26e027386423ba59611bfc5637748d3dcb1768d97aa2655c3da1b43fbefbbb46

Sharing

Copy URL

Twitter E-mail

General

Target

26e027386423ba59611bfc5637748d3dcb1768d97aa2655c3da1b43fbefbbb46
Size

827KB
MD5

10fd81a3f819a4caa81af4722f3ffe36
SHA1

a86b06aca69ea22ea43dbb5e4e559d6c1a01e444
SHA256

26e027386423ba59611bfc5637748d3dcb1768d97aa2655c3da1b43fbefbbb46
SHA512

5792919aae68d46ca0ab267ba6cfdcabc23b9b2e2426c866ab0a06e6093cd1dc912b5427e983774a97cefac5baa9bfa1a68e8994fe8d3d46cf223cfebbcbb414
SSDEEP

12288:KuoNZ+p2+48Zk4jthIbAHa3FAVDhCO+nFwqCE:KuoN8AjBFKDhCb5CE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e027386423ba59611bfc5637748d3dcb1768d97aa2655c3da1b43fbefbbb46

Files

26e027386423ba59611bfc5637748d3dcb1768d97aa2655c3da1b43fbefbbb46
.exe windows:6 windows x86 arch:x86

37041b5e1bdc6c1cef7890d1e364ed77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\WW\Desktop\Rensen-main\Rensen\Release\Rensen.pdb

Imports

kernel32

GetConsoleWindow
Module32NextW
GlobalUnlock
IsDebuggerPresent
CreateProcessW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
ReadProcessMemory
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleHandleW
GlobalLock
Beep
GetLocalTime
CloseHandle
GlobalAlloc
SetPriorityClass
Process32NextW
GetTickCount64
GetConsoleMode
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
GetModuleFileNameW
GetUserDefaultLangID
TerminateProcess
SetConsoleMode
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute

user32

CheckDlgButton
EnumDisplaySettingsW
GetParent
UpdateWindow
GetWindowLongW
GetWindowThreadProcessId
GetWindowTextLengthW
GetMessageW
DefWindowProcW
GetKeyState
GetWindow
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
keybd_event
CreateWindowExW
SendMessageW
GetSystemMetrics
ShowWindow
GetAsyncKeyState
ChangeDisplaySettingsW
OpenClipboard
DispatchMessageW
CloseClipboard
EmptyClipboard
GetWindowTextA
RegisterClassW
SetWindowDisplayAffinity
SetWindowTextA
GetTopWindow
GetForegroundWindow
TranslateMessage
SetForegroundWindow
SetCursorPos
GetCursorPos
GetClientRect
SetClipboardData
GetWindowDC
GetClipboardData
MoveWindow
SetLayeredWindowAttributes
mouse_event
LoadIconW
FindWindowW
LoadCursorW
IsClipboardFormatAvailable

gdi32

Ellipse
MoveToEx
Rectangle
CreatePen
LineTo
SetBkMode
TextOutA
SetTextColor
TextOutW
DeleteObject
GetStockObject
CreateFontW
CreateCompatibleDC
SelectObject
CreateFontA
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
CreateRectRgn

advapi32

GetUserNameA

msvcp140

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

msimg32

GradientFill

gdiplus

GdipCreateFontFamilyFromName
GdipCreatePen1
GdipCreateLineBrushI
GdipDrawRectangleI
GdipDeleteFontFamily
GdipDrawLineI
GdipAddPathEllipseI
GdipSetPathGradientSurroundColorsWithCount
GdipDeleteBrush
GdiplusStartup
GdipAlloc
GdipDeletePath
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipSetSmoothingMode
GdipCreatePath
GdipCreateFont
GdipCreateSolidFill
GdipFree
GdipDrawString
GdipCreateFromHDC
GdipFillEllipseI
GdipSetTextRenderingHint
GdipCloneBrush
GdipGetPathGradientPointCount
GdipFillRectangleI
GdipCreatePen2
GdipDeleteGraphics
GdipDeleteFont
GdipSetPathGradientFocusScales
GdipDeletePen

dwmapi

DwmEnableBlurBehindWindow

urlmon

URLDownloadToFileW

vcruntime140

memset
_except_handler4_common
memmove
memchr
_CxxThrowException
__current_exception_context
__CxxFrameHandler3
memcpy
__std_exception_destroy
__std_exception_copy
__std_terminate
__current_exception

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_beginthreadex
_set_app_type
_initterm
_crt_atexit
_register_onexit_function
system
_controlfp_s
terminate
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initterm_e
_invalid_parameter_noinfo_noreturn
_exit
_c_exit
exit
__p___argc
__p___argv
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fsetpos
setvbuf
fread
__stdio_common_vsscanf
_fseeki64
_get_stream_buffer_pointers
_set_fmode
__acrt_iob_func
__stdio_common_vsprintf
fwrite
fputc
__p__commode
__stdio_common_vfprintf
fgetc
__stdio_common_vsprintf_s
fgetpos
fclose
fflush
ungetc

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-string-l1-1-0

strcpy_s
toupper
tolower

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_findfirst64i32
_findnext64i32
_access
_unlock_file
remove

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-math-l1-1-0

__setusermatherr
_CIatan2
_hypotf
_libm_sse2_cos_precise
_libm_sse2_sin_precise
floor
_libm_sse2_acos_precise

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37041b5e1bdc6c1cef7890d1e364ed77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msvcp140

msimg32

gdiplus

dwmapi

urlmon

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 707KB - Virtual size: 706KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 707KB - Virtual size: 706KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 59KB - Virtual size: 58KB