VirusShare-00e920363bfe7a578c366f119c3a2296

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare-00e920363bfe7a578c366f119c3a2296
Size

145KB
MD5

00e920363bfe7a578c366f119c3a2296
SHA1

7a1223e74755d50cf4277e9a3e81a54430715576
SHA256

6ce4825096af47b7d9ce750a5857eb174b04b11617909ab7e2da03ba111cadb9
SHA512

b1328a4485bcaab5101faba46b506f03b75c882ee3d2d561cb835c4b0aa9171fcbfeaf804e7c1e91181760f7749d921882264e15ddba656c350489008e2b5043
SSDEEP

3072:v95NknUH6UCNjzj3wXVpdGT9+HQQfyTCz5DlF+IJjUv:v95NknpfjQzKIH7fyToDlF+SE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare-00e920363bfe7a578c366f119c3a2296

Files

VirusShare-00e920363bfe7a578c366f119c3a2296
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

afe32c13e21428868608c0e04d0e4b77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlLookupElementGenericTable
RtlPrefixUnicodeString
NtSetInformationProcess
RtlExtendedLargeIntegerDivide
RtlStringFromGUID
RtlCopyLuid
RtlLengthSecurityDescriptor
RtlFreeAnsiString
RtlUpcaseUnicodeString
NtOpenProcessToken
RtlGetFullPathName_U
NtReadFile
RtlUnicodeStringToOemString
NtOpenDirectoryObject
RtlUnicodeToOemN
DbgPrint
RtlDetermineDosPathNameType_U
RtlOemStringToUnicodeString
wcsncpy
NtAllocateLocallyUniqueId
RtlWriteRegistryValue
RtlInsertElementGenericTable
RtlMultiByteToUnicodeN
qsort
NtCancelIoFile
_wcsnicmp
NtDeleteKey
RtlRegisterWait
NtQueryPerformanceCounter
RtlFreeHeap
NtAdjustPrivilegesToken
RtlSizeHeap
NtDeleteValueKey
RtlDeleteElementGenericTable
_wcslwr
RtlAcquireResourceExclusive
RtlCreateUnicodeStringFromAsciiz
NtOpenThread
NtQueryValueKey
RtlQueryInformationAcl
RtlEqualUnicodeString
NtOpenEvent
NtSetInformationThread
RtlxAnsiStringToUnicodeSize
RtlDeleteSecurityObject
NtDuplicateObject
RtlSubAuthorityCountSid
NtQueryInformationFile
RtlInitAnsiString
NtQueryDirectoryObject
RtlCreateHeap
RtlSystemTimeToLocalTime

user32

GetWindowPlacement
CheckMenuItem
IsChild
IsWindowVisible
RegisterWindowMessageA
IsIconic
GetWindowTextLengthW
MsgWaitForMultipleObjects
CreateWindowExW
GetWindowThreadProcessId
LoadIconA
GetDC
LoadStringA
SendDlgItemMessageA
CharPrevA
SetWindowTextW
GetClassNameA
ShowWindow
CallWindowProcW
DrawTextW
IntersectRect
MessageBoxW
RegisterClassExA
GetDesktopWindow

gdi32

GetObjectA
GetRgnBox
ExtSelectClipRgn
ExtTextOutW
SetViewportOrgEx
GetNearestColor
CreateHalftonePalette
SelectPalette
EndPage
CreateCompatibleDC

ole32

CoCreateGuid
CoReleaseMarshalData
OleUninitialize
MkParseDisplayName
CoCreateInstanceEx
CreateStreamOnHGlobal
CreateOleAdviseHolder
OleInitialize
CoDisconnectObject
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
CoGetMalloc
CLSIDFromString
CoTaskMemRealloc
CoRevertToSelf
CoRegisterClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateFreeThreadedMarshaler
CoUnmarshalInterface
OleRun
CoInitialize
CreateBindCtx
OleRegGetUserType

rpcrt4

RpcServerUseProtseqEpW
RpcBindingVectorFree
UuidFromStringW
RpcServerRegisterAuthInfoW
CStdStubBuffer_Invoke
NdrDllUnregisterProxy
NdrStubCall2
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
RpcStringFreeA
RpcServerInqBindings
RpcServerRegisterIfEx

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
PropertySheetW
InitCommonControls
PropertySheetA
InitCommonControlsEx
CreatePropertySheetPageW

shell32

SHBindToParent
SHGetFolderPathW
DragQueryFileW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHGetDesktopFolder
SHGetSpecialFolderPathW
ShellExecuteA
SHBrowseForFolderA
SHFileOperationW
SHGetPathFromIDListW
SHGetPathFromIDListA
SHBrowseForFolderW
CommandLineToArgvW

msvcrt

_itoa
sprintf
time
_strnicmp
_initterm
__badioinfo
__getmainargs
iswspace
towupper
_wtol
mbstowcs
fread
__CxxFrameHandler
strncpy
qsort
__p__commode
wcscspn
sscanf
__set_app_type
_ltow
strlen
??0exception@@QAE@ABV0@@Z
realloc
isdigit
strtok
atoi
_controlfp
wcspbrk
_CIacos
_write

kernel32

GetComputerNameW
OpenMutexA
ExpandEnvironmentStringsW
LCMapStringA
GetStringTypeA
SetErrorMode
GetFileType
HeapAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetConsoleMode
GetCurrentProcess
GetSystemDirectoryW
SetLastError
GetExitCodeThread
ResumeThread
GetSystemInfo
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
CreateEventW
WideCharToMultiByte
GetThreadLocale
FindFirstFileA
FindResourceW
WriteFile
GetModuleHandleW
GetModuleHandleA
GetLocalTime
ReadFile
Sleep
CreateProcessW
GetCommandLineA
GetTickCount
CreateFileMappingA
GlobalLock
lstrlenW
lstrlenA
IsBadWritePtr
GetFileAttributesW
GlobalFree
lstrcpynW
GetFileAttributesA
RaiseException
GetProcessHeap
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
GetCPInfo
SetFilePointer
WaitForSingleObject
GetDriveTypeA
Thread32Next

shlwapi

SHDeleteValueA
PathAddBackslashW
StrToIntExW
SHSetValueW
StrCmpIW
StrCmpNIA
PathCombineW
PathFindExtensionA
PathIsURLW
PathFileExistsW
StrTrimW
StrCmpNIW
StrCmpNW
PathRemoveExtensionW
PathAppendW
SHDeleteKeyA
SHRegGetBoolUSValueW
StrChrIW
SHDeleteValueW
wnsprintfW
StrRetToBufW
wnsprintfA
PathStripToRootA
PathFindFileNameW
StrStrIW
PathIsRootW

comdlg32

PrintDlgA
GetSaveFileNameA
GetOpenFileNameA
PrintDlgW
GetFileTitleW
ChooseFontA
ChooseFontW

oleaut32

SafeArrayGetUBound
CreateErrorInfo
GetActiveObject
VariantChangeType
SafeArrayPtrOfIndex
SysStringLen
SafeArrayPutElement
VariantChangeTypeEx
LoadTypeLib
SysReAllocStringLen
SysAllocStringLen
VariantCopyInd
OleLoadPicture
SafeArrayGetLBound
RegisterTypeLib
SafeArrayAccessData
VariantCopy
SysFreeString
GetErrorInfo
SafeArrayCreate
SetErrorInfo
VariantInit
SafeArrayGetElement

advapi32

RegConnectRegistryW
SetThreadToken
QueryServiceStatus
RegSetValueA
RegQueryInfoKeyA
RegOpenKeyW
GetSecurityDescriptorLength
ChangeServiceConfigW
RegCreateKeyExW
UnlockServiceDatabase
LockServiceDatabase
ReportEventW
OpenSCManagerA
LookupAccountSidW
LookupPrivilegeValueW

Sections

DATA
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1001B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afe32c13e21428868608c0e04d0e4b77

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

gdi32

ole32

rpcrt4

comctl32

shell32

msvcrt

kernel32

shlwapi

comdlg32

oleaut32

advapi32

Sections

DATA Size: 11KB - Virtual size: 11KB

BSS Size: 5KB - Virtual size: 5KB

.text Size: 118KB - Virtual size: 117KB

DATA Size: 1KB - Virtual size: 52KB

DATA Size: 512B - Virtual size: 480B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1001B

DATA
Size: 11KB - Virtual size: 11KB

BSS
Size: 5KB - Virtual size: 5KB

.text
Size: 118KB - Virtual size: 117KB

DATA
Size: 1KB - Virtual size: 52KB

DATA
Size: 512B - Virtual size: 480B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1001B