VirusShare_00486[.]zip[.]exe

General

Target

VirusShare_00486.zip.exe
Size

1.7MB
MD5

d08d74f9aaaa229a4df92b07b994a61e
SHA1

6c799db595b31253cc2446674c2c63216c443e0f
SHA256

006a99f7c0fc933ac3857df2aab87463fe228b305e37227ee2680c56994c15ff
SHA512

086b3e16d09fd6123ba89b052246ecf418a11b563b381ac73d58cd079ce629a3c9a4b2ade65b614420e9d27e2b8bdd628ba33e4c775a073ceb8adf0514de6d83
SSDEEP

49152:E0PwSC4MUmQ3H5LDWtOqOisI4sgeLrlG2vfqA525q1N1:FLp3ZLitHOi0Kn/525q5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_00486.zip.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

VirusShare_00486.zip.exe
.exe windows:5 windows x86 arch:x86

1d47ae434e7bfbcce77a62a5b3a1352f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Vladimir\My Documents\Visual Studio 2008\Projects\t2e\Src\Out\Release Static Win32\Strapper.pdb

Imports

urlmon

URLDownloadToFileW

comctl32

InitCommonControlsEx

kernel32

UnmapViewOfFile
MapViewOfFileEx
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
SetEvent
GetFileSize
IsBadReadPtr
WriteFile
GetFileAttributesW
GetModuleFileNameW
CreateFileW
CompareStringW
GetModuleHandleW
SetThreadPriority
GetTempPathW
GetLastError
CreateFileMappingW
CreateEventW
RemoveDirectoryW
lstrcatW
DuplicateHandle
CloseHandle
DeleteFileW
ResumeThread
CreateThread
ExitProcess
GetVersionExW
lstrcpynW
GetProcAddress
GetSystemInfo
lstrlenW
GetLocaleInfoW

user32

SetDlgItemTextW
MessageBoxW
IsWindow
CreateDialogParamW
ShowWindow
GetDlgItem
PeekMessageW
IsDialogMessageW
TranslateMessage
wsprintfW
MsgWaitForMultipleObjects
CharNextW
DestroyWindow
GetKeyboardLayoutList
GetDesktopWindow
GetWindowRect
SendMessageW
UpdateWindow
EnableWindow
DispatchMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d47ae434e7bfbcce77a62a5b3a1352f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

comctl32

kernel32

user32

advapi32

shell32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: - Virtual size: 528B

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: - Virtual size: 528B

.rsrc
Size: 17KB - Virtual size: 16KB