26cf92d323a010acc9c02a05c6af1d40N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

26cf92d323a010acc9c02a05c6af1d40N.exe
Size

325KB
MD5

26cf92d323a010acc9c02a05c6af1d40
SHA1

448576bcf502466b8a3ef2662df1cda2ffe0313e
SHA256

a4e68938c270b880dcf22630e9cf6a024363966651c19914fd4fa8b8cccb93ff
SHA512

0849404f3ff7faec6d10b682b2c54e9b0ecd7d2a10d702d8ff1c9ce758eade9e11b7a8692228c21f5aa68d4c8f91036892e6cb6341de988b55493662fce1d809
SSDEEP

6144:BShkvxSdcvO+qa5jdawd1aMMzDCL7vbZga+:OdsiOjdawXa/aDZgv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cf92d323a010acc9c02a05c6af1d40N.exe

Files

26cf92d323a010acc9c02a05c6af1d40N.exe
.dll windows:6 windows x86 arch:x86

25fb3ebd80adc948a7e2e6905a92d34f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\CodeBases\isdev\Validators\Val0004.pdb

Imports

msi

ord117
ord160
ord48
ord170
ord8
ord116
ord124
ord119

kernel32

TlsGetValue
CreateThread
WaitForSingleObjectEx
OutputDebugStringA
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetLastError
LocalFree
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
GetConsoleCP
WriteFile
SetStdHandle
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
CreateFileW
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
HeapFree
HeapAlloc
GetCurrentThread
GetStringTypeW
GetACP
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW

user32

UnregisterClassA
LoadStringA
wsprintfA

ole32

CLSIDFromProgID

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysStringLen
SysFreeString
SysReAllocStringLen
SysAllocStringLen

Exports

Exports

GetUpgradeType
GetValidatorName
GetValidatorScope
RunValidator

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25fb3ebd80adc948a7e2e6905a92d34f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 7KB

.gfids Size: 1024B - Virtual size: 544B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.gfids
Size: 1024B - Virtual size: 544B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB