d26abdc0730520eed70527225776aff8b03c6af1cf87f7045a5110fbf7abbef5

Sharing

Copy URL

Twitter E-mail

General

Target

d26abdc0730520eed70527225776aff8b03c6af1cf87f7045a5110fbf7abbef5
Size

1.8MB
MD5

0fb884732a9352f9e999b9467d34443d
SHA1

1a4ca64b9ec479dc92f6f2621a3c9fb971c9a1bf
SHA256

d26abdc0730520eed70527225776aff8b03c6af1cf87f7045a5110fbf7abbef5
SHA512

9119fd58ba93cd49e6877fb901d6a44589471aa911c02559bf0805626c6c8e408771d89bb81ad8d691c315bc1868bf6dc25bb9bbe1be160313637d00567ccfb9
SSDEEP

24576:KEhVeTdYFbj5mO29H31SZfZZT2547GBfW4Og:KEwdMbj5mO2t3QZK3VO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d26abdc0730520eed70527225776aff8b03c6af1cf87f7045a5110fbf7abbef5

Files

d26abdc0730520eed70527225776aff8b03c6af1cf87f7045a5110fbf7abbef5
.exe windows:4 windows x86 arch:x86

007043b7324c6485f3350320435d1f5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3

mpr

WNetCloseEnum

comctl32

InitializeFlatSB

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
LeaveCriticalSection
ExitProcess
EnterCriticalSection
InitializeCriticalSection
GetCommandLineA
IsValidCodePage
lstrcmpA
CompareStringA
CompareStringW
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
EnumSystemLocalesA
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
Module32NextW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
IsValidLocale
LCMapStringA
LCMapStringW
LoadLibraryW
LoadResource
LocalFree
LockResource
lstrlenA
lstrlenW
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventW
OpenProcess
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesW
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
GetVersionExW

user32

TranslateMessage
UnregisterClassA
ShowWindow
SystemParametersInfoW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
EnumPrintersW

advapi32

LookupPrivilegeValueW
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
SetSecurityDescriptorSacl
StartServiceW
SetSecurityDescriptorDacl

shell32

ShellExecuteW

shlwapi

PathRemoveFileSpecW
PathFileExistsW
StrToIntA
StrToIntW

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ckm525
Size: 999KB - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

007043b7324c6485f3350320435d1f5c

Headers

File Characteristics

Imports

msvcrt

mpr

comctl32

version

kernel32

user32

winspool.drv

advapi32

shell32

shlwapi

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 14.0MB

.tls Size: 4KB - Virtual size: 16B

.rsrc Size: 420KB - Virtual size: 420KB

.ckm525 Size: 999KB - Virtual size: 999KB

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 14.0MB

.tls
Size: 4KB - Virtual size: 16B

.rsrc
Size: 420KB - Virtual size: 420KB

.ckm525
Size: 999KB - Virtual size: 999KB