgItemMessageA
CheckMenuItem
CharUpperW
wvsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegConnectRegistryA
RegQueryInfoKeyA

ole32

CoCreateInstance

mapi32

ord183
ord185
ord75
ord140
ord174
ord15
ord13
ord60
ord129
ord17
ord135
ord137
ord139

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shfolder

SHGetFolderPathA

shell32

SHCreateDirectoryExA

msvcrt

strncpy
strstr
_mbsicmp
_mbschr
free
_mbsnbcmp
_mbscmp
_mbsdec
_mbsinc
_makepath
_mbsnbcat
fread
calloc
strncmp
_mbsnbcpy

shlwapi

PathRemoveFileSpecA

query

DoneCIISAPIPerformanceData

duser

MapGadgetPoints
SetGadgetMessageFilter
AttachWndProcW
SetGadgetRect
UtilDrawBlendRect
GetGadgetScale
DUserGetRotatePRID
GetGadgetTicket
GetStdColorPenF
GetGadgetBufferInfo
DrawGadgetTree
LookupGadgetTicket
DUserRegisterGuts
DUserRegisterSuper
GetStdColorName
DllMain

gdi32

CreateColorSpaceA
CreatePen
CreateDIBPatternBrushPt
RemoveFontResourceExW
CreateMetaFileA
CreateBitmapIndirect
GdiGetBatchLimit
CreateColorSpaceW
CreateDIBSection
SetEnhMetaFileBits
CreateRectRgn
RemoveFontResourceExA

Sections

.icode
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.w
Size: 1KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nB
Size: 1024B - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.a
Size: 5KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 84KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 132KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa3e556a0d1084cfd73cd4f4936a6915

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

mapi32

version

shfolder

shell32

msvcrt

shlwapi

query

duser

gdi32

Sections

.icode Size: 7KB - Virtual size: 6KB

.w Size: 1KB - Virtual size: 337KB

.nB Size: 1024B - Virtual size: 57KB

.text Size: 13KB - Virtual size: 16KB

.a Size: 5KB - Virtual size: 446KB

.rdata Size: 4KB - Virtual size: 37KB

.edata Size: 84KB - Virtual size: 121KB

.data Size: 6KB - Virtual size: 233KB

.edata Size: 132KB - Virtual size: 156KB

.rsrc Size: 22KB - Virtual size: 21KB

.icode
Size: 7KB - Virtual size: 6KB

.w
Size: 1KB - Virtual size: 337KB

.nB
Size: 1024B - Virtual size: 57KB

.text
Size: 13KB - Virtual size: 16KB

.a
Size: 5KB - Virtual size: 446KB

.rdata
Size: 4KB - Virtual size: 37KB

.edata
Size: 84KB - Virtual size: 121KB

.data
Size: 6KB - Virtual size: 233KB

.edata
Size: 132KB - Virtual size: 156KB

.rsrc
Size: 22KB - Virtual size: 21KB