virussign[.]com_efa17071cd19dbd74a06ce5b09b44470[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_efa17071cd19dbd74a06ce5b09b44470.vir
Size

396KB
MD5

efa17071cd19dbd74a06ce5b09b44470
SHA1

20f76563939306a3201a51d65f6936d60a25ce5a
SHA256

c561e9be8bbbcabdc1848ea302a0b8b362a6eaf4535acca93d5a27f8789105f2
SHA512

48c992f47bf94b6aaab690756c3ca5cf7e3b773428e4fa53ae0274b886ca2643c19a4ea186c505f15fb4d8ab121733adb2c3876ecf9ae22425789b56108da322
SSDEEP

12288:K+nTTzRZPHf75NAPXKO/kj05zz+J+hZG4xhj+1FDg6z:1zTS5AEG4xhsD1z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
virussign.com_efa17071cd19dbd74a06ce5b09b44470.vir

Files

virussign.com_efa17071cd19dbd74a06ce5b09b44470.vir
.exe windows:5 windows x64 arch:x64

d429fb286e10eafb835054b9105f5174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Project\SPI\Tool\RSCIOTest\x64\Release\RSCIOTest.pdb

Imports

mfc100u

ord7227
ord12503
ord5580
ord11832
ord12272
ord11174
ord11192
ord11548
ord11465
ord11683
ord11675
ord11856
ord12563
ord7727
ord11611
ord11614
ord4200
ord6344
ord800
ord1207
ord3310
ord2530
ord7596
ord3608
ord2659
ord7957
ord5570
ord908
ord6582
ord12677
ord4623
ord5017
ord4628
ord4626
ord12012
ord411
ord959
ord4043
ord3836
ord5562
ord11673
ord11618
ord8290
ord9732
ord10888
ord9753
ord7872
ord7809
ord9954
ord10041
ord9311
ord9888
ord10622
ord10625
ord10623
ord10624
ord2527
ord1276
ord3605
ord2657
ord7955
ord5563
ord904
ord2850
ord2748
ord5868
ord1240
ord3249
ord6066
ord4620
ord859
ord1250
ord2029
ord2025
ord6402
ord5574
ord891
ord306
ord11829
ord6609
ord878
ord1270
ord6895
ord1900
ord1868
ord12387
ord5894
ord9019
ord4910
ord11523
ord10891
ord10922
ord9189
ord7094
ord3942
ord10918
ord10910
ord5049
ord3295
ord13189
ord13192
ord13190
ord13193
ord13188
ord13191
ord6898
ord11150
ord12889
ord10658
ord13782
ord1716
ord6853
ord11542
ord3484
ord3543
ord8221
ord13008
ord6836
ord13002
ord11158
ord11157
ord2117
ord4570
ord13475
ord11463
ord7246
ord7321
ord1877
ord4199
ord7315
ord7627
ord7624
ord2430
ord7657
ord5582
ord5052
ord285
ord2541
ord6345
ord1210
ord1622
ord810
ord6583
ord9242
ord2343
ord5486
ord8053
ord2576
ord8081
ord10889
ord2732
ord3502
ord2372
ord3562
ord11175
ord4348
ord265
ord266
ord12434
ord1248
ord857
ord1244
ord5871
ord7964
ord2751
ord3622
ord12581
ord1288
ord11860
ord6610
ord2138
ord5616
ord3320
ord296
ord890
ord4131
ord1953
ord5609
ord948
ord885
ord1274
ord5600
ord8037
ord9024
ord7096
ord4610
ord6660
ord6670
ord6669
ord5255
ord4457
ord4612
ord4476
ord4935
ord4715
ord8174
ord4907
ord4737
ord4473
ord10841
ord2759
ord2858
ord2859
ord3362
ord10798
ord2286
ord5064
ord12208
ord10414
ord5910
ord13009
ord6837
ord13003
ord2577
ord3850
ord13687
ord3857
ord4256
ord4223
ord4219
ord4253
ord4274
ord4232
ord4261
ord4270
ord4240
ord4244
ord4248
ord4236
ord4265
ord4228
ord1497
ord1490
ord1492
ord11674
ord5834
ord12578
ord3277
ord1190
ord776
ord3989
ord12574
ord12560
ord12570
ord12199
ord11658
ord2137
ord4440
ord5560
ord923
ord362
ord10805
ord7870
ord9747
ord10101
ord3486
ord2885
ord2884
ord2663
ord1486
ord1479
ord10926
ord10928
ord12359
ord2760
ord8084
ord9734
ord5998
ord10892
ord7803
ord13001
ord10626
ord3282
ord10763
ord7968
ord13681
ord13680
ord13752
ord13769
ord13765
ord13767
ord13768
ord13766
ord1454
ord2355
ord7088
ord2791
ord5338
ord12251
ord2354
ord10845
ord8038
ord12014
ord9216
ord6451
ord3163
ord926
ord369
ord6085
ord1418
ord294
ord11197
ord11480
ord11517
ord7222
ord1291
ord4507
ord11314
ord2785
ord2794
ord12255
ord5340
ord280
ord286
ord2023
ord9770
ord1290
ord2050
ord9138
ord1278

msvcr100

memset
memcpy
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
wprintf
sprintf_s
?what@exception@std@@UEBAPEBDXZ
fclose
fprintf
fopen
rand
_time64
srand
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
memmove
_wsplitpath_s
_wtof
_wtoi
wcstok_s
wcscpy_s
__CxxFrameHandler3

kernel32

WideCharToMultiByte
GetPrivateProfileStringW
GetPrivateProfileIntW
LocalFree
UnhandledExceptionFilter
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
lstrlenW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
ReleaseMutex
CreateMutexW
TerminateThread
MultiByteToWideChar
lstrlenA
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
ResetEvent
SetEvent
GetProcAddress
LoadLibraryW
CloseHandle
CreateThread
Sleep
WaitForSingleObject
GetTickCount

user32

LoadBitmapW
GetSysColor
RedrawWindow
GetClientRect
InvalidateRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetParent
SendMessageW
GetWindowRect
KillTimer
SetTimer
MessageBoxW
PostMessageW
LoadIconW
GetSystemMenu
AppendMenuW
IsIconic
GetSystemMetrics
InflateRect
EnableWindow
DrawIcon

gdi32

CreateFontIndirectW
DeleteObject
CreateCompatibleDC
LPtoDP
GetStockObject
GetObjectW
TextOutW
Rectangle
Escape
ExtTextOutW
RectVisible
PtVisible
CreateSolidBrush
CreatePen
BitBlt
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap

comctl32

InitCommonControlsEx

oleaut32

CreateErrorInfo
VariantInit
VariantClear
VariantChangeType
SysFreeString

msvcp100

?_Xlength_error@std@@YAXPEBD@Z

ws2_32

WSAStartup
WSACleanup
socket
setsockopt
htons
shutdown
closesocket
inet_addr
connect
send
WSAGetLastError
sendto
accept
recv
recvfrom

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

W�
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d429fb286e10eafb835054b9105f5174

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

comctl32

oleaut32

msvcp100

ws2_32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 214KB - Virtual size: 213KB

W� Size: 5KB - Virtual size: 5KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 214KB - Virtual size: 213KB

W�
Size: 5KB - Virtual size: 5KB