virussign[.]com_9041cf3169b0d207b803eb975e3e9370[.]vir

Sharing

Copy URL

Twitter E-mail

General

Target

virussign.com_9041cf3169b0d207b803eb975e3e9370.vir
Size

8.9MB
MD5

9041cf3169b0d207b803eb975e3e9370
SHA1

7968ce38625f7df0c3d748d6b818914744ccb3b1
SHA256

cc5d8280e37fd414f0b70c06eba6e3d6958f5d383b70d0e4b98147e081b490f2
SHA512

5ab9872496a8748ad0b44385c9cbac41ce2233c3970a9b1aeda51680db5138bf066b175a132781cfb3bf54b338a2046fe5977711d72fa5a5f4438db0104ac92a
SSDEEP

98304:nudVVQmmv6NSWrjSbx0n6SGy+pD/yZImZF99a:nudVVBmvdWrjSbx0nd9ZF99

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
virussign.com_9041cf3169b0d207b803eb975e3e9370.vir

Files

virussign.com_9041cf3169b0d207b803eb975e3e9370.vir
.exe windows:5 windows x86 arch:x86

6a3c8bb307c9e055b941b1dc63350b31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\Core\bin\TransactionServer.pdb

Imports

psapi

GetModuleBaseNameA
EnumProcesses
QueryWorkingSet
GetProcessMemoryInfo
GetModuleFileNameExA
EmptyWorkingSet
EnumProcessModules
GetPerformanceInfo
GetModuleInformation

kernel32

HeapFree
HeapSize
HeapReAlloc
HeapSetInformation
GetCommandLineW
GetCommandLineA
HeapCreate
TlsSetValue
DuplicateHandle
GetCurrentThread
GetExitCodeThread
TlsGetValue
InterlockedExchangeAdd
VirtualProtect
HeapWalk
HeapValidate
HeapDestroy
HeapCompact
TlsAlloc
GetProcessHeap
ExitThread
GetCurrentThreadId
CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
CreateMutexA
VirtualQuery
OpenFileMappingA
GetTempFileNameA
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
SleepEx
TlsFree
CreateIoCompletionPort
GetQueuedCompletionStatus
CancelIo
SetHandleInformation
LockResource
FindResourceA
LoadResource
FindResourceExA
GetModuleHandleA
SetErrorMode
SetThreadContext
GetThreadContext
QueryDepthSList
WriteConsoleOutputCharacterA
WriteConsoleOutputAttribute
GetConsoleScreenBufferInfo
ReadConsoleInputA
SetConsoleMode
GetStdHandle
InterlockedCompareExchange
WideCharToMultiByte
SetProcessAffinityMask
GetProcessAffinityMask
GetCurrentProcessId
CreateFileA
ReadDirectoryChangesW
PostQueuedCompletionStatus
DeleteFileA
Thread32Next
SuspendThread
ResumeThread
Thread32First
CreateToolhelp32Snapshot
LocalFree
SetFilePointerEx
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
GetFileSize
CopyFileA
MoveFileExA
GetDiskFreeSpaceExA
GetOverlappedResult
CreateNamedPipeA
WaitNamedPipeA
OutputDebugStringA
GetCurrencyFormatW
MultiByteToWideChar
GetNativeSystemInfo
GetVersionExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
IsBadReadPtr
IsBadStringPtrA
SetThreadPriority
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
TerminateProcess
OpenProcess
Process32Next
Process32First
Module32Next
Module32First
lstrlenA
CreateThread
HeapAlloc
Sleep
QueueUserAPC
SetLastError
CreateProcessA
GetProcessId
GetExitCodeProcess
GetTempPathA
GetSystemDirectoryA
GetProcessHandleCount
GetComputerNameA
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalUnlock
GlobalLock
GlobalAlloc
SetConsoleTitleA
GetConsoleTitleA
MapViewOfFileEx
GetConsoleWindow
SetThreadIdealProcessor
RaiseException
OpenThread
GetThreadTimes
SetThreadAffinityMask
QueryPerformanceFrequency
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetLocalTime
TzSpecificLocalTimeToSystemTime
GetSystemTimeAsFileTime
TryEnterCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
SetEvent
ResetEvent
QueryPerformanceCounter
WriteConsoleA
GetThreadPriority
GetPriorityClass
AllocConsole
SetConsoleTextAttribute
ReadConsoleOutputA
SetConsoleWindowInfo
GetConsoleFontSize
GetCurrentConsoleFont
SetConsoleScreenBufferSize
CreatePipe
LoadLibraryW
GetTimeZoneInformation
GetFileInformationByHandle
MoveFileA
GetDriveTypeA
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableA
OpenEventA
OpenMutexA
VirtualFree
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
GetModuleFileNameW
SetFileAttributesA
GetTimeFormatA
GetDateFormatA
InterlockedExchange
VirtualAlloc
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FindFirstFileExW
GetFileType
GetCurrentDirectoryW
SetCurrentDirectoryW
WriteConsoleW
OutputDebugStringW
GetConsoleCP
GetStringTypeW
CreateDirectoryA
RemoveDirectoryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
PeekNamedPipe
IsProcessorFeaturePresent
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
FatalAppExitA
GetLocaleInfoW
HeapQueryInformation
SetHandleCount
GetStartupInfoW
LCMapStringW
CreateFileW
GetFullPathNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetSystemInfo
InterlockedDecrement
GetEnvironmentVariableA
DeleteCriticalSection
FreeLibrary
GetModuleFileNameA
GetCurrentDirectoryA
GetFileAttributesA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
InterlockedIncrement
ReadFile
CloseHandle
InitializeCriticalSection
FormatMessageA
GetSystemTime
FindFirstFileA
FindNextFileA
FindClose
GetTickCount
IsDebuggerPresent
CreateEventA
GetLastError
DecodePointer
GetModuleHandleW
ExitProcess
GetFullPathNameA
GetDriveTypeW
TerminateThread
SetFileTime

user32

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
GetWindowThreadProcessId
EnumWindows
FindWindowA
GetClipboardData
OpenClipboard
EmptyClipboard
BringWindowToTop
PtInRect
GetSystemMetrics
GetDesktopWindow
PostMessageA
SetClipboardData
CloseClipboard
ShowCursor
MoveWindow
GetSysColorBrush
EnableWindow
CreateIconIndirect
SendMessageTimeoutA
SendDlgItemMessageA
SetFocus
GetDC
ReleaseDC
GetMonitorInfoA
EnumDisplayMonitors
RemoveMenu
GetSysColor
InvalidateRect
SendMessageW
GetDialogBaseUnits
GetWindowTextA
DialogBoxIndirectParamA
EndDialog
FlashWindowEx
SetWindowTextA
IsWindowVisible
IsIconic
PeekMessageA
SetActiveWindow
CreateDialogIndirectParamA
UpdateWindow
PostQuitMessage
SetWindowPos
GetWindowInfo
GetWindowRect
MessageBoxA
GetMessageA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
GetDlgItemTextA
CreateWindowExA
ScreenToClient
RedrawWindow
EnumChildWindows
DestroyWindow
GetWindowLongA
SetTimer
SetWindowLongA
GetDlgItem
LoadIconA
ShowWindow
SetDlgItemTextA
SendMessageA
GetSystemMenu
GetWindowTextLengthA
SystemParametersInfoA
SetScrollInfo
OffsetRect
CopyRect
GetParent
GetAsyncKeyState
MapWindowPoints
GetClientRect
GetScrollInfo
SetScrollPos
EnumDisplayDevicesA
ScrollWindow
GetActiveWindow

gdi32

Rectangle
CreateBitmap
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateFontA
GetTextExtentPointA
SetBkMode
TextOutA
DeleteObject
SetTextColor
SetBkColor
CreateDIBSection
CreateFontIndirectA
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegFlushKey
RegCreateKeyExA
GetUserNameA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA

shell32

SHFileOperationA
SHGetSpecialFolderPathA
ShellExecuteA
SHGetFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

ws2_32

gethostbyname
gethostbyaddr
socket
closesocket
ioctlsocket
setsockopt
getsockopt
getsockname
getpeername
bind
connect
accept
select
recvfrom
send
sendto
inet_addr
WSAGetLastError
WSACleanup
WSAStartup
gethostname
ntohl
shutdown
ntohs
htons
WSARecv
WSAGetOverlappedResult
WSAIoctl
htonl
listen
recv

comctl32

ord17

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsExA
SetupDiOpenDevRegKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertNameToStrA
CertOpenSystemStoreA

secur32

ApplyControlToken
DeleteSecurityContext
QueryContextAttributesA
EncryptMessage

Sections

.textbss
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 937KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a3c8bb307c9e055b941b1dc63350b31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

comctl32

setupapi

version

winmm

crypt32

secur32

Sections

.textbss Size: - Virtual size: 3.2MB

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 937KB - Virtual size: 2.3MB

.idata Size: 14KB - Virtual size: 14KB

.tls Size: 1024B - Virtual size: 514B

.reloc Size: 369KB - Virtual size: 369KB

.textbss
Size: - Virtual size: 3.2MB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 937KB - Virtual size: 2.3MB

.idata
Size: 14KB - Virtual size: 14KB

.tls
Size: 1024B - Virtual size: 514B

.reloc
Size: 369KB - Virtual size: 369KB