VirusShare_18d3139f57da66d455efdb04e278121c

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_18d3139f57da66d455efdb04e278121c
Size

325KB
MD5

18d3139f57da66d455efdb04e278121c
SHA1

cd6a31e7da1b32801560e112f394ddf877b45cd0
SHA256

f1c4ed60bfd5d40370e736647b6b2e42b29adda3b0c0acc2a36117dcc1aa6a40
SHA512

730c8a4143982c0e0b7bac3a605b5fa281990a2695a81341bdfc378352cc16e335f421a295aa26998af0a05a81d6c1a13a7a063988977d4de3897937122f8813
SSDEEP

6144:WfPzgqvRP131cB407qCXrhRkwMdcoUcLp9w9BDXsQSk:WfPzg2P1lA7qCXrcraQ9wjSk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_18d3139f57da66d455efdb04e278121c

Files

VirusShare_18d3139f57da66d455efdb04e278121c
.exe windows:4 windows x86 arch:x86

cf8d240557065c15a749829bee8ad761

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
exit
_acmdln
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_exit

lz32

LZSeek

advapi32

RegQueryMultipleValuesW
SetNamedSecurityInfoA
LsaAddAccountRights
ReportEventA
UnlockServiceDatabase
GetAclInformation
IsValidSid
SetEntriesInAclA
LsaQueryTrustedDomainInfoByName
GetAuditedPermissionsFromAclW
GetUserNameW
GetPrivateObjectSecurity
CreateServiceA
LsaRemoveAccountRights
GetTrusteeFormA
IsValidAcl
RegSaveKeyA
CloseEventLog
OpenServiceA
RegCreateKeyW
LsaRetrievePrivateData
OpenBackupEventLogW
GetExplicitEntriesFromAclW
RegReplaceKeyW
EnumServicesStatusA
RegEnumValueW
LsaClose
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegUnLoadKeyA
OpenEventLogA
RegDeleteValueW
QueryServiceConfig2W
GetSidSubAuthority
GetSecurityDescriptorOwner
GetNumberOfEventLogRecords
LookupPrivilegeDisplayNameW
ChangeServiceConfig2A
RegQueryValueExA
OpenBackupEventLogA
LsaEnumerateAccountRights
ChangeServiceConfigW
AdjustTokenPrivileges
DeleteService
GetServiceDisplayNameW
MakeSelfRelativeSD
QueryServiceObjectSecurity
ObjectCloseAuditAlarmA
GetKernelObjectSecurity
GetOldestEventLogRecord
GetSidIdentifierAuthority
QueryServiceLockStatusW
ObjectOpenAuditAlarmW
RegisterEventSourceW
SetSecurityInfo
RegLoadKeyW
ReportEventW
GetNamedSecurityInfoW
ImpersonateSelf
RegEnumKeyExW
RegReplaceKeyA
LsaQueryTrustedDomainInfo
LookupAccountNameW
OpenServiceW
LookupPrivilegeNameW
QueryServiceConfigA
LookupSecurityDescriptorPartsW
AddAce
IsTokenRestricted
RegOpenKeyExW
RegOpenKeyA
RegCreateKeyExA
GetServiceKeyNameA
LookupPrivilegeValueA
SetFileSecurityA
BuildExplicitAccessWithNameW
LogonUserW
BackupEventLogA
MapGenericMask
GetSecurityInfo
RevertToSelf
MakeAbsoluteSD
LsaEnumerateAccountsWithUserRight
AdjustTokenGroups
SetFileSecurityW
AccessCheck
PrivilegedServiceAuditAlarmW
RegCreateKeyExW
RegGetKeySecurity
SetThreadToken
GetSecurityDescriptorSacl
QueryServiceConfig2A
AccessCheckAndAuditAlarmA
ControlService
LogonUserA
GetSecurityDescriptorDacl
StartServiceA
RegisterEventSourceA
RegOpenKeyW
AbortSystemShutdownW
RegDeleteKeyA
RegDeleteKeyW
ObjectPrivilegeAuditAlarmA
CopySid
SetPrivateObjectSecurity
GetFileSecurityA
GetLengthSid
QueryServiceStatus
RegisterServiceCtrlHandlerW
RegSetValueA
QueryServiceLockStatusA
AllocateAndInitializeSid
RegOverridePredefKey
SetKernelObjectSecurity
RegisterServiceCtrlHandlerA
FreeSid
DecryptFileW
SetSecurityDescriptorSacl
RegQueryValueA
ReadEventLogW
BuildTrusteeWithNameW
SetServiceStatus
CloseServiceHandle
GetSecurityDescriptorLength
GetNamedSecurityInfoA
LsaOpenPolicy
AddAccessAllowedAce
GetTokenInformation
ObjectDeleteAuditAlarmW

user32

OemKeyScan
CreateDialogParamA

kernel32

GetPrivateProfileSectionA
DeleteFileA
FreeEnvironmentStringsA
AddAtomW
FindNextChangeNotification
GetTempFileNameA
GetCommProperties
CreateFileMappingW
GetPriorityClass
FileTimeToSystemTime
GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf8d240557065c15a749829bee8ad761

Headers

File Characteristics

Imports

msvcrt

lz32

advapi32

user32

kernel32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 940KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 940KB

.rsrc
Size: 36KB - Virtual size: 32KB