VirusShare_27a6dbbc09d4fb7e0912e9fea078f5db

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_27a6dbbc09d4fb7e0912e9fea078f5db
Size

175KB
MD5

27a6dbbc09d4fb7e0912e9fea078f5db
SHA1

f1d86ba55b28c4611e8c434c9c99f24dafb73bda
SHA256

e46b970ae33de1a3e60659ad624e1c3b67137ce8500cb1620f17ab0570e2e75d
SHA512

9249d663f202446b0161c410d201c128528d6cf8c50dbec151c4e5ead59b4030d3c174b4255d242a371e57f5d90f2ae07ef5552b2d3dbcca494a99875055a479
SSDEEP

3072:xWSQQCT8l7WonPVtMeNGt/mkwtHAJuEUQ7FyBErdwBAwOu2OE0+:8FFTo6CPcuLHrtwyqSATu2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_27a6dbbc09d4fb7e0912e9fea078f5db

Files

VirusShare_27a6dbbc09d4fb7e0912e9fea078f5db
.exe windows:5 windows x86 arch:x86

c06f37b29d64200b0a2c7fe90f637457

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
LoadLibraryExA
GetCPInfo
SetHandleCount
GetUserDefaultLangID
GetNumberFormatA
GetModuleFileNameA
CreateFileMappingA
GetCurrentProcess
FindFirstFileA
GlobalSize
EnterCriticalSection
HeapFree
GlobalAlloc
FileTimeToLocalFileTime
GlobalDeleteAtom
GetOEMCP
CompareStringW
GetVersionExA
CompareFileTime
GetLocaleInfoA
lstrcmpiA
SizeofResource
FreeLibrary
CreateEventA
GetThreadLocale
FindNextChangeNotification
lstrcpyA
UnlockFile
HeapReAlloc
WriteFile
LocalFileTimeToFileTime
GetLastError
lstrcmpW
GetCurrentDirectoryA
TerminateProcess
SetFilePointer
FindCloseChangeNotification
RemoveDirectoryA
FileTimeToSystemTime
GetFileInformationByHandle
GetProcAddress
InitializeCriticalSection
lstrcpynA
LoadLibraryW
GetShortPathNameA
GetSystemInfo
WaitForMultipleObjects
RtlUnwind
HeapSetInformation
GlobalUnlock
InterlockedExchange
TlsFree
SetCurrentDirectoryA
GetFileSizeEx
MulDiv
GetModuleHandleA
GetVolumeInformationA
Sleep
SetErrorMode
lstrlenW
_lclose
HeapCreate
GetTempPathA
FindClose
WaitForSingleObject
SystemTimeToFileTime
ReplaceFileA
GetCommandLineA
lstrcmpA
FindNextFileA
GetFileSize
GlobalHandle
VirtualAlloc
FileTimeToDosDateTime
TlsGetValue
VirtualProtect
GetFileTime
GlobalGetAtomNameA
FlushFileBuffers
GlobalReAlloc
HeapQueryInformation
GetConsoleMode
VirtualQuery
SearchPathA
GetSystemDirectoryW
GetSystemTimeAsFileTime
SetFileAttributesA
GetModuleHandleW
UnmapViewOfFile
CreateFileA
ConvertDefaultLocale
DosDateTimeToFileTime
SuspendThread
MoveFileA
FindResourceExW
FormatMessageA
lstrlenA
OpenFile
GetEnvironmentStringsW
GetUserDefaultUILanguage
DeleteFileA
EnumResourceNamesA
ResumeThread
GlobalAddAtomA
GetTickCount
GetStringTypeW
GetStringTypeExA
GetStdHandle
GetModuleFileNameW
SetThreadPriority
GetDiskFreeSpaceA
CreateFileW
SetFileTime
QueryPerformanceCounter
GetCurrentProcessId
EnumResourceTypesA
WinExec
HeapAlloc
GetFileAttributesA
FreeResource
WritePrivateProfileStringA
LoadResource
EnumResourceLanguagesA
GetDriveTypeA
SetPriorityClass
GetProfileIntA
FindResourceExA
GetCurrentDirectoryW
WriteConsoleW
FindResourceW
IsProcessorFeaturePresent
TlsAlloc
ReadFile
ExitProcess
LCMapStringW
GetFileAttributesExA
DeleteCriticalSection
QueryPerformanceFrequency
GetPrivateProfileStringA
ExitThread
GetFileType
GetDriveTypeW
InterlockedIncrement
_lread
LocalUnlock
GetFullPathNameA
GetCurrentThreadId
GetACP
GlobalFlags
SetLastError
LocalReAlloc
GetStartupInfoW
GetSystemDirectoryA
FindFirstFileExA
LockResource
GlobalLock
GlobalFree
CloseHandle
FindResourceA
CreateDirectoryA
RaiseException
CreateThread
CopyFileA
GetCurrentThread
WideCharToMultiByte
LockFile
GetEnvironmentVariableW
LoadLibraryExW
CancelWaitableTimer
VirtualProtectEx
OpenWaitableTimerW
AddAtomW
CancelIo
GetVersion
GlobalAddAtomW
AreFileApisANSI
GetPrivateProfileIntA
IsValidCodePage
TlsSetValue
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
SetEnvironmentVariableA
MapViewOfFile
GetLocalTime
GetConsoleCP
ResetEvent
CompareStringA
SetEndOfFile
SetEvent
GetTimeZoneInformation
LeaveCriticalSection
UnhandledExceptionFilter
_lwrite
LocalLock
IsDebuggerPresent
lstrcatA
MultiByteToWideChar
InterlockedDecrement
FindFirstChangeNotificationA
CreateProcessA
LocalFree
_lcreat
GetTempFileNameA
GetSystemDefaultUILanguage
SetStdHandle
GetWindowsDirectoryA
LocalAlloc
GetProcessHeap
LoadLibraryA
HeapSize
FreeEnvironmentStringsW
GlobalFindAtomA
InitializeCriticalSectionAndSpinCount

user32

SetForegroundWindow
LoadStringA
LoadIconA
CharUpperA
wsprintfW
GetForegroundWindow
IsWindowVisible

advapi32

GetTokenInformation
DeregisterEventSource
ControlService
GetNamedSecurityInfoW
CloseServiceHandle
DuplicateTokenEx
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
BuildExplicitAccessWithNameW
RevertToSelf
StartServiceW
OpenProcessToken
RegOpenKeyExW
StartServiceCtrlDispatcherW
CreateServiceW
CreateProcessAsUserW
DeleteService
RegQueryValueExW
RegEnumKeyW
SetEntriesInAclW
QueryServiceStatusEx
RegCreateKeyW
ReportEventW
RegCreateKeyExW
SetTokenInformation
OpenSCManagerW
RegisterEventSourceW
RegCloseKey
SetNamedSecurityInfoW
EnumDependentServicesW
ChangeServiceConfigW
RegOpenKeyW
OpenServiceW

shell32

SHGetMalloc
SHEmptyRecycleBinW
SHGetSpecialFolderPathW

ole32

CoInitialize

shlwapi

PathQuoteSpacesW
PathRemoveFileSpecW
PathFileExistsW
PathCombineW
StrStrIW
PathAppendW
PathFindFileNameW

version

VerQueryValueW

oledlg

ord8

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

psapi

GetModuleInformation
GetModuleFileNameExW

msvcrt

__set_app_type
exit
_CIsin
_except_handler3

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c06f37b29d64200b0a2c7fe90f637457

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

oledlg

wtsapi32

psapi

msvcrt

userenv

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 43KB - Virtual size: 139KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 43KB - Virtual size: 139KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 10KB - Virtual size: 10KB