VirusShare_5e907e414bdbafa5c2657dfe61ad1f70

Sharing

Copy URL

Twitter E-mail

General

Target

VirusShare_5e907e414bdbafa5c2657dfe61ad1f70
Size

140KB
MD5

5e907e414bdbafa5c2657dfe61ad1f70
SHA1

93c9f257891f3c2f71ecefcb682e94d9be764fb9
SHA256

b0e87e87ee7a79f68fbc835746497274b883653cdb59e4cea8c91bc8aff3a0af
SHA512

3ff03f6a135175bdb679eff838fa8efdbe19d6580a007bd7f9a2fe3ce2b4c9fcdd2cd4bc90be725b9527b939443802df653a61e61f5b578a759e30da766210a0
SSDEEP

1536:GqV+DIoueyu3pE6Zkxts417guUvFMFyJyY:9sVPp/ZkxWwThFyJJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_5e907e414bdbafa5c2657dfe61ad1f70

Files

VirusShare_5e907e414bdbafa5c2657dfe61ad1f70
.dll windows:4 windows x86 arch:x86

061cadfa334026814fecd7f8b379b53b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

install0.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
TlsGetValue
HeapFree

msvcrt

malloc
strtod
free

user32

FindWindowA

comdlg32

GetFileTitleW
CommDlgExtendedError
FindTextW
ChooseColorA
ChooseFontA
ReplaceTextA
GetOpenFileNameA
ReplaceTextW
PageSetupDlgW
FindTextA
GetSaveFileNameW
PrintDlgW

winmm

timeGetTime

rpcrt4

I_RpcGetBufferWithObject
RpcBindingToStringBindingA
I_RpcFreePipeBuffer
RpcSmFree
RpcBindingFromStringBindingA
NdrConformantArrayMemorySize
RpcServerRegisterIf
NdrPointerMemorySize
I_RpcAllocate
NdrConformantArrayMarshall
I_RpcPauseExecution
RpcSmGetThreadHandle
NdrClientCall2
RpcSmSetThreadHandle
RpcStringFreeW
I_RpcServerUseProtseq2A
NdrServerContextUnmarshall
RpcBindingInqAuthClientW
NdrAllocate
NdrConformantArrayUnmarshall
NdrCorrelationInitialize
I_RpcAsyncSetHandle
RpcServerInqBindings
NdrPointerFree
I_RpcBindingInqDynamicEndpointW
RpcBindingReset
I_RpcServerSetAddressChangeFn
NdrVaryingArrayFree
RpcNetworkInqProtseqsA
UuidFromStringA
RpcBindingInqAuthInfoExA
RpcServerUseProtseqEpW
NdrAsyncClientCall

msi

ord169
ord96
ord50
ord35
ord38
ord78
ord120

rtm

RtmIsMarkedForChangeNotification
RtmCreateNextHopEnum
RtmGetExactMatchRoute
RtmIsBestRoute
RtmBlockMethods
RtmDeregisterEntity
RtmGetListEnumRoutes
RtmGetRegisteredEntities
RtmGetMostSpecificDestination
RtmRegisterEntity
RtmDeleteNextHop
RtmGetLessSpecificDestination
RtmLockRoute
RtmGetEntityInfo
RtmGetDestInfo
RtmReleaseEntities

imm32

ImmGetIMEFileNameW
ImmGetVirtualKey
ImmAssociateContext

Exports

Exports

CombineRegisterFiberConvertClass
OfflineEllipticType
RevertFinishRegisterRanges
SizeofRunInformationPrivate
StrModuleMetrics

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GJc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9l
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

061cadfa334026814fecd7f8b379b53b

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

user32

comdlg32

winmm

rpcrt4

msi

rtm

imm32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 11KB - Virtual size: 14KB

.GJc Size: 1KB - Virtual size: 1KB

.9l Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 792B

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 11KB - Virtual size: 14KB

.GJc
Size: 1KB - Virtual size: 1KB

.9l
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 792B