VirusShare-30bb39844241ed08adf8a6eab9c518d4

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare-30bb39844241ed08adf8a6eab9c518d4
Size

217KB
MD5

30bb39844241ed08adf8a6eab9c518d4
SHA1

7e9f1c284c0a36d6bd87c6976caa2d071a4de4a7
SHA256

34f9dc1a4794ee048e65af5be36fa851219ad15a63124f5654ca33a315f69067
SHA512

9915af1d59117ad75428f70e84f2d8faab0412f7fc33912207b67a40555674a9261214f8b72343a49b8c1e23651c8760cbe3d9e433fe8cfcd7bdb9edb36b43cd
SSDEEP

6144:mNaK5/7EqElpLthjUHXj8p/V8wgLmrpj6:TC/7hWpjjU3Yp/V87mr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare-30bb39844241ed08adf8a6eab9c518d4

Files

VirusShare-30bb39844241ed08adf8a6eab9c518d4
.exe windows:5 windows x86 arch:x86

940918d32a541b8717eb08b30e8dc0bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tssdis.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_exit
_c_exit
wcscat
wcsncpy
wcscpy
__CxxFrameHandler
exit
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
_XcptFilter
wcscmp
swprintf
wcsncat
_beginthreadex
_except_handler3
_snwprintf
_vsnwprintf
wprintf

advapi32

CheckTokenMembership
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
LookupAccountNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
CreateWellKnownSid
SetServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenThreadToken

kernel32

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
SetEvent
GetLastError
LocalFree
CloseHandle
LocalAlloc
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
SetCurrentDirectoryW
GetCurrentProcessId
GetFileTime
DeviceIoControl
CreateFileW
CreateDirectoryW
GetModuleFileNameW
SetFilePointer
WaitForSingleObjectEx
GetModuleHandleW
ResumeThread
HeapFree
GetProcessHeap
SetConsoleCtrlHandler
CreateMutexW
CreateEventW
GetCommandLineW
lstrcmpiW
GetCurrentThread
GetComputerNameExW
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTime
GetTimeFormatW
WideCharToMultiByte
WriteFile
OutputDebugStringW
GetDateFormatW
GetSystemTimeAsFileTime

user32

wsprintfW
LoadStringW

oleaut32

VariantInit
VariantClear

winsta

WinStationCloseServer
WinStationOpenServerW

rpcrt4

RpcServerListen
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqExW
RpcStringBindingParseW
RpcBindingFromStringBindingW
RpcServerUnregisterIf
RpcImpersonateClient
RpcBindingInqAuthClientW
RpcBindingServerFromClient
RpcEpResolveBinding
RpcMgmtInqServerPrincNameW
NdrClientCall2
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcRevertToSelf
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcBindingToStringBindingW
RpcStringFreeW

shell32

CommandLineToArgvW

esent

JetSetColumns
JetPrepareUpdate
JetGetColumnInfo
JetAttachDatabase
JetInit
JetUpdate
JetSetSystemParameter
JetSetColumn
JetCreateTableColumnIndex
JetCreateDatabase
JetDelete
JetMakeKey
JetSeek
JetRetrieveColumn
JetMove
JetCommitTransaction
JetCloseTable
JetCloseDatabase
JetEndSession
JetCreateIndex
JetRollback
JetOpenTable
JetOpenDatabase
JetBeginSession
JetTerm
JetIndexRecordCount
JetSetCurrentIndex
JetBeginTransaction

clusapi

ClusterEnum
GetNodeClusterState
OpenCluster
ClusterOpenEnum
ClusterGetEnumCount
CloseClusterResource
OpenClusterResource
ClusterResourceControl
ClusterCloseEnum
CloseCluster

resutils

ResUtilFindDependentDiskResourceDriveLetter
ResUtilFindSzProperty
ResUtilGetResourceDependency

netapi32

NetGetJoinInformation
NetApiBufferFree
NetApiBufferAllocate
DsGetDcNameW
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetLocalGroupGetMembers
NetLocalGroupAdd

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 148KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

940918d32a541b8717eb08b30e8dc0bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

winsta

rpcrt4

shell32

esent

clusapi

resutils

netapi32

Sections

.text Size: 61KB - Virtual size: 60KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

UPX0 Size: 148KB - Virtual size: 392KB

.text
Size: 61KB - Virtual size: 60KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB

UPX0
Size: 148KB - Virtual size: 392KB