VirusShare_0f3c27527d49455d719d1c8f03b8b850

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_0f3c27527d49455d719d1c8f03b8b850
Size

80KB
MD5

0f3c27527d49455d719d1c8f03b8b850
SHA1

3e6c7827665beb46ddcb1f60fa31bb28a013de72
SHA256

ed2009b2855f87bb72f2baba82dec90d63e3c77f865217be77f56e236469a1d8
SHA512

12b800f333809ef6c9ce283440c99835ebde7dcee5203543ade534581ed13b125173a5cb8318f78a931d71d6b1d22982af4e828553eddbe4ca65abe5ca7f1be7
SSDEEP

1536:IWU0HKpZTIZf1oqkOY1dLMPaZ3nndNanBWLd8+gA:VUCFN1oqbY1dQPaBnc0Ld8+g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_0f3c27527d49455d719d1c8f03b8b850

Files

VirusShare_0f3c27527d49455d719d1c8f03b8b850
.exe windows:4 windows x86 arch:x86

baa8e0522a79e4ff298ea48d7226fd0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oledlg

ord1
ord7
ord8
ord9

comctl32

CreateToolbarEx
ord15
ord14

shlwapi

StrChrIW
StrRStrIW
StrCSpnA

kernel32

GetModuleHandleA
GetProcAddress
GetEnvironmentStrings
GetEnvironmentVariableA
GetACP
GetStdHandle
CreateSemaphoreA
ReleaseSemaphore
SuspendThread
LocalLock
LocalReAlloc
VirtualAlloc
TlsGetValue
TlsSetValue
LocalHandle
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetFileType
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetCurrentThreadId
TlsAlloc
SetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
SetFilePointer
GetCPInfo
GetOEMCP
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

winspool.drv

GetJobW
EnumPrinterDriversA
DeletePrinterDriverA
AddPrinterConnectionA
SetPrinterW
ClosePrinter
DeletePrinterDataA
SetJobW
SetJobA
GetPrinterDriverA
AbortPrinter
GetJobA
AddPrinterDriverExW
EnumPrintersA

secur32

CompleteAuthToken
ApplyControlToken
VerifySignature
AcceptSecurityContext
MakeSignature
DeleteSecurityContext
ExportSecurityContext
EncryptMessage
DecryptMessage
FreeCredentialsHandle

uxtheme

GetThemeSysInt

usp10

ScriptCPtoX
ScriptString_pcOutChars
ScriptFreeCache
ScriptShape
ScriptStringAnalyse
ScriptJustify
ScriptItemize

wsnmp32

ord604
ord105
ord400
ord103

activeds

ord6
ord4
ord16
ord5
ord19
ord12
ord23
ord18
ord9
ord15
ord17
ord7
ord14
ord3

cryptui

CryptUIWizImport
CryptUIDlgViewContext
CryptUIWizExport
CryptUIWizDigitalSign

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baa8e0522a79e4ff298ea48d7226fd0c

Headers

File Characteristics

Imports

oledlg

comctl32

shlwapi

kernel32

winspool.drv

secur32

uxtheme

usp10

wsnmp32

activeds

cryptui

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 2KB - Virtual size: 2KB