VirusShare_456d29860bf8ee986f1450e6e7586057

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_456d29860bf8ee986f1450e6e7586057
Size

83KB
MD5

456d29860bf8ee986f1450e6e7586057
SHA1

6fbee6e72a06390c9041a30ecc94dd64efc33287
SHA256

0055111967c15278ab61f364f658b7902a798ced9b93f810ff5e3ed93b8e1748
SHA512

86509b530cea2d7e3dc90ddc05ed5ada49fb25ffc63605b66d9a58a9c6487c692e901f5ae4dc3caf380e42434a3412bfa9639629ac1be7e1a1e274b24c93148d
SSDEEP

768:ts4gjp30IX0TmG3ybxX5f3XoS67LN4juwHmY:tw90IX0t3yVXJ67XwHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_456d29860bf8ee986f1450e6e7586057

Files

VirusShare_456d29860bf8ee986f1450e6e7586057
.dll windows:4 windows x86 arch:x86

7ef800eff9a019a1c9376914c5a410c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
lstrcatA
GetCurrentProcess
Module32First
VirtualProtectEx
GetModuleHandleA
MultiByteToWideChar
CreateMutexA
DeleteFileA
GetModuleFileNameA
CopyFileA
TerminateProcess
DisableThreadLibraryCalls
IsBadReadPtr
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WriteFile
GetTempPathA
InitializeCriticalSection
LocalAlloc
CreateFileA
GetFileSize
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
WinExec
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

GetDC
ReleaseDC
IsRectEmpty
GetWindowRect
GetForegroundWindow
GetWindowTextA
OpenWindowStationA
wsprintfA
GetWindowThreadProcessId
SetThreadDesktop
OpenDesktopA

gdi32

GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette
GetStockObject

advapi32

CryptDestroyHash
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

htons
ioctlsocket
connect
select
recv
send
getpeername
closesocket
WSAStartup
gethostbyname
socket

msvcrt

malloc
strstr
_mbscmp
sscanf
isprint
strchr
wcscmp
_splitpath
_purecall
strncpy
__dllonexit
_onexit
free
_beginthreadex
atol
_mbsnbcmp
_mbsnbcpy
strcat
sprintf
strlen
_itoa
strncmp
atoi
memcmp
strcpy
??2@YAPAXI@Z
__CxxFrameHandler
memset
memcpy

shlwapi

StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpEndRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage

Exports

Exports

Install
_Install@16

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ef800eff9a019a1c9376914c5a410c2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 48.1MB

.CRT Size: 512B - Virtual size: 4B

shard Size: 10KB - Virtual size: 9KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 48.1MB

.CRT
Size: 512B - Virtual size: 4B

shard
Size: 10KB - Virtual size: 9KB

.reloc
Size: 18KB - Virtual size: 18KB