VirusShare_1b4fe263910ddda19b73d160c655051e

Sharing

Copy URL

Twitter E-mail

General

Target

VirusShare_1b4fe263910ddda19b73d160c655051e
Size

311KB
MD5

1b4fe263910ddda19b73d160c655051e
SHA1

ee29de3b4d84b6a40bf880adaaa8cc4182c22edd
SHA256

e0dd4011e20b1891e8a9d8b2bdf474b2567b9b12228c3071697b329d1ea9fe33
SHA512

8da58bf888ea8c17f337e8092fb88595291b4702411265986cc1c883e42a4b68fd4b0935d401ec43a462a83ec8a364d2b70564c7a7cdb315cd9c9fc6670dc2a9
SSDEEP

6144:3gwtAiwoPwjx2X8sc94NCcbZkOxUmRAFabXA5FwwtcUpfUOcrPWiPuXT5+:3uoPwjxkhkOxUmNrAPwwtftUPWieU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_1b4fe263910ddda19b73d160c655051e

Files

VirusShare_1b4fe263910ddda19b73d160c655051e
.exe windows:4 windows x86 arch:x86

5ed43cb7a53df79ad330801f08d74c32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReadEventLogA
RegCreateKeyExW
SetPrivateObjectSecurity
RegUnLoadKeyW
GetSidIdentifierAuthority
RegEnumKeyExW
GetNumberOfEventLogRecords
CreatePrivateObjectSecurity
LsaQueryTrustedDomainInfo
GetSidLengthRequired
SetFileSecurityA
IsTokenRestricted
RegOpenKeyW
ReadEventLogW
BackupEventLogW
ObjectPrivilegeAuditAlarmA
SetNamedSecurityInfoW
MakeSelfRelativeSD
GetSecurityDescriptorSacl
OpenBackupEventLogW
ObjectCloseAuditAlarmA
QueryServiceConfig2W
LsaQueryInformationPolicy
SetEntriesInAclW
RegCreateKeyW
RegDeleteKeyW
AddAce
BuildImpersonateTrusteeA
RegDeleteValueW
GetSecurityDescriptorDacl
SetNamedSecurityInfoA
DuplicateTokenEx
RegConnectRegistryA
ImpersonateSelf
RegConnectRegistryW
GetAuditedPermissionsFromAclW
RegUnLoadKeyA
LogonUserW
BuildExplicitAccessWithNameW
LsaCreateTrustedDomainEx
ChangeServiceConfigW
QueryServiceConfigA
QueryServiceLockStatusW
OpenProcessToken
GetExplicitEntriesFromAclA
GetSidSubAuthorityCount
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
GetAce
QueryServiceLockStatusA
GetSidSubAuthority
LookupPrivilegeNameW
GetKernelObjectSecurity
BuildTrusteeWithNameW
RegQueryValueExA
LsaClose
RegCreateKeyExA
EqualSid
InitializeSecurityDescriptor
LogonUserA
LookupAccountNameW
IsValidSid
GetSecurityInfo
InitiateSystemShutdownW
BuildSecurityDescriptorW
RegGetKeySecurity
LsaEnumerateTrustedDomains
LookupPrivilegeDisplayNameW
GetFileSecurityA
CloseServiceHandle
ObjectOpenAuditAlarmW
OpenBackupEventLogA
RegEnumKeyA
LsaLookupNames
RegDeleteValueA
StartServiceA
RegRestoreKeyW
NotifyChangeEventLog
GetSecurityDescriptorOwner
CreateServiceA
LsaDeleteTrustedDomain
LsaAddAccountRights
QueryServiceConfig2A
ChangeServiceConfig2A
RegQueryValueW
FreeSid
PrivilegedServiceAuditAlarmW
DeleteService
AbortSystemShutdownW
EqualPrefixSid
UnlockServiceDatabase
GetTokenInformation
GetLengthSid
GetAclInformation
RegOverridePredefKey
MakeAbsoluteSD
OpenServiceW
AreAnyAccessesGranted
SetServiceObjectSecurity
RegSetValueExA
GetExplicitEntriesFromAclW
DeregisterEventSource
AccessCheck
QueryServiceStatus
GetServiceDisplayNameW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
RegDeleteKeyA
ObjectCloseAuditAlarmW
RegQueryValueExW
LsaEnumerateAccountRights
GetSecurityDescriptorControl
RegSetValueW
AllocateAndInitializeSid
GetFileSecurityW
LookupSecurityDescriptorPartsW
LsaSetInformationPolicy
RegEnumValueW
EnumDependentServicesW
QueryServiceObjectSecurity
CreateRestrictedToken
LsaOpenPolicy
RegSetValueA
RegEnumValueA
RegLoadKeyW
SetThreadToken
CopySid
LsaEnumerateAccountsWithUserRight
LsaRetrievePrivateData
SetSecurityInfo
SetTokenInformation
RegReplaceKeyW
RegQueryMultipleValuesW
LookupPrivilegeValueA
RegCloseKey
RegQueryMultipleValuesA
RegQueryValueA
OpenSCManagerW
OpenEventLogA
SetSecurityDescriptorGroup
LookupAccountNameA
RegisterServiceCtrlHandlerA
BackupEventLogA
BuildTrusteeWithNameA
SetKernelObjectSecurity
RegSetValueExW
ReportEventW
RegOpenKeyA
AccessCheckAndAuditAlarmA

kernel32

GetPrivateProfileSectionW
DeleteFileA
ExitThread
FormatMessageA
GetProfileStringA
GetNamedPipeHandleStateA

user32

SetWindowLongA
GetUserObjectInformationA
TranslateMDISysAccel

msvcrt

_eof

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed43cb7a53df79ad330801f08d74c32

Headers

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 1.1MB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 1.1MB

.rsrc
Size: 44KB - Virtual size: 41KB