VirusShare_fa04f485cf98c70e8fc6ac9965ad3050

Sharing

Copy URL

Twitter E-mail

General

Target

VirusShare_fa04f485cf98c70e8fc6ac9965ad3050
Size

163KB
MD5

fa04f485cf98c70e8fc6ac9965ad3050
SHA1

f1c0f49298690b726eec0b2cf50cf69e66f4254c
SHA256

1d0a6ee725ff01444afabf66afd73d5a48c72e1a81450cde5ecbd8228d6b5bb5
SHA512

9b60ff9b46fce1f42d471cae1bcbcc5728262c8b0e28cc65cc11bb3125e244ceb628c4d66906ad98495bc5107f3cdfd51c34c3427618085901fdfe45204b3ff1
SSDEEP

1536:8w0R63JEznoooBsh6fv24iyL+KhVnW5VO5yKRGobBjcrWNu5538d5TTi5hrBL++d:8by2znmv24PXhliO5BorWs38dNTSc+Bn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_fa04f485cf98c70e8fc6ac9965ad3050

Files

VirusShare_fa04f485cf98c70e8fc6ac9965ad3050
.dll windows:4 windows x86 arch:x86

71b585715c13dc70a59b0fd77f8b32d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetLastError
LocalFree
HeapDestroy
QueryPerformanceCounter
Sleep
WaitForSingleObject
CreateEventW
WinExec
lstrcmpiW
GetModuleHandleW
MultiByteToWideChar
SetLastError
CloseHandle
CreateFileA
IsBadStringPtrA
GetModuleFileNameW
lstrlenW
GetComputerNameW
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcmpW
FreeLibrary
GetCurrentThread
GlobalUnlock
GlobalLock
WaitForSingleObjectEx
ResumeThread
DuplicateHandle
SetEvent
ResetEvent
LocalAlloc
GetThreadLocale

user32

LoadIconW
LoadStringW
DestroyWindow
GetParent
IsWindow
GetDesktopWindow
FindWindowA
GetWindowTextA
GetFocus
EnableWindow
BeginPaint
InvalidateRect
LoadCursorW
UnhookWindowsHookEx
GetWindowRect
SetWindowsHookExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetSysColor
FillRect
EndPaint
DefWindowProcW
CallWindowProcW
GetDC
ReleaseDC
SetFocus
GetActiveWindow
SetWindowPos
SystemParametersInfoW
SetTimer
CallNextHookEx
KillTimer
RegisterClassW

advapi32

RegConnectRegistryW
EnumDependentServicesW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenServiceW
CloseServiceHandle
LookupAccountNameW
AllocateAndInitializeSid
EqualSid
GetLengthSid
CopySid
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExA
RegDeleteValueW
LookupAccountSidW

ole32

CoUninitialize
CreateStreamOnHGlobal
ReleaseStgMedium
StringFromGUID2
CoTaskMemFree
StringFromCLSID
CoInitialize

msvcrt

printf
qsort
free
realloc

secur32

AcceptSecurityContext
InitializeSecurityContextW

comctl32

CreatePropertySheetPageW

shlwapi

PathCombineA

Exports

Exports

AndInformation
ProcessTheTechnologyEndorsedBe
WwwNecessary

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71b585715c13dc70a59b0fd77f8b32d5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

secur32

comctl32

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 225KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 225KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 1KB