VirusShare-015caa166a54fcc971bb0272b65c3c6f

Sharing

Copy URL

Twitter E-mail

General

Target

VirusShare-015caa166a54fcc971bb0272b65c3c6f
Size

176KB
MD5

015caa166a54fcc971bb0272b65c3c6f
SHA1

a31a35095554666123df4f22350532e9d71babe4
SHA256

ba36666250ef79a97d3f431fbbe5ce50914689f2a2a4f6c010c29d81e3a4ce37
SHA512

b7428cead64ae4e19c9a689b099af831e971fac6edd2def8de2f6e55e37d649566f011954d547426f757c40107731437dbf4980c8b0420c55f9470c48b94a975
SSDEEP

3072:OqCVA9leVw8oL+0NfU6/VfGzfRdrqq7SdEnl3Fz3nzSytH4ecE5:5CW9Swf+0Nfr/VGjHrqg3YecQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare-015caa166a54fcc971bb0272b65c3c6f

Files

VirusShare-015caa166a54fcc971bb0272b65c3c6f
.dll regsvr32 windows:4 windows x86 arch:x86

28df7b6d43019d29342995f46742da81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
SetLastError
VirtualProtect
GetCurrentProcess
LoadLibraryA
ReadFile
GetFileSize
GetLastError
FreeLibrary
CreateFileA
GlobalFree
GlobalAlloc
Sleep
DeleteFileA
CopyFileA
LocalAlloc
CreateDirectoryA
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
TerminateThread
GetModuleFileNameA
WriteFile
GetWindowsDirectoryA
CreateThread
FindResourceA
lstrcmpiA
LockResource
GetVersionExA
TlsSetValue
TlsAlloc
ExitProcess
TlsFree
DisableThreadLibraryCalls
TerminateProcess
OpenProcess
lstrlenW
CreatePipe
GetCurrentProcessId
CreateMutexA
OpenMutexA
DuplicateHandle
FlushInstructionCache
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
LoadResource
SizeofResource
InterlockedIncrement
MultiByteToWideChar
InterlockedDecrement
lstrlenA
LocalFree
GetProcAddress
WideCharToMultiByte
lstrcatA
lstrcpynA
EnterCriticalSection
lstrcpyA
OutputDebugStringA
CloseHandle
WaitForSingleObject

user32

CreatePopupMenu
GetDlgItem
GetOpenClipboardWindow
UnhookWindowsHookEx
GetClipboardData
OpenClipboard
CloseClipboard
CopyImage
CreateWindowExA
CopyIcon
IsWindow
GetWindowTextA
DestroyWindow
LoadImageA
InvalidateRect
MessageBoxA
SetSystemCursor
ShowWindow
GetParent
DestroyMenu
CharLowerA
EndDialog
KillTimer
DialogBoxParamA
FindWindowA
CharUpperBuffA
SetTimer
SetWindowPos
GetSystemMetrics
GetWindowRect
SetDlgItemTextA
GetDlgItemTextA
LoadStringA
TrackPopupMenu
SetWindowsHookExA
EnableWindow
LoadCursorA
CallNextHookEx
SetWindowLongA
PostMessageA
SetWindowTextA
SetForegroundWindow
GetForegroundWindow
GetDC
GetWindowThreadProcessId
SendMessageA
InsertMenuA
GetWindowPlacement
GetCursorPos

gdi32

CreateFontA
GetObjectA
GetDIBits
GetStockObject
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize

oleaut32

SysAllocStringByteLen
VariantInit
LoadRegTypeLi
SysAllocString
SysFreeString
VariantClear
SysStringLen
SysAllocStringLen

ws2_32

closesocket
gethostbyname
inet_addr
socket
recv
WSAGetLastError
select
getsockopt
htons
send
WSAConnect
ntohs
getpeername
connect

wininet

InternetSetOptionA
InternetCanonicalizeUrlA
InternetOpenA
InternetConnectA
InternetGetConnectedState
GetUrlCacheEntryInfoA

atl

ord16
ord32
ord10
ord11
ord23
ord21
ord57
ord15
ord18
ord52
ord53
ord58
ord30

urlmon

URLOpenBlockingStreamA

iphlpapi

GetAdaptersInfo
GetIfEntry

msvcrt

atoi
_ismbcdigit
strcpy
_mbscmp
sprintf
_mbclen
vsprintf
_mbsrchr
_mbsnbcmp
strlen
_except_handler3
_mbsinc
realloc
atol
_mbslwr
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
memcmp
strstr
fclose
fwrite
fopen
strrchr
memmove
_purecall
free
_mbsstr
time
_mbschr
__CxxFrameHandler
wcslen
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
strncmp
malloc
_CxxThrowException
memset
_msize
strchr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstantAccess
P2EProc
Socksify
UnSocksify

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28df7b6d43019d29342995f46742da81

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

wininet

atl

urlmon

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 24KB - Virtual size: 151KB

.HookSec Size: 4KB - Virtual size: 28B

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 24KB - Virtual size: 151KB

.HookSec
Size: 4KB - Virtual size: 28B

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 12KB - Virtual size: 10KB