virussign[.]com_94d1b9794b5257cc6b8be78e9d954960[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_94d1b9794b5257cc6b8be78e9d954960.vir
Size

8.4MB
MD5

94d1b9794b5257cc6b8be78e9d954960
SHA1

5c0a776e3f6bfeeb04cfd70d4324ed16d794ea8c
SHA256

977df9a1ecdae8ede3adc0ba593de034894ad30fb6fa5a0fe17a2a73720d81ac
SHA512

ecc5628665685913146f0c27c27891f1a4c2c34aa215918bc9385f6950cd0655953a455501288655ad6406e684f4fadd20cab4e3d499f4006519aba4f17b5afa
SSDEEP

98304:XmY6ugz7LTd9mH/ciA2i1IKEmARnN8ucUhirjJMCn6:X/6u4d9mH/I1IKZARneyhyJE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
virussign.com_94d1b9794b5257cc6b8be78e9d954960.vir

Files

virussign.com_94d1b9794b5257cc6b8be78e9d954960.vir
.dll windows:6 windows x64 arch:x64

8484bbfb769e3970dfa9ea03702d4f12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegGetValueA

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

dbghelp

SymFromAddr

ws2_32

htons
inet_ntop
ntohs
WSAGetLastError
WSASocketA
closesocket
freeaddrinfo
getaddrinfo
setsockopt
WSAGetOverlappedResult
WSAIoctl
WSARecv
getsockname
WSASend
WSAStartup
bind
WSACleanup
getpeername
listen
htonl
inet_pton
socket
send
connect
recv
shutdown
ioctlsocket
getsockopt

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreW
CryptBinaryToStringW
CertCloseStore

python310

PyObject_GetItem
PyErr_CheckSignals
PyModuleDef_Init
PyUnicode_FromFormat
PyBytes_FromStringAndSize
PyGILState_Ensure
PyDict_DelItem
PyNumber_Long
PyUnicode_Compare
PyExc_StopAsyncIteration
_Py_NewReference
PyObject_IsSubclass
PyExc_TypeError
PyMem_Realloc
_PyObject_NextNotImplemented
PyObject_IsTrue
PyObject_Str
PyExc_NameError
PyTuple_Pack
_PyByteArray_empty_string
Py_OptimizeFlag
_PyUnicode_Ready
PyMem_Malloc
PyList_AsTuple
PyExc_IndexError
Py_EnterRecursiveCall
PyExc_ImportError
PyGen_Type
_Py_TrueStruct
PyArg_UnpackTuple
PyExc_SystemError
_PyUnicode_FastCopyCharacters
PyObject_SetItem
_PyObject_GC_New
PyType_Modified
PyAsyncGen_Type
PyTraceBack_Type
PyMethodDescr_Type
PyExc_GeneratorExit
_PyList_Extend
PyUnicode_FromString
PyLong_FromSize_t
_PyType_Lookup
PyUnicode_Format
PyObject_Size
PyObject_Call
PyByteArray_Type
PyType_Type
PySequence_Tuple
PyEval_RestoreThread
PySet_Discard
PyUnicode_FromStringAndSize
PyIter_Check
_PyObject_GetDictPtr
PyList_Type
PyUnicode_AsUTF8
PyObject_Not
PyObject_Init
PyObject_ClearWeakRefs
PyDescr_IsData
PyLong_AsLong
PyErr_Fetch
PyObject_GC_Del
PyModule_AddObject
PyCapsule_GetPointer
_PyErr_FormatFromCause
PyErr_ExceptionMatches
PyObject_Free
PySequence_GetSlice
PyObject_Format
PyModule_GetDict
PyImport_GetModuleDict
PyTuple_GetItem
_Py_Dealloc
PyCode_NewWithPosOnlyArgs
PyExc_OverflowError
PyErr_Restore
PyNumber_Subtract
PyType_IsSubtype
PyLong_Type
PyMethod_Type
PyModule_NewObject
PyFloat_Type
PyNumber_InPlaceAdd
_PySet_NextEntry
PyImport_GetModule
_Py_FalseStruct
PyTuple_Type
PyObject_RichCompare
PyDict_Type
PyErr_Format
PyDict_Next
PyLong_FromUnsignedLong
PyExc_ValueError
PyIter_Send
PyErr_WarnFormat
PyNumber_Add
PyObject_GetIter
PyErr_WriteUnraisable
PyLong_AsVoidPtr
PyNumber_Multiply
PySet_Size
PyUnicode_New
PyTuple_GetSlice
PyExc_AttributeError
PySet_Add
PyGC_Disable
PyFloat_FromDouble
PyLong_FromLongLong
PyDict_Size
PyDict_SetItemString
PySequence_Contains
PyTuple_New
_Py_NoneStruct
PyBytes_AsStringAndSize
PyGILState_Release
PyRun_StringFlags
PyBytes_FromString
PyLong_AsUnsignedLongLong
PyFloat_AsDouble
PySet_Clear
PyDict_Contains
PyModule_GetName
PyObject_GetAttr
Py_GetVersion
PyInterpreterState_GetID
PyDict_GetItemWithError
PyErr_SetNone
PyUnicode_Concat
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyList_SetSlice
PyEval_SaveThread
PyTraceBack_Here
PyObject_GenericGetAttr
PyNumber_Remainder
PyUnicode_DecodeUTF8
PyLong_FromSsize_t
PyErr_Occurred
PyObject_SelfIter
PyErr_NormalizeException
PyImport_ImportModuleLevelObject
_PyGen_SetStopIterationValue
PyImport_ImportModule
Py_LeaveRecursiveCall
PyExc_KeyError
_PyDict_SetItem_KnownHash
PyExc_DeprecationWarning
PyLong_AsSsize_t
PyFrame_New
PyErr_PrintEx
PyExc_RuntimeWarning
PyErr_WarnEx
PyLong_AsUnsignedLong
PyErr_GivenExceptionMatches
PyCode_NewEmpty
PyErr_SetObject
PyExc_Exception
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyObject_SetAttr
PyGC_Enable
PyBaseObject_Type
PyNumber_InPlaceOr
PySequence_List
PyFrozenSet_Type
PyCMethod_New
PyFrozenSet_New
PyExc_StopIteration
PyLong_FromVoidPtr
PyMem_Free
PyNumber_Index
PyObject_IsInstance
_PyDict_GetItem_KnownHash
PyObject_CallFinalizerFromDealloc
PyUnicode_Type
PyDict_New
PyDict_SetItem
PyObject_VectorcallDict
PySet_Type
_PyObject_GenericGetAttrWithDict
PyCapsule_New
PyException_SetTraceback
PyLong_AsDouble
PyTuple_Size
PyUnicode_Decode
PyObject_RichCompareBool
PyBytes_Type
PyList_Append
PyErr_Clear
PyNumber_InPlaceAnd
_PyDict_Pop
PyObject_GetAttrString
PyType_Ready
PyImport_AddModule
PyObject_GC_IsFinalized
PySlice_New
PyList_New
PyUnicode_DecodeLatin1
PyDict_GetItem
PyDict_GetItemString
PyErr_SetString
PyErr_NoMemory
PyCoro_Type
PySet_New
PyObject_GC_Track

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetProcessHeap
WriteConsoleW
HeapSize
SetEndOfFile
HeapReAlloc
SetFilePointerEx
ReadConsoleW
GetModuleHandleExW
ExitProcess
GetConsoleMode
GetConsoleOutputCP
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
GetTimeZoneInformation
SetConsoleCtrlHandler
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetModuleHandleW
GetSystemTimeAsFileTime
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetLocaleInfoEx
SwitchToThread
TryAcquireSRWLockExclusive
WakeAllConditionVariable
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
TlsAlloc
SetLastError
TlsSetValue
InitOnceExecuteOnce
LoadLibraryW
FreeLibrary
LoadLibraryExA
SleepConditionVariableSRW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
InitializeSRWLock
OutputDebugStringA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLogicalProcessorInformation
GetLastError
VirtualAlloc
WideCharToMultiByte
CreateEventA
CreateThread
SetEvent
WaitForSingleObject
GetEnvironmentVariableA
FindClose
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
FormatMessageA
LocalFree
GetCurrentThreadId
GetCurrentProcessorNumber
GetSystemInfo
DeleteFileA
GetFileAttributesA
CreateIoCompletionPort
CloseHandle
PostQueuedCompletionStatus
GetQueuedCompletionStatus

Exports

Exports

PyInit_cygrpc

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8484bbfb769e3970dfa9ea03702d4f12

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

dbghelp

ws2_32

crypt32

python310

kernel32

Exports

Exports

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 268KB - Virtual size: 353KB

.pdata Size: 225KB - Virtual size: 224KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 268KB - Virtual size: 353KB

.pdata
Size: 225KB - Virtual size: 224KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 52KB - Virtual size: 51KB