26dfe2d2c61d67569e1d040e949b0cd862bcada5ad2659fa3aa97b4a3fa33666

Sharing

Copy URL

Twitter E-mail

General

Target

26dfe2d2c61d67569e1d040e949b0cd862bcada5ad2659fa3aa97b4a3fa33666
Size

494KB
MD5

a81346939866d239918f089df7a0b659
SHA1

c71622acd04314d26ade17f64fa3ba34182bb5ff
SHA256

26dfe2d2c61d67569e1d040e949b0cd862bcada5ad2659fa3aa97b4a3fa33666
SHA512

3238ce949ea53d3a04e2327cc5099b38fe8fcb115ee0ebed0bb7d2ee0dbf464c15bda44d0a0c8552a90fda0a1b660696f32ef5b36b9655b5d1a6f76d27e94876
SSDEEP

6144:Qa7n4E6Pm0glIBs2/m48cab/CubFCm0HjD5NR2Me7IE1Ado+hxrrckm2EK3yBYPb:N8E6PmXlIXuf45NR2Me71Ad3xBEKCML

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26dfe2d2c61d67569e1d040e949b0cd862bcada5ad2659fa3aa97b4a3fa33666

Files

26dfe2d2c61d67569e1d040e949b0cd862bcada5ad2659fa3aa97b4a3fa33666
.exe windows:6 windows x86 arch:x86

e41039d3239c3feda0d01211c1cd940c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AcroBroker.pdb

Imports

kernel32

FindResourceW
MultiByteToWideChar
GetUserDefaultLCID
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
LocalAlloc
CopyFileW
WideCharToMultiByte
OutputDebugStringA
lstrcmpiW
GetModuleHandleA
LoadLibraryW
OutputDebugStringW
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetSystemTimeAsFileTime
SwitchToThread
GetFullPathNameW
GetDriveTypeW
CreateSemaphoreA
TlsFree
TlsSetValue
SizeofResource
LoadResource
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetLongPathNameW
LocalFree
GetCurrentProcessId
GetCurrentProcess
GetLastError
CloseHandle
GetTempPathW
CreateDirectoryW
GetProcAddress
SetLastError
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
CharNextW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
CreateWellKnownSid
CopySid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetKnownFolderPath

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SafeArrayCreateVector
VarUI4FromStr
SafeArrayUnaccessData
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayAccessData

sqlite

sqlite3_errcode
sqlite3_open_v2
sqlite3_close
sqlite3_get_autocommit
sqlite3_reset
sqlite3_finalize
sqlite3_errmsg
sqlite3_prepare_v2
sqlite3_create_function
sqlite3_value_int
sqlite3_value_type
sqlite3_result_error
sqlite3_result_value
sqlite3_column_type
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_int
sqlite3_column_double
sqlite3_column_blob
sqlite3_step
sqlite3_bind_parameter_count
sqlite3_bind_text
sqlite3_exec
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_busy_handler
sqlite3_free
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_null
sqlite3_bind_int64

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z

msvcr120

_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
strlen
memcmp
_fmode
wcslen
_set_invalid_parameter_handler
vsprintf
fclose
_wfopen
fwprintf
_wcsnicmp
realloc
wcstok_s
strtok_s
strncpy_s
_strdup
strcat_s
_time64
srand
rand
_wrename
wcsncmp
wcsnlen
wcscat_s
tolower
_wsplitpath
_wcsicmp
wcsstr
wcsrchr
_commode
__crtSetUnhandledExceptionFilter
_invoke_watson
memchr
_controlfp_s
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
_wcsdup
_vsnwprintf_s
??_V@YAXPAX@Z
memset
free
malloc
_recalloc
_wsplitpath_s
iswalpha
memcpy_s
wcscpy_s
wcsncpy_s

shlwapi

PathCanonicalizeW
AssocQueryStringW
PathRemoveBackslashW

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e41039d3239c3feda0d01211c1cd940c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

sqlite

msvcp120

msvcr120

shlwapi

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 17KB - Virtual size: 19KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 228KB - Virtual size: 232KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 17KB - Virtual size: 19KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 228KB - Virtual size: 232KB