VirusShare-000665d0cf1cdaaf30ea1c4e091e0263

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare-000665d0cf1cdaaf30ea1c4e091e0263
Size

160KB
MD5

000665d0cf1cdaaf30ea1c4e091e0263
SHA1

3b3fbb0c26efc85a1404315e6d04cfd5e3191e41
SHA256

504fd305860ac81701c2a741c35fad9d9cb5a7815de47c11ce8144f72d78e972
SHA512

1f5bc791a4c599b1bb96c09112d7ded0ad8e61229ca477f33d9e95d4cbf0567b58f17d4628aae88d3e52f96ca0a44eb9a37e851b276025f1e905e0963117cbd2
SSDEEP

3072:ALHpl3QYyd/JO6/6A8vkdcl/mv4Hnc57jsi6jZ9:ADplaxM6OvkU/mv4HcVjr29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare-000665d0cf1cdaaf30ea1c4e091e0263

Files

VirusShare-000665d0cf1cdaaf30ea1c4e091e0263
.dll regsvr32 windows:4 windows x86 arch:x86

c456c1256715d7cf36fa3e6a8bab6daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcpynA
lstrcpyA
OutputDebugStringA
CloseHandle
WaitForSingleObject
GetProcAddress
GetModuleHandleA
CreateProcessA
FlushInstructionCache
lstrcmpA
SetLastError
VirtualProtect
GetCurrentProcess
FreeLibrary
LoadLibraryA
ReadFile
GetFileSize
GetLastError
CreateFileA
WriteFile
GlobalFree
GlobalAlloc
Sleep
DeleteFileA
CopyFileA
LocalAlloc
CreateDirectoryA
DeleteCriticalSection
FindClose
FindNextFileA
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
TerminateThread
CreateThread
GetWindowsDirectoryA
SizeofResource
LoadResource
FindResourceA
LockResource
GetVersionExA
TlsSetValue
TlsAlloc
ExitProcess
TlsFree
DisableThreadLibraryCalls
TerminateProcess
OpenProcess
lstrlenW
GetShortPathNameA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
HeapDestroy
CreatePipe
GetCurrentProcessId
CreateMutexA
OpenMutexA
DuplicateHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetFilePointer
GetSystemDirectoryA
GetModuleFileNameA
RemoveDirectoryA

user32

FindWindowA
LoadStringA
CopyIcon
SetSystemCursor
CopyImage
SetWindowLongA
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
PostMessageA
GetDlgItem
GetOpenClipboardWindow
SetWindowsHookExA
GetDC
CloseClipboard
CharNextA
GetWindowPlacement
CreatePopupMenu
InsertMenuA
TrackPopupMenu
GetCursorPos
GetForegroundWindow
IsWindow
DestroyMenu
SendMessageA
ShowWindow
SetForegroundWindow
MessageBoxA
SetParent
SetWindowTextA
GetWindowLongA
GetDlgItemTextA
MoveWindow
LoadImageA
GetSystemMetrics
SetDlgItemTextA
GetWindowRect
SetTimer
SetWindowPos
CharLowerBuffA
EndDialog
DialogBoxParamA
KillTimer
GetClipboardData
CharLowerA
OpenClipboard
CharUpperBuffA
GetWindowThreadProcessId

gdi32

GetObjectA
CreateFontA
GetDIBits

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA

shell32

SHChangeNotify
Shell_NotifyIconA
ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

LoadTypeLi
SysAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString

ws2_32

htons
inet_addr
gethostbyname
ntohs
getpeername
WSAConnect
socket
connect
send
getsockopt
select
WSAGetLastError
recv
closesocket

wininet

InternetCanonicalizeUrlA
GetUrlCacheEntryInfoA
InternetGetConnectedState
InternetSetOptionA
InternetOpenA
InternetConnectA

iphlpapi

GetAdaptersInfo
GetIfEntry

msvcrt

_adjust_fdiv
_initterm
_mbschr
wcslen
memcpy
_mbslwr
__CxxFrameHandler
?terminate@@YAXXZ
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
memmove
_mbsstr
_mbsinc
_mbsrchr
_mbclen
strlen
vsprintf
_mbsnbcmp
_ismbcdigit
sprintf
_mbscmp
atoi
strcpy
_except_handler3
memcmp
strstr
fwrite
fopen
fclose
strchr
realloc
strrchr
_purecall
free
time
strncmp
atol
_CxxThrowException
__dllonexit
_onexit
malloc
??1type_info@@UAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstantAccess
P2EProc
Socksify
UnSocksify

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c456c1256715d7cf36fa3e6a8bab6daa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

wininet

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 137KB

.HookSec Size: 4KB - Virtual size: 28B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 137KB

.HookSec
Size: 4KB - Virtual size: 28B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 10KB