ShareEnum[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ShareEnum.exe
Size

254KB
MD5

03ca4e59b10aff8f2257dcfaf13cd309
SHA1

59940526e8d8e305177f530427a093408b86e29a
SHA256

0f9dd9bf5b25c879cb5a4d8c7e436fdd95736665f3ceed3fd33e78455287378d
SHA512

19007877bf065a51571fe1cc10be5c338cd4e86511118fbf7f5316962388b5b1d45ee1226478b4c54940a7e59d2a60f02a8e279c34283e4429554d54838129f7
SSDEEP

3072:MoIMqinw5xma9hlW4QpocZGwkvVHEXUkAtGQNmtyQk84:MoIMq1ma9DW4QVZGnvGQN2kP

Score

1^/10

Malware Config

Signatures

Files

ShareEnum.exe
.exe windows:4 windows x86

8c990359c655b89fe20ef4fb7b5b756c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:4f:c1:bf:b0:95:d2:4c:fc:10:5f:b7:18:e4:a6:96:c3:c2:7c:7a
Signer

Actual PE Digest

81:4f:c1:bf:b0:95:d2:4c:fc:10:5f:b7:18:e4:a6:96:c3:c2:7c:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon

kernel32

SetConsoleCtrlHandler
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
ReadFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetTimeZoneInformation
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
TerminateProcess
GetCurrentThread
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetLocaleInfoW
CompareStringA
SetEnvironmentVariableA
lstrlenW
lstrlenA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
WideCharToMultiByte
HeapAlloc
HeapReAlloc
RaiseException
LCMapStringW
GetStdHandle
SetHandleCount
MultiByteToWideChar
Sleep
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetComputerNameW
FormatMessageW
GetFileAttributesW
InterlockedIncrement
CreateThread
SetThreadPriority
ResumeThread
InterlockedDecrement
DeleteFileW
CreateFileW
WriteFile
GetCurrentProcessId
GetTickCount
GetProcessHeap
HeapFree
CompareStringW
GetModuleHandleW
SetLastError
GetLastError
LocalFree
LoadLibraryW
GetProcAddress
LocalAlloc
GetCurrentProcess
CloseHandle
GetVersion
ExitProcess
RtlUnwind

user32

SetClassLongW
UpdateWindow
EndDeferWindowPos
EnumChildWindows
BeginDeferWindowPos
GetWindowRect
EndPaint
DrawFrameControl
GetSystemMetrics
GetClientRect
BeginPaint
IsZoomed
MessageBoxW
SendMessageW
GetDlgItem
SetWindowLongW
PtInRect
EndDialog
DeferWindowPos
GetWindowLongW
GetClassNameW
InflateRect
DialogBoxIndirectParamW
LoadIconW
RegisterClassExW
ShowWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
IsDialogMessageW
DispatchMessageW
PostQuitMessage
LoadMenuW
GetSubMenu
SetMenuDefaultItem
SetWindowTextW
DefWindowProcW
EnableWindow
IsWindowEnabled
GetDlgItemTextW
PostMessageW
DialogBoxParamW
CreateDialogParamW
GetSysColorBrush
ChildWindowFromPoint
InvalidateRect
wsprintfW
CreatePopupMenu
InsertMenuItemW
GetCursorPos
TrackPopupMenu
LoadCursorW
SetCursor
SetWindowPos
MoveWindow
GetSysColor
LoadImageW
GetParent
ScreenToClient

gdi32

GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetStockObject
GetObjectW
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

advapi32

SetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetAclInformation
GetAce
LookupAccountSidW
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegCloseKey
MapGenericMask
MakeSelfRelativeSD
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
OpenProcessToken
GetTokenInformation
EqualSid
LookupAccountNameW
InitializeSid

shell32

ShellExecuteW
CommandLineToArgvW

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarDateFromStr
VariantClear
VariantInit
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetGetDCName
NetShareSetInfo
NetShareEnum
NetWkstaUserGetInfo
NetShareGetInfo
NetApiBufferFree

ws2_32

setsockopt
WSAStartup
gethostname
recvfrom
WSAGetLastError
sendto
inet_addr
gethostbyaddr
WSASocketW
ntohl
gethostbyname

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c990359c655b89fe20ef4fb7b5b756c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

81:4f:c1:bf:b0:95:d2:4c:fc:10:5f:b7:18:e4:a6:96:c3:c2:7c:7aSigner

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

mpr

netapi32

ws2_32

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 116KB - Virtual size: 121KB

.rsrc Size: 20KB - Virtual size: 19KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

81:4f:c1:bf:b0:95:d2:4c:fc:10:5f:b7:18:e4:a6:96:c3:c2:7c:7a
Signer

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 116KB - Virtual size: 121KB

.rsrc
Size: 20KB - Virtual size: 19KB