virussign[.]com_d2c729ba2fcf1161fe4bbc4e74825b10

Sharing

Copy URL

Twitter E-mail

General

Target

virussign.com_d2c729ba2fcf1161fe4bbc4e74825b10
Size

2.2MB
MD5

d2c729ba2fcf1161fe4bbc4e74825b10
SHA1

58e0087a919f726092403aef05211956ceabdc6d
SHA256

8e834c29fc3666bac9598aebe0ecdba51206d6d2ee74eee45aa365ecb41d4504
SHA512

a8f7e5eaa3b1a37f0eea9df6e4ba603845581803875aff787c839b199ed71b08b3441c89b67ec5403650b9f7cf68307490dd92f730ac7e03ef37aceeee09b1f5
SSDEEP

49152:KnMOsJ98lhZxR4gsDskpu8zWmQqZaPlTatUo2Ru313FvaFFtcUlEPRzk:KMOhLsDskpu8zHQYr2Ru3zBk

Score

N/A

Malware Config

Signatures

Files

virussign.com_d2c729ba2fcf1161fe4bbc4e74825b10
.exe windows x86

2d94b7f7249c37d1a591ef3c91760a6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceA
CloseServiceHandle
RegisterEventSourceA
StartServiceCtrlDispatcherA
DeleteService
RegSetValueExA
RegisterServiceCtrlHandlerA
CreateServiceA
DeregisterEventSource
RegCreateKeyA
ReportEventA
SetServiceStatus
OpenSCManagerA
RegCloseKey
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenCurrentUser
CreateProcessAsUserA
OpenProcessToken
ConvertStringSidToSidA
SetTokenInformation
DuplicateTokenEx
GetLengthSid
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges

kernel32

FlushConsoleInputBuffer
InitializeCriticalSection
CreateMutexA
CreateFileMappingA
GetStartupInfoA
GetExitCodeProcess
GlobalMemoryStatus
GetVersionExA
GetTickCount
QueryPerformanceCounter
LoadLibraryA
FreeLibrary
MultiByteToWideChar
GetFileType
GetStdHandle
CreateWaitableTimerA
GetCurrentProcessId
ProcessIdToSessionId
GetLogicalDriveStringsA
QueryDosDeviceA
GetProcessHeap
HeapAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
CreateThread
WaitForSingleObject
TlsFree
CloseHandle
TlsAlloc
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameA
PostQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
GetLastError
InterlockedExchange
LeaveCriticalSection
Sleep
SetEvent
ReleaseMutex
CreateIoCompletionPort
WaitForMultipleObjects
GetLocalTime
QueueUserAPC
SetLastError
GetSystemTimeAsFileTime
TerminateThread
TlsSetValue
SleepEx
InterlockedCompareExchange
SystemTimeToFileTime
ReleaseSemaphore
OpenEventA
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetQueuedCompletionStatus
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetEndOfFile
SetFilePointer
LockResource
SizeofResource
CreateEventA
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceA
DeleteFileW
MoveFileExW
ResumeThread
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringW
LocalFree
FormatMessageA
GetThreadTimes
GetSystemTimes
GetTempPathA
CopyFileA
MoveFileExA
ReadProcessMemory
ResetEvent
LCMapStringW
CompareStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
CreateFileW
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleCP
FlushFileBuffers
SetWaitableTimer
TlsGetValue
CreateMutexW
HeapFree
GetCurrentProcess
VerifyVersionInfoA
IsWow64Process
EncodePointer
DecodePointer
SetConsoleCtrlHandler
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
ExitThread
LoadLibraryExW
GetCommandLineA
HeapReAlloc
ReadFile
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
FindClose
FindFirstFileA
FindNextFileA
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
HeapSize
CreateFileA
GetFileSize
WriteFile
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetVolumeInformationA
ExpandEnvironmentStringsA
OpenProcess
SetHandleInformation
CreatePipe
SetFileAttributesA
GlobalFree
MapViewOfFile
UnmapViewOfFile
CreateProcessA
OpenMutexA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetModuleHandleW
RaiseException
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetOpenClipboardWindow
GetMessagePos
GetMessageTime
GetQueueStatus
GetIconInfo
GetDesktopWindow
ReleaseDC
DestroyIcon
GetActiveWindow
GetCaretPos
GetCursorPos
GetInputState
GetCapture
GetDC
MsgWaitForMultipleObjects
GetClipboardViewer
GetClipboardOwner
GetWindowInfo
UnhookWinEvent
TranslateMessage
SetWinEventHook
PeekMessageA
DispatchMessageA
GetWindowThreadProcessId
wsprintfA
GetFocus

gdi32

GetDIBits
GetObjectA
DeleteObject

ws2_32

htons
WSAGetLastError
WSASend
htonl
ntohl
WSAStringToAddressA
ioctlsocket
shutdown
WSARecv
setsockopt
send
freeaddrinfo
socket
bind
inet_ntoa
ntohs
WSAIoctl
connect
inet_addr
WSASetLastError
closesocket
WSASocketA
listen
WSAStartup
getaddrinfo
recv
WSACleanup

shell32

ord727
SHGetFileInfoA
SHGetFolderPathA
SHGetSpecialFolderPathA

crypt32

CryptMsgGetParam
CryptHashCertificate
CertFindCertificateInStore
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext
CertCloseStore
CertOpenStore

gdiplus

GdipSaveImageToStream
GdipFree
GdipCreateBitmapFromScan0
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdiplusShutdown

shlwapi

SHCreateStreamOnFileA

mswsock

AcceptEx
GetAcceptExSockaddrs

oleacc

AccessibleObjectFromEvent

ntdll

NtMapViewOfSection
NtUnmapViewOfSection
RtlUnwind
VerSetConditionMask
NtClose
RtlRaiseStatus
NtCreateSection
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
NtCreateFile

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetNetworkParams

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReadData
WinHttpConnect
WinHttpSendRequest
WinHttpQueryOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSetCredentials

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetProcessImageFileNameA
GetModuleFileNameExA
EnumProcesses

wintrust

CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WinVerifyTrust

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d94b7f7249c37d1a591ef3c91760a6a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

ws2_32

shell32

crypt32

gdiplus

shlwapi

mswsock

oleacc

ntdll

iphlpapi

ole32

oleaut32

winhttp

version

psapi

wintrust

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 417KB - Virtual size: 416KB

.data Size: 56KB - Virtual size: 4.6MB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 158KB - Virtual size: 160KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 417KB - Virtual size: 416KB

.data
Size: 56KB - Virtual size: 4.6MB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 158KB - Virtual size: 160KB