VirusShare_cf5cfde12c223f380d940c61113e8840[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_cf5cfde12c223f380d940c61113e8840.zip
Size

1.5MB
MD5

7f4618f002fcf35ffe8eb38f95007f76
SHA1

62368efa838e9dcdf524e402de7b4d585875ce35
SHA256

d7439a7aee915bfcbe80e947d015986164fbab0db490219649a5fcd76aa32357
SHA512

3fdb938d6d3e0472fe3583f9c4a332ba910f6b26bd778d17954a5aed344614a31140fa9b8030edc14965d5e0ad24b14f3eb4bd8cc4186f4c7cef6f9072d9fd22
SSDEEP

24576:HRFLOSDk05SGY+DlR5d+UxAD7MbYm1K8o2Njria82U7lLUisbDSSFF:f3g05SG7D/5oRjmfNHW2AwiGDSS3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/161aea539901505b034462f7a444608e5fecb235ea1cfe519bf4b40512a32499

Files

VirusShare_cf5cfde12c223f380d940c61113e8840.zip
.zip

Password: infected
161aea539901505b034462f7a444608e5fecb235ea1cfe519bf4b40512a32499
.exe windows:6 windows x64 arch:x64

0aaff5312bbb71280b696d91dda966bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\hulk\programming\tagger\target\release\deps\Manifest.pdb

Imports

ntdll

RtlPcToFileHeader
NtQueryInformationProcess
NtQuerySystemInformation
RtlCaptureContext
RtlGetVersion
NtWriteFile
NtDeviceIoControlFile
RtlVirtualUnwind
RtlNtStatusToDosError
NtCancelIoFileEx
RtlUnwindEx
RtlLookupFunctionEntry

kernel32

OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
GetLastError
GetFileAttributesA
LockFile
GetFileAttributesExW
OutputDebugStringW
SetHandleInformation
SetFilePointer
FlushViewOfFile
GetFullPathNameA
SetEndOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
UnlockFileEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetProcAddress
PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
GetTempPathW
GetModuleHandleA
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
WideCharToMultiByte
GetSystemTimeAsFileTime
VirtualQueryEx
ReadProcessMemory
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CreateMutexW
SetUnhandledExceptionFilter
TerminateProcess
OpenProcess
CloseHandle
IsProcessorFeaturePresent
WaitForSingleObject
AcquireSRWLockExclusive
CreateFileW
ReleaseSRWLockExclusive
InitializeSListHead
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetFileAttributesW
UnmapViewOfFile
HeapValidate
IsDebuggerPresent
RaiseException
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
LoadLibraryExW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExA
FormatMessageW
TlsFree
LocalFree
CreateMutexA
GetCurrentThread
SleepConditionVariableSRW
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
lstrlenW
GetDiskFreeSpaceA
GetTimeZoneInformationForYear
WriteConsoleW
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetFileInformationByHandle
GetStdHandle
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
GetModuleFileNameW

user32

GetSystemMetrics

ws2_32

send
recv
getsockopt
ioctlsocket
connect
WSASocketW
closesocket
WSAGetLastError
getaddrinfo
WSAStartup
WSACleanup
setsockopt
freeaddrinfo
select

iphlpapi

GetAdaptersAddresses

advapi32

SystemFunction036
CopySid
GetLengthSid
IsValidSid
OpenProcessToken
GetTokenInformation

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

shell32

CommandLineToArgvW
SHGetKnownFolderPath

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhOpenQueryA

powrprof

CallNtPowerInformation

ole32

CoTaskMemFree

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

bcrypt

BCryptGenRandom

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
wcslen
strcmp
strlen
strcspn
strncmp

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
free
_msize
realloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
__p___argc
__p___argv
_set_app_type
_beginthreadex
_cexit
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_endthreadex
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
abort
_c_exit
_configure_narrow_argv
_seh_filter_exe
_exit

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

0aaff5312bbb71280b696d91dda966bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

ws2_32

iphlpapi

advapi32

psapi

shell32

pdh

powrprof

ole32

oleaut32

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 650KB - Virtual size: 650KB

.data Size: 14KB - Virtual size: 17KB

.pdata Size: 105KB - Virtual size: 105KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 650KB - Virtual size: 650KB

.data
Size: 14KB - Virtual size: 17KB

.pdata
Size: 105KB - Virtual size: 105KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 14KB - Virtual size: 13KB