VirusShare_0b800543cc26bff83a3715887365fb1e | Triage

Sharing

General

Target

VirusShare_0b800543cc26bff83a3715887365fb1e
Size

2.4MB
MD5

0b800543cc26bff83a3715887365fb1e
SHA1

3b6616f1d512e2aa8d503cef0fc010559f6e4e2e
SHA256

404c3b646a29062665a581bb4c2a93d664051f4ebf39d3aeddbb8ba992085fd0
SHA512

f9b0747f5f3b42f2c868b0766b227650747d1bc6d98bb42cfa58bda64e09fbe86992bc2ee0fe2f994851b277f545f89019523838f0b517acfc156995ace7a1ed
SSDEEP

3072:zg/25ly/6pYSahor+hgl4P6GKIjsc9UjC1N1+xY/rD18RWgAg/:E6aUr+alo6GOCHcu/rh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_0b800543cc26bff83a3715887365fb1e

Files

VirusShare_0b800543cc26bff83a3715887365fb1e
.dll windows:4 windows x86 arch:x86

321dcbdde6228bfc985b6dfe96d13521

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RegisterWaitForSingleObjectEx
SetTapeParameters
SetFirmwareEnvironmentVariableW
SetFileValidData
SetCriticalSectionSpinCount
LoadLibraryW

ntdll

RtlDeleteAce

ole32

CoDisableCallCancellation

advapi32

ImpersonateAnonymousToken
SetAclInformation

gdi32

CombineRgn
OffsetRgn
IntersectClipRect
GetStockObject
GetDeviceCaps
GdiGetBatchLimit
FrameRgn
FillPath
EqualRgn
DeleteObject
StrokePath
SetDIBColorTable
CreateEllipticRgn
CancelDC
RestoreDC
BeginPath

comctl32

RemoveWindowSubclass

d3d8

Direct3DCreate8

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ