virussign[.]com_a4cb4ed04022deecee22eb1949abecb0[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_a4cb4ed04022deecee22eb1949abecb0.vir
Size

587KB
MD5

a4cb4ed04022deecee22eb1949abecb0
SHA1

c5c1bc3b127fca1201dac06986a5422758dce9f5
SHA256

8e9a3b01cb2fc48f947955fbd00faac8ec564db02dd8fc1686ff76c79f24ed91
SHA512

828d3c0c8cd27bfbfba810fba416499b2ec846f2cd6711576fc54316dc240fb1c38d191d65cfe4e6f3d3742fac413f979ea6ed6b91d77dbb3cf2937fc21e1ef7
SSDEEP

6144:cqeJMwro9ehdQypyIfNOwV4vR0qK4JNX3kWPLtoZdQ9YjUty7FLEspS/eWIAjW5a:cq0zgNX3ZPL8K6YAlU/eWIJCVtZV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
virussign.com_a4cb4ed04022deecee22eb1949abecb0.vir

Files

virussign.com_a4cb4ed04022deecee22eb1949abecb0.vir
.dll windows:4 windows x86 arch:x86

aef68473e034472020f0126c0860be85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypto

ord26
ord42
ord49
ord47
ord27

efsrv

ord204
ord152

estor

ord516
ord245
ord101
ord44
ord364
ord506
ord412
ord343
ord518
ord246
ord424
ord302
ord420
ord344
ord248
ord16
ord440

euser

ord185
ord679
ord801
ord800
ord186
ord146
ord526
ord1113
ord1112
ord503
ord1335
ord147
ord198
ord840
ord1330
ord1366
ord365
ord1223
ord430
ord620
ord369
ord139
ord353
ord1459
ord351
ord352
ord690
ord144
ord619
ord429
ord1244
ord723
ord1236
ord1368
ord4
ord928
ord3
ord5

kernel32

ExitProcess
IsBadReadPtr
RtlUnwind
RaiseException
TlsAlloc
InitializeCriticalSection
TlsFree
TlsGetValue
GetLastError
GetProcessHeap
HeapAlloc
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
HeapFree
GlobalAlloc
GlobalFree
SetFilePointer
WriteFile
CloseHandle
ReadFile
DeleteFileA
DeleteCriticalSection

pkixcertbase

ord22
ord14
ord23

user32

MessageBoxA

x500

ord4

x509

ord207
ord51

Exports

Exports

_E32Dll

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYMBIAN
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 465B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aef68473e034472020f0126c0860be85

Headers

File Characteristics

Imports

crypto

efsrv

estor

euser

kernel32

pkixcertbase

user32

x500

x509

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 60KB - Virtual size: 56KB

.exc Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 4KB

.SYMBIAN Size: 4KB - Virtual size: 48B

.idata Size: 4KB - Virtual size: 1KB

.CRT Size: 4KB - Virtual size: 76B

.bss Size: - Virtual size: 8KB

.edata Size: 4KB - Virtual size: 465B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 60KB - Virtual size: 56KB

.exc
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 4KB

.SYMBIAN
Size: 4KB - Virtual size: 48B

.idata
Size: 4KB - Virtual size: 1KB

.CRT
Size: 4KB - Virtual size: 76B

.bss
Size: - Virtual size: 8KB

.edata
Size: 4KB - Virtual size: 465B

.reloc
Size: 4KB - Virtual size: 3KB