VirusShare_be366d179788175e6ef2cbedeb1fc700

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_be366d179788175e6ef2cbedeb1fc700
Size

243KB
MD5

be366d179788175e6ef2cbedeb1fc700
SHA1

ef57199dc118d4bf1cca7d386a80ef14810eb87b
SHA256

4c036fb6710db51596a12f6c95cc5f49bb27d243152a564f2e03da940141adf6
SHA512

f116d3c7e3f043a35737889e96e93567d2c84c292803dc0fca1e43c5d7c63a286be33d72d364e169553cfaed5dac21ce49d4e9e817f3810ce0bff380250bc4a9
SSDEEP

6144:X3KYbFqQcvT2lc/v1ZSz1zt/eNEHGupDqYmhf:XaEzcLac/tM/IETpDqVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_be366d179788175e6ef2cbedeb1fc700

Files

VirusShare_be366d179788175e6ef2cbedeb1fc700
.exe windows:4 windows x86 arch:x86

f8728586fdae0b62cd3b2d9b8e12eb23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegGetKeySecurity
SetServiceStatus
RegDeleteKeyA
GetSidSubAuthorityCount
AddAce
RegOverridePredefKey
BuildImpersonateExplicitAccessWithNameA
LsaEnumerateAccountsWithUserRight
AdjustTokenGroups
MapGenericMask
EnumServicesStatusA
GetOldestEventLogRecord
RegUnLoadKeyA
GetAuditedPermissionsFromAclW
CreateRestrictedToken
UnlockServiceDatabase
ObjectCloseAuditAlarmW
LsaEnumerateTrustedDomainsEx
RegisterServiceCtrlHandlerW
RegQueryValueW
AccessCheckAndAuditAlarmA
LookupPrivilegeDisplayNameW
GetSecurityDescriptorGroup
GetLengthSid
EncryptFileW
SetEntriesInAclA
ChangeServiceConfig2A
RegEnumValueW
AccessCheck
InitiateSystemShutdownA
AdjustTokenPrivileges
SetPrivateObjectSecurity
LsaSetDomainInformationPolicy
AddAccessAllowedAce
GetExplicitEntriesFromAclA
GetTrusteeFormA
EqualSid
RegDeleteValueA
OpenProcessToken
ReportEventA
GetSecurityDescriptorDacl
LsaClose
GetExplicitEntriesFromAclW
GetServiceKeyNameA
AllocateLocallyUniqueId
ObjectOpenAuditAlarmW
RegUnLoadKeyW
LsaEnumerateAccountRights
OpenEventLogA
OpenServiceA
CreatePrivateObjectSecurity
GetTrusteeNameW
IsTokenRestricted
ObjectCloseAuditAlarmA
LsaLookupNames
GetSidSubAuthority
GetSecurityDescriptorSacl
OpenServiceW
QueryServiceConfigA
GetSecurityDescriptorControl
GetFileSecurityA
LsaCreateTrustedDomainEx
RegSetValueA
LookupPrivilegeValueA
LogonUserA
LsaQueryTrustedDomainInfo
RegSaveKeyA
GetServiceKeyNameW
ClearEventLogW
RegRestoreKeyW
BuildTrusteeWithSidA
RegCloseKey
ChangeServiceConfigA
ObjectDeleteAuditAlarmW
QueryServiceLockStatusW
IsValidSid
LsaSetInformationPolicy
SetSecurityDescriptorDacl
LookupPrivilegeDisplayNameA
SetSecurityInfo
BuildSecurityDescriptorW
CloseEventLog
RegOpenKeyA
RegEnumKeyExW
RegReplaceKeyW
SetTokenInformation
FindFirstFreeAce
ReadEventLogW
RegisterEventSourceA
GetAuditedPermissionsFromAclA
LsaSetTrustedDomainInfoByName
LsaNtStatusToWinError
GetKernelObjectSecurity
CopySid
RegCreateKeyExA
GetNamedSecurityInfoW
GetTokenInformation
RegConnectRegistryA
OpenBackupEventLogA
ObjectPrivilegeAuditAlarmA
RegSetValueExA
AddAuditAccessAce
LsaRetrievePrivateData
SetEntriesInAclW
InitiateSystemShutdownW
RegOpenKeyW
LookupPrivilegeNameA
CloseServiceHandle
RegQueryMultipleValuesA
SetSecurityDescriptorGroup
LookupSecurityDescriptorPartsW
GetSidIdentifierAuthority
BuildExplicitAccessWithNameA
GetMultipleTrusteeA
RegQueryMultipleValuesW
SetNamedSecurityInfoW
RegOpenKeyExA
AllocateAndInitializeSid
DeregisterEventSource
ImpersonateSelf
ReportEventW
RegSetKeySecurity
ControlService
LookupAccountNameW
GetNumberOfEventLogRecords
RegisterServiceCtrlHandlerA
PrivilegedServiceAuditAlarmW
IsValidAcl
LsaSetTrustedDomainInformation
RegCreateKeyA
LockServiceDatabase
MakeAbsoluteSD
QueryServiceConfig2W
AddAccessDeniedAce
RegQueryValueA
LsaQueryInformationPolicy
MakeSelfRelativeSD
RegQueryInfoKeyW
GetTrusteeFormW
QueryServiceLockStatusA
RegQueryValueExA
SetKernelObjectSecurity
BackupEventLogW
SetServiceObjectSecurity

comctl32

ord2

kernel32

HeapSize
ExpandEnvironmentStringsA
GetBinaryTypeA
GetAtomNameA
DeviceIoControl
GetEnvironmentStrings
GetCurrencyFormatA
GetProfileStringA
GlobalUnWire
GetModuleHandleA
GetStartupInfoA

msvcrt

exit
_acmdln
_XcptFilter
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
__getmainargs

msi

ord7

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8728586fdae0b62cd3b2d9b8e12eb23

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

msi

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 1.6MB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 1.6MB

.rsrc
Size: 4KB - Virtual size: 2KB