VirusShare_373c1378a3f17f6f8ad5229cdbf2f74b

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_373c1378a3f17f6f8ad5229cdbf2f74b
Size

313KB
MD5

373c1378a3f17f6f8ad5229cdbf2f74b
SHA1

ce8770fbe33844906efa90ab8a61f9a92df2595c
SHA256

964c038c175c3908e3597456816732acefe07282438f5e1e3661a55ad52506ab
SHA512

9668f9d660b65daa316e188877a56696b6257614399b57d2b03a05f62107b748d44b22b94d7fa52b610d6c34bf735104f98e781cfa1dad42c60b0d996bcf3707
SSDEEP

6144:80qENPflJow97sO/scZ6HBCd4WrcuTAq5vPQpyVOoM+Nr2848:88PkwVKcZ6H8aWrcXePQpyYopr28R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_373c1378a3f17f6f8ad5229cdbf2f74b

Files

VirusShare_373c1378a3f17f6f8ad5229cdbf2f74b
.exe windows:4 windows x86 arch:x86

da3761e05f6c0d861c24346547a040e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit

kernel32

GetStartupInfoA
GetModuleHandleA
GetLastError
FreeEnvironmentStringsW
FillConsoleOutputAttribute
GetTempPathA
Module32Next

advapi32

GetNumberOfEventLogRecords
GetServiceDisplayNameW
GetPrivateObjectSecurity
EqualSid
OpenBackupEventLogA
SetSecurityDescriptorSacl
RevertToSelf
LsaQueryTrustedDomainInfo
GetSidIdentifierAuthority
GetFileSecurityA
CreateServiceA
BuildTrusteeWithSidA
StartServiceCtrlDispatcherW
ReportEventA
RegDeleteValueW
IsValidSid
SetNamedSecurityInfoW
OpenBackupEventLogW
GetExplicitEntriesFromAclA
OpenEventLogA
RegEnumKeyA
MakeAbsoluteSD
AdjustTokenPrivileges
RegQueryValueExW
ObjectDeleteAuditAlarmW
LsaNtStatusToWinError
InitializeSecurityDescriptor
SetServiceObjectSecurity
GetSidLengthRequired
SetTokenInformation
RegUnLoadKeyA
RegOverridePredefKey
GetUserNameW
MapGenericMask
GetServiceKeyNameA
LsaLookupSids
RegCreateKeyW
CreateRestrictedToken
SetEntriesInAclW
BuildImpersonateTrusteeA
RegQueryMultipleValuesA
RegCreateKeyA
GetAce
LockServiceDatabase
LsaAddAccountRights
AddAccessAllowedAce
LsaSetTrustedDomainInfoByName
BuildTrusteeWithNameW
BuildTrusteeWithNameA
RegCreateKeyExW
GetTokenInformation
LookupPrivilegeDisplayNameW
LsaQueryInformationPolicy
GetAuditedPermissionsFromAclW
LsaLookupNames
SetFileSecurityA
ControlService
CloseServiceHandle
ObjectPrivilegeAuditAlarmA
RegDeleteKeyA
ObjectCloseAuditAlarmA
RegQueryMultipleValuesW
LsaOpenPolicy
RegOpenKeyW
EnumServicesStatusA
RegReplaceKeyA
GetSidSubAuthority
GetKernelObjectSecurity
RegLoadKeyW
OpenSCManagerW
ImpersonateSelf
RegUnLoadKeyW
LookupPrivilegeNameW
OpenServiceW
GetFileSecurityW
GetSecurityDescriptorDacl
RegCloseKey
RegGetKeySecurity
QueryServiceConfig2A
BuildSecurityDescriptorW
RegSetKeySecurity
OpenProcessToken
DeleteService
BackupEventLogA
GetSecurityDescriptorLength
FreeSid
AccessCheck
RegisterServiceCtrlHandlerW
GetSecurityDescriptorOwner
DeregisterEventSource
LsaClose
SetThreadToken
LogonUserW
LookupSecurityDescriptorPartsW
QueryServiceConfig2W
CloseEventLog
LsaSetInformationPolicy
RegOpenKeyExW
RegReplaceKeyW
CreatePrivateObjectSecurity
LsaEnumerateAccountRights
RegCreateKeyExA
ObjectOpenAuditAlarmW
SetSecurityDescriptorGroup
LsaRetrievePrivateData
OpenServiceA
GetNamedSecurityInfoW
RegQueryValueExA
AllocateAndInitializeSid
ChangeServiceConfig2A
ReadEventLogW
BackupEventLogW
PrivilegedServiceAuditAlarmW
SetKernelObjectSecurity
GetSecurityDescriptorSacl
QueryServiceStatus
DuplicateTokenEx
RegisterEventSourceA
SetPrivateObjectSecurity
LsaEnumerateTrustedDomains
AreAnyAccessesGranted
RegQueryInfoKeyW
StartServiceA
GetOldestEventLogRecord
IsTokenRestricted
RegEnumKeyExW
GetSecurityDescriptorControl
RegSetValueW
LsaEnumerateAccountsWithUserRight
SetNamedSecurityInfoA
GetAclInformation
RegRestoreKeyW
RegisterEventSourceW
SetEntriesInAclA
RegSetValueExW
GetSecurityDescriptorGroup
LookupAccountNameW
ChangeServiceConfigW
RegSetValueA
LookupAccountNameA
IsValidAcl
RegOpenKeyExA
GetSidSubAuthorityCount
SetSecurityDescriptorOwner
LsaDeleteTrustedDomain
GetSecurityInfo
RegDeleteKeyW
RegConnectRegistryA
CreateProcessAsUserA
DecryptFileW
ReportEventW
RegEnumValueA
RegisterServiceCtrlHandlerA
EnumDependentServicesW
GetExplicitEntriesFromAclW
SetSecurityInfo
ReadEventLogA
GetTrusteeFormA
AddAce
ObjectCloseAuditAlarmW
AddAuditAccessAce
LookupPrivilegeValueA
QueryServiceConfigA
AccessCheckAndAuditAlarmA
GetLengthSid
QueryServiceObjectSecurity
EqualPrefixSid
QueryServiceLockStatusW
SetFileSecurityW
RegNotifyChangeKeyValue
MakeSelfRelativeSD
LsaQueryTrustedDomainInfoByName
SetSecurityDescriptorDacl
RegQueryValueW
UnlockServiceDatabase
CopySid
NotifyChangeEventLog
RegSaveKeyA

user32

DdeCreateStringHandleA
GetWindowPlacement
CharPrevExA

mpr

WNetGetConnectionA
WNetOpenEnumW
MultinetGetConnectionPerformanceA
WNetConnectionDialog1A
WNetGetUniversalNameA
WNetCancelConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetGetUniversalNameW
WNetAddConnectionA
WNetCancelConnectionA
WNetGetUserA
WNetDisconnectDialog

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da3761e05f6c0d861c24346547a040e4

Headers

File Characteristics

Imports

lz32

msvcrt

kernel32

advapi32

user32

mpr

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 3.9MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 3.9MB

.rsrc
Size: 12KB - Virtual size: 11KB