virussign[.]com_1213ef8fac858f6ffd944e91b360bd30[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_1213ef8fac858f6ffd944e91b360bd30.vir
Size

1.5MB
MD5

1213ef8fac858f6ffd944e91b360bd30
SHA1

4448fd2bafbe4931d95d25c73d5ae1b1dbb1fe73
SHA256

f99c1c1eccc0b8541321c266a1b2ae9b512e4873a083d0e696029eb1e711d20c
SHA512

91f8d2656fe6c96bb07c2e93824c828aed6f3f1696e16002a34cbab1f73414c5356d4726e89ad814b32136bf263c5cf2c7ddb46ea1949d2cadc9ba1ce5b86eaf
SSDEEP

24576:HH+/hjQl+ezt7tcrqprD/IPH0LWsQW50V/2ezzcCer96M7s75FVmFP2uFK4czt:n+/pezt7VPsYSerZ7g4Feu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
virussign.com_1213ef8fac858f6ffd944e91b360bd30.vir

Files

virussign.com_1213ef8fac858f6ffd944e91b360bd30.vir
.exe windows:5 windows x86 arch:x86

1738fefa50d0611937aaf1eda2e025f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\我的项目\GGENET\Release\ggeserver.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
DeleteCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
CreateThread
CloseHandle
SetConsoleCtrlHandler
Sleep
TerminateThread
InitializeCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
LeaveCriticalSection
IsProcessorFeaturePresent

msvcp100

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

msvcr100

_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_commode
_except_handler4_common
_invoke_watson
_controlfp_s
memcpy
__CxxFrameHandler3
__setusermatherr
_configthreadlocale
_initterm_e
_onexit
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_amsg_exit
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
printf
_purecall
_CxxThrowException
??3@YAXPAX@Z
??2@YAPAXI@Z
_unlock
__dllonexit
_lock

lua51

lua_newuserdata
luaL_ref
lua_topointer
lua_pushlightuserdata
lua_touserdata
luaL_newstate
luaL_openlibs
lua_close
luaL_loadbuffer
lua_pushboolean
luaL_unref
lua_error
lua_toboolean
lua_pushlstring
lua_tointeger
lua_gettop
lua_setmetatable
lua_pushvalue
luaL_checkudata
lua_getfield
lua_pushstring
lua_pushinteger
lua_remove
lua_rawgeti
lua_call
lua_tonumber
lua_pushnil
luaL_newmetatable
lua_pushcclosure
lua_setfield
lua_settable
lua_type
lua_rawset
lua_createtable
lua_pushnumber
lua_tolstring
lua_settop
lua_isuserdata

hpsocket

HP_Destroy_TcpPackClient
HP_Create_TcpPackClient
HP_Destroy_TcpPullClient
HP_Create_TcpPackServer
HP_Destroy_TcpPackServer
HP_Destroy_TcpPullServer
HP_Create_TcpPullServer
HP_Create_TcpPullClient

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1738fefa50d0611937aaf1eda2e025f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp100

msvcr100

lua51

hpsocket

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 5KB - Virtual size: 5KB