VirusShare_db81680eff80b0c2627d7bde2ba84779

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_db81680eff80b0c2627d7bde2ba84779
Size

97KB
MD5

db81680eff80b0c2627d7bde2ba84779
SHA1

4f62bbbef2bbb5ead52bc1921ae920ef294499e4
SHA256

aa161650b7d3414a4d699ac71bae54b6975eaf2a99a1d0143bf9c646e1c00aa7
SHA512

9035951b9c4f4aa991c6cf9d3c199e56bb0f5a3f71a0b03e912e6db4f7145eb8297b38df1399bbb90b9367e16be573da2765a463194d236d7cac14df7c3e05f2
SSDEEP

3072:a2ibCahdG2Z9HPkhPfIJPsncJV60lDXa2F0l9KgXsFO:wblG2Z9H8hoqcD60lbHef

Score

1^/10

Malware Config

Signatures

Files

VirusShare_db81680eff80b0c2627d7bde2ba84779
.exe windows:5 windows x86 arch:x86

ed8d73aecb8d7ad74a0d916bd7b790b7

Code Sign

09:cd:82:bc:86:d4:ba:8b:4e:e5:40:89:5d:b8:a7:99
Certificate

Issuer

CN=K0F4BnOixeaIGsR

Not Before

27/03/2012, 05:05

Not After

31/12/2039, 23:59

Subject

CN=K0F4BnOixeaIGsR

Extended Key Usages

ExtKeyUsageCodeSigning

0f:2a:77:3a:d8:00:f7:52:11:94:e0:66:ee:0d:c0:f6:bd:d5:9c:c1
Signer

Actual PE Digest

0f:2a:77:3a:d8:00:f7:52:11:94:e0:66:ee:0d:c0:f6:bd:d5:9c:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
FatalAppExitW
FindFirstFileExA
FindVolumeMountPointClose
GetACP
GetAtomNameW
GetBinaryTypeA
GetBinaryTypeW
GetCalendarInfoW
GetCommMask
GetCommModemStatus
GetCompressedFileSizeA
GetComputerNameA
GetComputerNameW
GetConsoleAliasesA
GetConsoleAliasesW
GetConsoleMode
GetCurrencyFormatA
GetEnvironmentVariableA
GetFileAttributesExW
GetFileSize
GetLocalTime
GetNumberOfConsoleMouseButtons
GetPrivateProfileIntA
GetProfileIntA
GetProfileStringA
GetShortPathNameA
GetStartupInfoW
GetSystemDefaultLangID
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GetVolumePathNameW
GlobalGetAtomNameA
GlobalHandle
HeapValidate
IsBadWritePtr
IsProcessorFeaturePresent
EnumUILanguagesA
LCMapStringA
LoadModule
LocalLock
MapUserPhysicalPages
MoveFileExA
OpenProcess
OutputDebugStringW
PurgeComm
ReadConsoleA
ReadConsoleOutputAttribute
ReplaceFile
SearchPathA
SetCalendarInfoW
SetCommBreak
SetCommTimeouts
SetConsoleDisplayMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCriticalSectionSpinCount
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetProcessShutdownParameters
SetTimeZoneInformation
SignalObjectAndWait
SystemTimeToTzSpecificLocalTime
Toolhelp32ReadProcessMemory
TransactNamedPipe
TransmitCommChar
UnregisterWait
VirtualAllocEx
VirtualLock
VirtualProtect
WriteConsoleInputW
WriteConsoleOutputCharacterW
_hwrite
_lclose
lstrcat
lstrcpyW
EnumSystemCodePagesW
EnumResourceNamesW
EnumResourceLanguagesW
DnsHostnameToComputerNameA
DeleteFileW
DefineDosDeviceA
CreatePipe
VirtualAlloc
CreateMutexW
CreateDirectoryExA
CopyFileExA
ConvertThreadToFiber
BuildCommDCBAndTimeoutsA
BeginUpdateResourceW
AddConsoleAliasA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
ExitProcess
GetWindowsDirectoryW
CreateFileW
IsValidCodePage

user32

SetWindowTextA
SetWindowsHookA
SetWindowsHookExA
SwitchDesktop
TileWindows
ToAsciiEx
ToUnicode
TrackMouseEvent
VkKeyScanExA
WindowFromDC
keybd_event
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BroadcastSystemMessageW
CallMsgFilter
CallMsgFilterW
ChangeDisplaySettingsExW
CharToOemA
CloseClipboard
CloseWindowStation
CopyImage
CreateDialogIndirectParamW
CreateIcon
CreateIconFromResourceEx
DdeConnect
DdeCreateDataHandle
DdeDisconnect
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DefDlgProcW
DefFrameProcA
DestroyAcceleratorTable
DlgDirListComboBoxA
DlgDirSelectComboBoxExW
DragDetect
DrawFrameControl
DrawIconEx
EnableScrollBar
EndPaint
EnumDisplaySettingsExA
EnumThreadWindows
FindWindowExA
FindWindowW
FlashWindow
FreeDDElParam
GetAltTabInfoA
GetCaretPos
GetClassInfoA
GetDialogBaseUnits
GetDlgItem
GetGUIThreadInfo
GetIconInfo
GetLastInputInfo
GetMenuStringA
GetNextDlgGroupItem
GetPriorityClipboardFormat
GetWindowTextA
HiliteMenuItem
IMPSetIMEW
IntersectRect
InvalidateRect
IsDialogMessage
IsDialogMessageA
IsWindowVisible
LoadMenuIndirectA
MapVirtualKeyW
MessageBoxExA
MessageBoxExW
ModifyMenuW
MonitorFromRect
MsgWaitForMultipleObjectsEx
OpenWindowStationA
PostMessageW
PostQuitMessage
PostThreadMessageW
RemovePropW
SendInput
SendMessageTimeoutW
SetCapture
SetClassLongA
SetClassWord
SetWindowLongW
SetWinEventHook
SetTimer
SetProcessWindowStation
SetProcessDefaultLayout
SetMenuDefaultItem
SetLastErrorEx
SetKeyboardState
SetDlgItemTextW
SetClipboardData

comdlg32

ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
ChooseColorA

shell32

ExtractIconW
ExtractIconExW
ExtractIconExA
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
DuplicateIcon
DragFinish
DragAcceptFiles
DoEnvironmentSubstA
FindExecutableA
WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
Shell_NotifyIcon
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellAboutW
ShellAboutA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHGetSpecialFolderPathA
SHGetSettings
SHGetPathFromIDListW
SHGetPathFromIDList
SHGetMalloc
SHGetInstanceExplorer
SHGetIconOverlayIndexW
SHGetFolderPathW
SHGetFileInfoW
SHGetFileInfoA
SHGetFileInfo
SHGetDataFromIDListW
SHGetDataFromIDListA
SHFormatDrive
SHFileOperationA
SHFileOperation
SHEmptyRecycleBinW
SHEmptyRecycleBinA
SHCreateDirectoryExA
SHBrowseForFolderA
SHAppBarMessage
SHAddToRecentDocs
FindExecutableW

ole32

UtGetDvtd32Info
UtConvertDvtd32toDvtd16
StringFromCLSID
StgOpenStorage
StgCreatePropStg
SetConvertStg
STGMEDIUM_UserSize
STGMEDIUM_UserFree
ReleaseStgMedium
ReadFmtUserTypeStg
ReadClassStg
OpenOrCreateStream
OleSave
OleRegGetUserType
OleNoteObjectVisible
OleLoadFromStream
OleIsCurrentClipboard
OleGetIconOfClass
OleFlushClipboard
OleDraw
OleDoAutoConvert
OleCreateMenuDescriptor
OleCreateFromDataEx
OleCreate
OleConvertOLESTREAMToIStorage
MonikerRelativePathTo
IsAccelerator
IIDFromString
HWND_UserUnmarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserUnmarshal
HMENU_UserMarshal
HICON_UserFree
HGLOBAL_UserUnmarshal
HGLOBAL_UserFree
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserFree
HDC_UserSize
HBRUSH_UserMarshal
WdtpInterfacePointer_UserUnmarshal
HBITMAP_UserSize
HACCEL_UserSize
HACCEL_UserMarshal
GetHGlobalFromILockBytes
GetConvertStg
GetClassFile
FreePropVariantArray
DcomChannelSetHResult
CreateStreamOnHGlobal
CreateGenericComposite
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnloadingWOW
CoTaskMemFree
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoResumeClassObjects
CoRegisterClassObject
CoRegisterChannelHook
CoReactivateObject
CoQueryReleaseObject
CoQueryAuthenticationServices
CoLockObjectExternal
CoIsOle1Class
CoIsHandlerConnected
CoInitializeEx
CoGetTreatAsClass
CoGetStandardMarshal
CoGetInterfaceAndReleaseStream
CoEnableCallCancellation
CoDisconnectObject
CoDeactivateObject
CoCreateInstance
CoCreateGuid
CoBuildVersion
CLSIDFromProgID
CLIPFORMAT_UserSize
HBRUSH_UserFree

oleaut32

VarR4FromR8
VarR4FromI1
VarR4FromBool
VarR4CmpR8
VarOr
VarNeg
VarI4FromR4
VarI4FromDisp
VarI4FromDec
VarI4FromDate
VarI4FromBool
VarI2FromR4
VarI2FromI4
VarI2FromI1
VarI2FromDisp
VarI1FromUI4
VarI1FromR8
VarI1FromI2
VarFormatNumber
VarFormatFromTokens
VarDecFromDate
VarDecCmp
VarDateFromUdateEx
VarDateFromUI4
VarDateFromUI2
VarDateFromUI1
VarDateFromStr
VarDateFromR4
VarDateFromI2
VarDateFromDec
VarCySu
VarCyNeg
VarCyInt
VarCyFromR4
VarCyFromI2
VarCyFromBool
VarBstrFromI4
VarBstrFromI1
VarBstrCmp
VarBstrCat
VarBoolFromCy
VarAdd
VARIANT_UserFree
SysStringLen
SysAllocStringLen
SysAllocString
SafeArraySetIID
SafeArrayPutElement
SafeArrayGetDim
SafeArrayAllocDescriptorEx
SafeArrayAllocData
RegisterTypeLi
RegisterActiveObject
OleSavePictureFile
OleLoadPictureFileEx
OleLoadPictureFile
LHashValOfNameSysA
DosDateTimeToVariantTime
CreateErrorInfo
BSTR_UserSize
BSTR_UserFree
VariantCopy
VariantClear
VariantChangeType
VarUdateFromDate
VarUI4FromUI1
VarUI4FromR4
VarUI2FromR8
VarUI2FromR4
VarUI2FromI4
VarUI2FromI2
VarUI2FromDec
VarR4FromUI4
VarR8FromDec
VarR8FromI1
VarR8FromI2
VarR8FromR4
VarRound
VarUI1FromBool
VarUI1FromI1
VarUI1FromI2
VarUI4FromI4

shlwapi

StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrIA
StrRChrIW
StrRChrW
StrStrIW
StrStrW
StrChrIW

msvcrt

memcpy

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed8d73aecb8d7ad74a0d916bd7b790b7

Code Sign

09:cd:82:bc:86:d4:ba:8b:4e:e5:40:89:5d:b8:a7:99Certificate

Extended Key Usages

0f:2a:77:3a:d8:00:f7:52:11:94:e0:66:ee:0d:c0:f6:bd:d5:9c:c1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

shell32

ole32

oleaut32

shlwapi

msvcrt

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 212B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 286KB

09:cd:82:bc:86:d4:ba:8b:4e:e5:40:89:5d:b8:a7:99
Certificate

0f:2a:77:3a:d8:00:f7:52:11:94:e0:66:ee:0d:c0:f6:bd:d5:9c:c1
Signer

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 212B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 286KB