VirusShare_1aac618171555a70cd02bd001d0e5afc

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_1aac618171555a70cd02bd001d0e5afc
Size

188KB
MD5

1aac618171555a70cd02bd001d0e5afc
SHA1

b9b3ba46c567e143069edbf55fde5df1314a7e11
SHA256

48cfea074d2d86e34f6d3828287b5e6a487760eb281d050076c8caa9f10d7f43
SHA512

8cb7dc9fcc0980b6854158706eddeafc72d23a01348c63226fe89e0222592b12c0901514053002c53df7d2365f001aad2d29e51644f00b2cbeb99f9bae14704e
SSDEEP

3072:WRdOGm0ShCImRMufOK2HDmXqNf5wGTCQA2nGXFR:WRdg0S0flfIjmQpPnuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_1aac618171555a70cd02bd001d0e5afc

Files

VirusShare_1aac618171555a70cd02bd001d0e5afc
.dll windows:4 windows x86 arch:x86

2cc21376a59c027a7c5509c86d91bfbc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fhsdk526.pdb

Imports

kernel32

LoadLibraryA
SetEvent
ResetEvent
CreateEventA
OpenEventW
InterlockedDecrement
GetTickCount
GetCurrentProcess
VirtualAlloc
CreateFileA
FreeLibrary
InitializeCriticalSection
CreateFileMappingW
UnmapViewOfFile
LoadLibraryW
DeleteCriticalSection
GetLocalTime
WaitForSingleObject
GetCurrentThread
lstrcmpiA
DeleteTimerQueueTimer
Sleep
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FormatMessageW
DebugBreak
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime
ReadFileEx
ReplaceFileA
GetLocaleInfoW
GetProfileStringA
GetLastError

user32

CharLowerBuffW
wsprintfW

advapi32

FreeSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
SetThreadToken
OpenThreadToken
LookupAccountSidW
EqualSid

msvcrt

fgetpos
wcscoll
mblen
fgetc
exit
wctomb
vfprintf
getenv

secur32

FreeContextBuffer

Exports

Exports

Aqiiu

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cc21376a59c027a7c5509c86d91bfbc

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

secur32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 116KB - Virtual size: 498KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 116KB - Virtual size: 498KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 4KB - Virtual size: 1KB