VirusShare_60cbddb17669eb65ae7fbbfa3945264f

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_60cbddb17669eb65ae7fbbfa3945264f
Size

243KB
MD5

60cbddb17669eb65ae7fbbfa3945264f
SHA1

df615bc9a475825a2bd3a22c7155661ba28e94a1
SHA256

796b322ecb3a40c00338b346d168f93c803595e12e3b282d8c75a26fef59dac6
SHA512

a6367efdf1632c79f5edab5c989bfe02d9a535712b3af35ce42b787e81d41ab838e4007086392c841613adf9de5e9e3906b555f01bb9b3dd0b3a7f3094beeea7
SSDEEP

6144:93KYbFqQcvT2lc/v1ZSz1zt/eNEHGupDqYmhf:9aEzcLac/tM/IETpDqVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_60cbddb17669eb65ae7fbbfa3945264f

Files

VirusShare_60cbddb17669eb65ae7fbbfa3945264f
.exe windows:4 windows x86 arch:x86

f8728586fdae0b62cd3b2d9b8e12eb23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegGetKeySecurity
SetServiceStatus
RegDeleteKeyA
GetSidSubAuthorityCount
AddAce
RegOverridePredefKey
BuildImpersonateExplicitAccessWithNameA
LsaEnumerateAccountsWithUserRight
AdjustTokenGroups
MapGenericMask
EnumServicesStatusA
GetOldestEventLogRecord
RegUnLoadKeyA
GetAuditedPermissionsFromAclW
CreateRestrictedToken
UnlockServiceDatabase
ObjectCloseAuditAlarmW
LsaEnumerateTrustedDomainsEx
RegisterServiceCtrlHandlerW
RegQueryValueW
AccessCheckAndAuditAlarmA
LookupPrivilegeDisplayNameW
GetSecurityDescriptorGroup
GetLengthSid
EncryptFileW
SetEntriesInAclA
ChangeServiceConfig2A
RegEnumValueW
AccessCheck
InitiateSystemShutdownA
AdjustTokenPrivileges
SetPrivateObjectSecurity
LsaSetDomainInformationPolicy
AddAccessAllowedAce
GetExplicitEntriesFromAclA
GetTrusteeFormA
EqualSid
RegDeleteValueA
OpenProcessToken
ReportEventA
GetSecurityDescriptorDacl
LsaClose
GetExplicitEntriesFromAclW
GetServiceKeyNameA
AllocateLocallyUniqueId
ObjectOpenAuditAlarmW
RegUnLoadKeyW
LsaEnumerateAccountRights
OpenEventLogA
OpenServiceA
CreatePrivateObjectSecurity
GetTrusteeNameW
IsTokenRestricted
ObjectCloseAuditAlarmA
LsaLookupNames
GetSidSubAuthority
GetSecurityDescriptorSacl
OpenServiceW
QueryServiceConfigA
GetSecurityDescriptorControl
GetFileSecurityA
LsaCreateTrustedDomainEx
RegSetValueA
LookupPrivilegeValueA
LogonUserA
LsaQueryTrustedDomainInfo
RegSaveKeyA
GetServiceKeyNameW
ClearEventLogW
RegRestoreKeyW
BuildTrusteeWithSidA
RegCloseKey
ChangeServiceConfigA
ObjectDeleteAuditAlarmW
QueryServiceLockStatusW
IsValidSid
LsaSetInformationPolicy
SetSecurityDescriptorDacl
LookupPrivilegeDisplayNameA
SetSecurityInfo
BuildSecurityDescriptorW
CloseEventLog
RegOpenKeyA
RegEnumKeyExW
RegReplaceKeyW
SetTokenInformation
FindFirstFreeAce
ReadEventLogW
RegisterEventSourceA
GetAuditedPermissionsFromAclA
LsaSetTrustedDomainInfoByName
LsaNtStatusToWinError
GetKernelObjectSecurity
CopySid
RegCreateKeyExA
GetNamedSecurityInfoW
GetTokenInformation
RegConnectRegistryA
OpenBackupEventLogA
ObjectPrivilegeAuditAlarmA
RegSetValueExA
AddAuditAccessAce
LsaRetrievePrivateData
SetEntriesInAclW
InitiateSystemShutdownW
RegOpenKeyW
LookupPrivilegeNameA
CloseServiceHandle
RegQueryMultipleValuesA
SetSecurityDescriptorGroup
LookupSecurityDescriptorPartsW
GetSidIdentifierAuthority
BuildExplicitAccessWithNameA
GetMultipleTrusteeA
RegQueryMultipleValuesW
SetNamedSecurityInfoW
RegOpenKeyExA
AllocateAndInitializeSid
DeregisterEventSource
ImpersonateSelf
ReportEventW
RegSetKeySecurity
ControlService
LookupAccountNameW
GetNumberOfEventLogRecords
RegisterServiceCtrlHandlerA
PrivilegedServiceAuditAlarmW
IsValidAcl
LsaSetTrustedDomainInformation
RegCreateKeyA
LockServiceDatabase
MakeAbsoluteSD
QueryServiceConfig2W
AddAccessDeniedAce
RegQueryValueA
LsaQueryInformationPolicy
MakeSelfRelativeSD
RegQueryInfoKeyW
GetTrusteeFormW
QueryServiceLockStatusA
RegQueryValueExA
SetKernelObjectSecurity
BackupEventLogW
SetServiceObjectSecurity

comctl32

ord2

kernel32

HeapSize
ExpandEnvironmentStringsA
GetBinaryTypeA
GetAtomNameA
DeviceIoControl
GetEnvironmentStrings
GetCurrencyFormatA
GetProfileStringA
GlobalUnWire
GetModuleHandleA
GetStartupInfoA

msvcrt

exit
_acmdln
_XcptFilter
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
__getmainargs

msi

ord7

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8728586fdae0b62cd3b2d9b8e12eb23

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

msi

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 1.6MB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 1.6MB

.rsrc
Size: 4KB - Virtual size: 2KB