VirusShare_1cef5b8d6a3b349a63305cf118f0e7c7

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_1cef5b8d6a3b349a63305cf118f0e7c7
Size

164KB
MD5

1cef5b8d6a3b349a63305cf118f0e7c7
SHA1

cfb97ab1be1e9774cee079d4a81720a9eaf89fa9
SHA256

3b31eef6aca8590b6589386fc46ba13f5dfb00540a07823bc1297424ef0053ee
SHA512

9be31374923eb6fcde644789d946b165f422935cc2df5e759cfd016e517fc55524d94a19d214cf7f317130388771f9a6d5668566368006e35f0d39f1d86f0908
SSDEEP

3072:7pWB7gaBA+lCI3JU+Bp+tOvxeZ+m60x/awKTVysnRIUE:7MBRBlCIx1plx7TL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_1cef5b8d6a3b349a63305cf118f0e7c7

Files

VirusShare_1cef5b8d6a3b349a63305cf118f0e7c7
.exe windows:5 windows x86 arch:x86

249d96423d6800d92883a29a74f9d361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
GetModuleHandleW
GetStartupInfoA
GetEnvironmentStringsW
DeleteFileW
CreateProcessW
GetPrivateProfileSectionW
OpenProcess
HeapSize
GetCPInfo
GetStringTypeA
CloseHandle
ReadFile
LeaveCriticalSection
CompareStringA
RaiseException
ExpandEnvironmentStringsW
GetCommandLineW
SetEnvironmentVariableA
LockResource
CreateMutexW
SetHandleCount
Process32FirstW
CreateDirectoryW
FindFirstFileW
CreateThread
Process32NextW
CreateFileMappingW
WaitForSingleObject
GetVersionExW
FindNextFileW
LoadLibraryA
GetProcessHeap
FatalAppExitA
IsDebuggerPresent
GetDiskFreeSpaceExW
GlobalMemoryStatus
VirtualAlloc
OpenFileMappingW
GetCurrentThread
GetFileAttributesW
VirtualFree
InitializeCriticalSectionAndSpinCount
GetTickCount
GetACP
WritePrivateProfileStringW
SetConsoleCtrlHandler
GetFileType
WriteFile
HeapCreate
GetPrivateProfileIntW
GetLogicalDrives
LCMapStringA
GetSystemTimeAsFileTime
GetConsoleCP
ReadProcessMemory
SetEvent
ProcessIdToSessionId
SizeofResource
GetDriveTypeW
FindResourceW
GetModuleFileNameW
Module32NextW
InterlockedIncrement
CreateToolhelp32Snapshot
CreateFileA
UnmapViewOfFile
WideCharToMultiByte
lstrcmpiW
FindResourceExW
GetVolumeInformationW
FreeEnvironmentStringsW
SetLastError
GetTimeZoneInformation
SetUnhandledExceptionFilter
Module32FirstW
EnumSystemLocalesA
MapViewOfFile
FlushFileBuffers
GetModuleHandleA
QueryPerformanceCounter
TlsGetValue
GetProcAddress
HeapReAlloc
WriteConsoleA
GetCurrentProcess
RtlUnwind
DeviceIoControl
DeleteCriticalSection
SetEndOfFile
OpenThread
GetLocalTime
GetTempFileNameW
LoadLibraryExW
GetStdHandle
LoadLibraryW
MoveFileExW
UnhandledExceptionFilter
GetEnvironmentVariableW
GlobalFindAtomA
VirtualProtectEx
AddAtomA
OutputDebugStringA
GetVersion
GlobalAddAtomW
AreFileApisANSI
HeapFree
WriteConsoleW
VirtualQueryEx
GetLocaleInfoW
GetStringTypeW
SetStdHandle
lstrlenA
GetDateFormatA
EnterCriticalSection
LCMapStringW
FreeLibrary
GetCurrentProcessId
SystemTimeToFileTime
ExitThread
GetUserDefaultLCID
SetFilePointer
GetPrivateProfileStringW
TlsFree
GetLastError
FlushInstructionCache
RemoveDirectoryW
CreateFileW
GetConsoleMode
GetPrivateProfileSectionNamesW
IsValidCodePage
InterlockedDecrement
IsProcessorFeaturePresent
GetCurrentThreadId
InterlockedCompareExchange
LoadResource
TerminateProcess
GetModuleFileNameA
ExitProcess
InitializeCriticalSection
MultiByteToWideChar
InterlockedExchange
IsValidLocale
GetTimeFormatA
GetOEMCP
TlsSetValue
TlsAlloc
GetFileSize
CompareStringW
GetLocaleInfoA
GetTempPathW
lstrlenW
GetConsoleOutputCP
CreateEventW
HeapDestroy
GetFileSizeEx
LocalFree
Sleep
HeapAlloc

user32

GetTopWindow
SetForegroundWindow
LoadIconA
CharUpperA
IsWindowEnabled
wsprintfW
GetForegroundWindow
IsWindowUnicode
GetDesktopWindow
IsWindowVisible
EnableWindow
GetClassInfoExW
LoadCursorW
GetMenuItemCount
SetWindowLongW
SetCursor
GetMessageW
GetFocus
GetParent
GetWindowLongW
GetClassNameW
TranslateAcceleratorW
GetCursorPos
DestroyWindow
LoadStringA
GetMenuItemInfoW
RegisterClassExW
SetTimer
MonitorFromWindow
GetMonitorInfoW
GetClientRect
DefWindowProcW
SendMessageW
MessageBeep
SetWindowTextW
GetWindowThreadProcessId
MapWindowPoints
SetWindowPos
MonitorFromPoint
UpdateLayeredWindow
InvalidateRect
ReleaseDC
DispatchMessageW
LoadImageW
PtInRect
KillTimer
RemoveMenu
UnregisterClassA
DestroyMenu
GetWindowTextW
CreatePopupMenu
TranslateMessage
CallWindowProcW
GetWindowDC
CharNextW
GetWindow
IsWindow
PeekMessageW
AppendMenuW
EnumChildWindows
LoadAcceleratorsW
TrackPopupMenuEx
TrackMouseEvent
GetWindowRect
PostMessageW
DrawTextW
EnumWindows
SetFocus
LoadStringW
LoadMenuW
PostQuitMessage
CreateWindowExW
ScreenToClient
DestroyCursor
ShowWindow

gdi32

AbortPath
AddFontMemResourceEx
CreateCompatibleBitmap
CreateDIBSection
CreateFontW
GetBitmapBits
SetBitmapBits
SelectObject
DeleteDC
DeleteObject
SaveDC
SetTextColor
CreateCompatibleDC
RestoreDC
SetBkMode

advapi32

RegQueryInfoKeyW
DeleteService
FreeSid
CloseServiceHandle
RegQueryValueExW
SetTokenInformation
CreateProcessAsUserW
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
LookupPrivilegeValueW
RegOpenKeyW
SetNamedSecurityInfoW
OpenServiceW
CreateServiceW
StartServiceW
SetEntriesInAclW
RegCreateKeyExW
DuplicateTokenEx
RegDeleteKeyW
AdjustTokenPrivileges
RegDeleteValueW
QueryServiceStatus
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ControlService
RegSetValueExW
GetNamedSecurityInfoW
RevertToSelf

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoCreateGuid
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

CreateErrorInfo
SysAllocStringByteLen
VariantInit
VarUI4FromStr
SetErrorInfo
SysAllocString
GetErrorInfo
SysFreeString
SysStringLen
VariantChangeType
VariantClear

winhttp

WinHttpConnect
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathFindFileNameW
PathStripPathW
PathGetDriveNumberW
PathFindExtensionW
SHDeleteKeyW
PathAppendW
StrStrIW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsDirectoryW

msimg32

AlphaBlend
GradientFill

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetIpForwardTable

oledlg

ord8

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

psapi

QueryWorkingSet
GetProcessMemoryInfo
GetModuleFileNameExW
GetModuleInformation

msvcrt

__set_app_type
_except_handler3
_CIsin
isalpha
_exit

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

249d96423d6800d92883a29a74f9d361

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

comctl32

shlwapi

msimg32

version

iphlpapi

oledlg

wtsapi32

psapi

msvcrt

userenv

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 31KB - Virtual size: 35KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 31KB - Virtual size: 35KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 10KB - Virtual size: 9KB