4026ffe369c0bb9fd192bc7482add3d9ccc0e3225ce5adbcdd2aaf568d7f1730N

Sharing

Copy URL Twitter E-mail

General

Target

4026ffe369c0bb9fd192bc7482add3d9ccc0e3225ce5adbcdd2aaf568d7f1730N
Size

483KB
MD5

7b746e4b6bfc6cd97adbd4ebbc712320
SHA1

c45f0d34bc4a672e2fe4a7fecd89801546506293
SHA256

4026ffe369c0bb9fd192bc7482add3d9ccc0e3225ce5adbcdd2aaf568d7f1730
SHA512

85c40e92e612f48874a34a8aa811a09b7b7141735d091375ba01767cabfea3ef6e4ed49e5d2082cb48098f9e7395d83f0e4f1715ef3bdadb73df3b9a931cedfb
SSDEEP

6144:iKNyqJd178x/kA3EjLMmTGW8nEorxuTspf4xCzkNd96JHk1KSidR3mxhrEfN6gmR:/Nyq578j3QQqGr11ZaNKSQR2xhVgmR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4026ffe369c0bb9fd192bc7482add3d9ccc0e3225ce5adbcdd2aaf568d7f1730N

Files

4026ffe369c0bb9fd192bc7482add3d9ccc0e3225ce5adbcdd2aaf568d7f1730N
.exe windows:5 windows x86 arch:x86

f8c3cfa568252592592249d1fc71e646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
WaitForSingleObject
DeviceIoControl
DuplicateHandle
FormatMessageW
CreateEventW
CreateProcessW
ExpandEnvironmentStringsW
GetDriveTypeW
GetSystemDirectoryW
DeleteFileW
SetThreadErrorMode
HeapSize
LCMapStringW
GetStringTypeW
TerminateThread
OpenProcess
GetVersion
CreateFileW
FindResourceW
SizeofResource
CloseHandle
SetLastError
LoadResource
GetLastError
GetCurrentProcess
LockResource
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetConsoleScreenBufferInfo
GetFileType
OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetFilePointerEx
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
DeleteCriticalSection
FlushFileBuffers
WriteFile
GetConsoleCP
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
SetEndOfFile

user32

SendMessageW
DialogBoxIndirectParamW
EndDialog
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

GetTokenInformation
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
LookupAccountSidW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8c3cfa568252592592249d1fc71e646

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

version

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 66KB

.rsrc Size: 319KB - Virtual size: 320KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 66KB

.rsrc
Size: 319KB - Virtual size: 320KB