VirusShare_22882a8ed5ee3f4050beb17d03530640

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_22882a8ed5ee3f4050beb17d03530640
Size

391KB
MD5

22882a8ed5ee3f4050beb17d03530640
SHA1

5e7180cecb4fb165dd058b7144e11de2ffccb9e7
SHA256

c417e11c8df390b85a0297c4a8c89fdae8e8590eda6b6ae662b85eaefc4c1b1c
SHA512

b019b23eaa3f548006f88ccd310887310cf5e543f8a523fba07dc2b316a8d3bca9ab5167fcf95dcc68f8760597c17ca20bb26be8cb4a777ae872b5e1a27f650c
SSDEEP

6144:BjoP57K/GSXfPdnRLCedBOJxWN85DHqPWqLac9kB/vGJJJo1D:B0P5m/zXfPT2+sJgN85FqLac9kGvJ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_22882a8ed5ee3f4050beb17d03530640

Files

VirusShare_22882a8ed5ee3f4050beb17d03530640
.exe windows:5 windows x86 arch:x86

f5fd053bc94ad679f5ff9321a87fe9c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetOldestEventLogRecord
ControlService
ClearEventLogA
SetTokenInformation
OpenServiceW
AllocateLocallyUniqueId
RegEnumValueA
DuplicateTokenEx

dbghelp

DbgHelpCreateUserDumpW
SymFromAddr
SymRegisterCallback
SymFunctionTableAccess
SymGetSymFromAddr64
SymEnumSymbols

clusapi

ClusterRegCloseKey
ClusterGroupGetEnumCount
GetClusterFromNetInterface
OpenClusterResource
ClusterGroupControl
ClusterNodeOpenEnum
CreateClusterResource
CloseClusterResource
ClusterResourceTypeOpenEnum

kernel32

SetStdHandle
CreateFileW
WriteConsoleW
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EncodePointer
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
IsProcessorFeaturePresent
CloseHandle

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5fd053bc94ad679f5ff9321a87fe9c9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

dbghelp

clusapi

kernel32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 323KB - Virtual size: 323KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 323KB - Virtual size: 323KB

.reloc
Size: 4KB - Virtual size: 3KB