VirusShare_0d1a433010938f994935c118ef75e4fe

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_0d1a433010938f994935c118ef75e4fe
Size

315KB
MD5

0d1a433010938f994935c118ef75e4fe
SHA1

ab40f96fd8709315373cf390d0d9954613e55b2d
SHA256

c25c1ac4c1182e47de71c0a4941a583e811bdc8afdad21ae81772d1dde0b2799
SHA512

787a06681989052e0464f086dba3403f00621ab0b2d9931e2bc412419b4a1696aced3d4ce81ad26e42fb419550f3b80f7296163ba2ada0d15e718740705742e3
SSDEEP

6144:v3QzHDTq3Znwx1ciuEYehRkeIP4BMY+U2q2M9110T:omJ0Wiu0RkeFoA1Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_0d1a433010938f994935c118ef75e4fe

Files

VirusShare_0d1a433010938f994935c118ef75e4fe
.exe windows:4 windows x86 arch:x86

d3d46ccea26f19780f9fce22bdd4fa6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidIdentifierAuthority
SetSecurityDescriptorGroup
RegQueryValueW
RegCreateKeyExW
AdjustTokenGroups
GetFileSecurityA
BuildImpersonateTrusteeA
DeleteService
RegCreateKeyW
DecryptFileW
LsaEnumerateAccountsWithUserRight
LsaSetTrustedDomainInfoByName
RegCloseKey
IsValidAcl
EnumDependentServicesW
RegOverridePredefKey
RegOpenKeyExW
RegDeleteValueA
RegQueryValueExA
QueryServiceStatus
GetSecurityInfo
LookupAccountNameA
RegEnumValueW
CopySid
OpenServiceW
GetExplicitEntriesFromAclW
RegQueryMultipleValuesA
ObjectPrivilegeAuditAlarmA
AdjustTokenPrivileges
RegQueryMultipleValuesW
ObjectCloseAuditAlarmA
ControlService
GetUserNameW
RegEnumKeyExW
AccessCheck
RegOpenKeyW
OpenEventLogA
GetPrivateObjectSecurity
LsaOpenPolicy
AddAce
FreeSid
ChangeServiceConfig2A
MapGenericMask
GetNamedSecurityInfoW
QueryServiceConfigA
GetSidSubAuthority
LookupAccountNameW
ReportEventA
GetTrusteeFormA
RegSaveKeyA
BuildTrusteeWithSidA
SetThreadToken
RegisterServiceCtrlHandlerW
LsaQueryInformationPolicy
CreatePrivateObjectSecurity
SetSecurityInfo
SetNamedSecurityInfoW
OpenBackupEventLogW
OpenProcessToken
AreAnyAccessesGranted
ObjectDeleteAuditAlarmW
GetSecurityDescriptorControl
RegNotifyChangeKeyValue
RegConnectRegistryW
ObjectOpenAuditAlarmW
GetSidSubAuthorityCount
SetEntriesInAclA
QueryServiceConfig2A
SetServiceStatus
InitializeSecurityDescriptor
BuildExplicitAccessWithNameW
OpenSCManagerW
LookupSecurityDescriptorPartsW
GetSecurityDescriptorOwner
AbortSystemShutdownW
QueryServiceObjectSecurity
CloseEventLog
BuildSecurityDescriptorW
GetServiceKeyNameA
InitiateSystemShutdownW
GetExplicitEntriesFromAclA
LsaClose
SetEntriesInAclW
SetNamedSecurityInfoA
BuildTrusteeWithNameA
ReportEventW
CloseServiceHandle
DuplicateTokenEx
LsaDeleteTrustedDomain
RegGetKeySecurity
GetSecurityDescriptorSacl
RegOpenKeyExA
GetAce
RegisterEventSourceA
SetFileSecurityA
GetSidLengthRequired
QueryServiceLockStatusW
GetTokenInformation
LockServiceDatabase
AddAccessAllowedAce
ObjectCloseAuditAlarmW
EqualPrefixSid
ChangeServiceConfigW
RegEnumKeyA
RegUnLoadKeyA
QueryServiceConfig2W
RegisterServiceCtrlHandlerA
LsaSetInformationPolicy
AddAuditAccessAce
MakeSelfRelativeSD
GetLengthSid
RegConnectRegistryA
LsaQueryTrustedDomainInfoByName
RegCreateKeyExA
GetKernelObjectSecurity
GetAclInformation
GetServiceDisplayNameW
LsaNtStatusToWinError
StartServiceA
MakeAbsoluteSD
SetKernelObjectSecurity
LsaRetrievePrivateData
BuildTrusteeWithNameW
RegEnumValueA
EnumServicesStatusA
LookupPrivilegeDisplayNameW
IsTokenRestricted
RegReplaceKeyA
LsaEnumerateTrustedDomains
RegDeleteKeyW
GetSecurityDescriptorDacl
LookupPrivilegeNameW
CreateProcessAsUserA
CreateRestrictedToken
OpenBackupEventLogA
LogonUserA
GetNamedSecurityInfoA
RegSetValueExW
DeregisterEventSource
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
CreateServiceA
RegOpenKeyA
StartServiceCtrlDispatcherA
NotifyChangeEventLog
GetSecurityDescriptorGroup
RegQueryInfoKeyW
RegDeleteValueW
GetNumberOfEventLogRecords
LsaCreateTrustedDomainEx
LsaQueryTrustedDomainInfo
OpenServiceA
ReadEventLogW
RegisterEventSourceW
GetOldestEventLogRecord
LogonUserW
UnlockServiceDatabase
RegSetValueExA
SetServiceObjectSecurity
LookupPrivilegeValueA
GetFileSecurityW
RegCreateKeyA
LsaLookupNames

user32

ActivateKeyboardLayout
GetMessagePos
EnumPropsExW
OpenClipboard
DestroyCursor
RegisterClassW
GetMenuItemInfoW
SetMenuItemInfoA
LoadImageA
CheckRadioButton
SetTimer
CharLowerBuffA
UnregisterHotKey
OemToCharA
CharLowerW
GetMessageA
ChangeDisplaySettingsExW
CreateIconFromResourceEx
GetSysColor
CreateIconFromResource
CharUpperW
DlgDirSelectComboBoxExA
GetUpdateRect
CallWindowProcA
GetMenuContextHelpId
InflateRect
DdeQueryNextServer
PaintDesktop
DestroyCaret
GetWindowRect
IsWindow
GetKeyboardLayoutNameW
CharPrevA
UnloadKeyboardLayout
EnableMenuItem
SetCursor
GetDlgItemInt
TranslateAcceleratorA
RedrawWindow
FillRect
OemKeyScan
MapVirtualKeyExA
LoadIconW
PostThreadMessageW
DdeCmpStringHandles
GetUpdateRgn
SetPropW
GetMessageExtraInfo
LoadCursorFromFileA
InSendMessage
DestroyAcceleratorTable
ShowCursor
DdeQueryStringA
PostQuitMessage
UpdateWindow
CreateWindowExW
CloseWindow
GetMenuStringW
SubtractRect
DestroyWindow
OemToCharBuffW
IsMenu
FlashWindow
EmptyClipboard
AppendMenuW
CreateCursor
GetMessageTime
LoadStringW
GetCaretBlinkTime
GetProcessWindowStation
SetCaretBlinkTime
DdeKeepStringHandle
HideCaret
DdeGetLastError
CopyAcceleratorTableA
GetForegroundWindow
SetClassWord
TranslateMessage
GetClipboardData
PeekMessageW
GetTopWindow
IsChild
RegisterClassA
VkKeyScanA
SetWindowPos
CreatePopupMenu
InvertRect
ChildWindowFromPoint
DdeClientTransaction
GetMenuStringA
ChangeDisplaySettingsExA
MapDialogRect
GetSystemMetrics
GetMenuCheckMarkDimensions
wvsprintfA
InvalidateRgn
EnumDisplaySettingsW
SetClassLongW
SetWindowsHookExW
LoadKeyboardLayoutA
DdeAccessData
SetParent
GetClipCursor
wvsprintfW
SetScrollPos
MessageBoxIndirectA
DdePostAdvise
IsDialogMessageA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

kernel32

GetStartupInfoA
GetWindowsDirectoryW
GetThreadPriorityBoost
BuildCommDCBW
Beep
GetNamedPipeHandleStateW
CreateMutexW
DeleteFileA
CreateMailslotW
GetModuleHandleA
Thread32Next
GlobalReAlloc
GetStartupInfoA
GetWindowsDirectoryW
GetThreadPriorityBoost
BuildCommDCBW
Beep
GetNamedPipeHandleStateW
CreateMutexW
DeleteFileA
CreateMailslotW
GetModuleHandleA
Thread32Next
GlobalReAlloc

comdlg32

GetSaveFileNameA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3d46ccea26f19780f9fce22bdd4fa6b

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

kernel32

comdlg32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3.4MB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3.4MB

.rsrc
Size: 24KB - Virtual size: 21KB