VirusShare_fcf8def7521fdeb9dd37a9a953301522

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_fcf8def7521fdeb9dd37a9a953301522
Size

1.2MB
MD5

fcf8def7521fdeb9dd37a9a953301522
SHA1

6a3cfce61c147cc2338e70565f6cb3704149f874
SHA256

ce6e141a13a2c217b91bc7051674b7a2825eb62cfd4cfd02955bfd88ab2f623e
SHA512

e7e57ec8fa8e251964ee4e3248cc8a2410b31e6613a5cdeac8375de5939361ad0eb005f5d18618243ae7643484d549de70c0b83fc97469fa4f2face49abae05d
SSDEEP

24576:YeM4bZF+duA1CpPZgevhF1uZgIQffBiufXQ6HaayE/Duo:YeM4bH+duBrgEhTgg7Ri2nHa471

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_fcf8def7521fdeb9dd37a9a953301522

Files

VirusShare_fcf8def7521fdeb9dd37a9a953301522
.exe windows:5 windows x86 arch:x86

58e170b048b85f9b887536b0d92efd2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\Chapter\Paul\Start\EDI\they'd\m.pdb

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
HeapCreate
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
WriteFile
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
FlushFileBuffers
CreateFileA
LocalFree
GetCurrentProcessId
CloseHandle
GetVersionExA
GetCurrentThreadId
GetModuleHandleA
CreateFileMappingA
LoadLibraryA
GlobalFree
GetProcAddress
SetLastError
GetLastError
GetStdHandle
GlobalUnlock
lstrcatA
GetMailslotInfo
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleW
CreateEventA
Sleep
LoadLibraryW
GlobalAlloc
OpenProcess
FormatMessageA
ExpandEnvironmentStringsA
GetProcessHeap
GetTickCount
WaitForSingleObject
GlobalLock
HeapFree
SetMailslotInfo
HeapAlloc
VirtualFree
MapViewOfFile

user32

GetWindow
IsDlgButtonChecked
DestroyIcon
GetWindowThreadProcessId
ShowWindow
GetDlgItemTextA
SetLayeredWindowAttributes
SetDlgItemTextA
IsWindow
EndDeferWindowPos
LoadCursorA
EnumThreadWindows
UpdateWindow
SetWindowTextA
GetCursorPos
GetDesktopWindow
DefWindowProcA
EndDialog
GetClassLongA
FillRect
BeginDeferWindowPos
MessageBoxW
DeferWindowPos
GetCursor
ClientToScreen
GetMessageA
GetSystemMenu
GetWindowRect
RegisterClassExA
PostQuitMessage
GetDlgItem
GetSubMenu
GetParent
LoadIconA
DrawIcon
WindowFromPoint
GetClientRect
SetFocus
SendMessageA
GetIconInfo
GetDC
TranslateMessage
InflateRect
GetMenu
OffsetRect
GetWindowTextA
SetWindowLongA
MessageBoxA
InvalidateRect
GetWindowLongA
CreateWindowExA
PeekMessageA
ReleaseDC
EnableMenuItem
SetClassLongA
DispatchMessageA

gdi32

Ellipse
CreatePen
SetMapMode
CreateCompatibleDC
SelectObject
DeleteObject
CreatePalette
CreateDIBitmap
GetObjectA
GetStockObject
MoveToEx
CreateSolidBrush
PlayMetaFile
SetMetaFileBitsEx
LineTo
CopyMetaFileA
GetEnhMetaFileA
DeleteDC
GetWinMetaFileBits
CreateDCA

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey

ole32

CoInitializeEx
GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

OleCreatePictureIndirect

psapi

EnumProcessModules
GetModuleBaseNameA
GetProcessMemoryInfo
GetModuleFileNameExA

avifil32

AVIStreamGetFrame
AVIStreamGetFrameOpen
AVIStreamGetFrameClose

msacm32

acmStreamClose
acmStreamOpen

msimg32

TransparentBlt

winmm

waveOutUnprepareHeader
waveInGetNumDevs
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveOutPrepareHeader
waveOutOpen
waveInUnprepareHeader
waveOutWrite

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetAdaptersAddresses
GetTcpStatistics
GetIpAddrTable
GetIfTable
IcmpCloseHandle
GetIpStatistics
GetIcmpStatistics
GetIfEntry
IcmpCreateFile
GetUdpStatistics
GetExtendedTcpTable

shlwapi

StrDupA

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA

secur32

AcquireCredentialsHandleW
QuerySecurityPackageInfoW

rpcns4

RpcNsBindingImportBeginA

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1012KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 737KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58e170b048b85f9b887536b0d92efd2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

psapi

avifil32

msacm32

msimg32

winmm

version

iphlpapi

shlwapi

rpcrt4

secur32

rpcns4

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 1012KB - Virtual size: 1011KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 77KB - Virtual size: 737KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 1012KB - Virtual size: 1011KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 77KB - Virtual size: 737KB