26eb934df1ca4c9302b8412ab55e4f7e057c8c67fc499a1f34f25a5c45a63261

Sharing

Copy URL Twitter E-mail

General

Target

26eb934df1ca4c9302b8412ab55e4f7e057c8c67fc499a1f34f25a5c45a63261
Size

607KB
MD5

f21b5dced156613f7adde839c7c1e455
SHA1

5e6d1d2c154ababe70c6d62d0b99fea49dd34012
SHA256

26eb934df1ca4c9302b8412ab55e4f7e057c8c67fc499a1f34f25a5c45a63261
SHA512

83a8144625df4bc5eb18c8acbdc0025678d7b9c1ea9d7f04aef88215792538172885bad28ffed6c135af5398b70ef798fa8e26f04d1b87bd6f94521a7cd6f607
SSDEEP

12288:1Vl3JKQ1uBeAMlwesHU8wqy2VYCIbvpOBlU1RlgIDMCZgjtGlxHZ9/I:1Vm1SwPHU8X31PfU17DhZy0lxHZ9/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26eb934df1ca4c9302b8412ab55e4f7e057c8c67fc499a1f34f25a5c45a63261

Files

26eb934df1ca4c9302b8412ab55e4f7e057c8c67fc499a1f34f25a5c45a63261
.exe windows:10 windows x64 arch:x64

c563af5da2261c5f1e2db0d3649c84f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tracepdb.pdb

Imports

kernel32

GetCurrentProcess
FindFirstFileExA
GetModuleFileNameW
FindNextFileA
GetEnvironmentVariableA
FindClose
GetCurrentDirectoryA
GetModuleHandleA
GetLastError
GetProcAddress
GetFileTime
WideCharToMultiByte
GetFileSize
LocalFree
CloseHandle
FileTimeToSystemTime
MultiByteToWideChar
CreateFileW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

msvcrt

__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
malloc
_splitpath_s
free
printf
fputs
_makepath_s
__C_specific_handler
_vsnprintf
_vsnwprintf
exit
wprintf
_initterm
__iob_func
wcsnlen
vsprintf_s
fopen
vfprintf
_wcsicmp
fclose
strncpy_s
_wsplitpath_s
_vscprintf
fgets
strcpy_s
strncmp
strstr
strchr
strrchr
sprintf_s
__CxxFrameHandler3
??3@YAXPEAX@Z
memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
fprintf
_fmode
_callnewh
memcpy
memmove
strcmp

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

dbghelp

SymGetOptions
SymEnumTypesByName
SymCleanup
SymGetLineFromAddr64
SymUnloadModule64
SymSearch
SymGetTypeInfo
SymRegisterCallback64
SymGetSymbolFile
MakeSureDirectoryPathExists
SymInitialize
SymSetOptions
SymFromAddr
SymLoadModuleExW

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c563af5da2261c5f1e2db0d3649c84f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

version

dbghelp

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 804B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 804B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB