WindowsProgram[.]exe[.]vir

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsProgram.exe.vir
Size

28.2MB
MD5

015f03a74ba6fdb3f8dd526f40300d9a
SHA1

e957fc45334c7ffce5c0457b885a14605f9c0fbe
SHA256

6b9016dc610f7e9c42d1af3050cd51f6f7cd8793130d5cbee1ca3b4d58cc5e31
SHA512

dcddc76db7c4faa7c52c0f15811b21e410ccdaeb841929fedd6f57b97264816b4e6923a5ba09daade8c6b7d2eeaa4b995ff22fe7160281cceb7782bf84ef858e
SSDEEP

393216:fFA3CQMdB4AaafwIt5VMbkYUNp0rZe+VPyaqw7s2rjOF76mDQhimjDdcUHSLxx:zbMvKRt5VnYUNH2aZss+6F7BDQsoST

Score

1^/10

Malware Config

Signatures

Files

WindowsProgram.exe.vir
.exe windows:5 windows x86 arch:x86

4c5fd16fd31ce7e7a1a17ee683b3917c

Code Sign

72:85:e4:6e:2e:d0:85:a4
Certificate

Issuer

CN=vpn.speed.com,O=fobwifi,C=CN

Not Before

29-05-2020 15:24

Not After

24-05-2040 15:24

Subject

CN=vpn.speed.com,O=speed,C=CN

72:85:e4:6e:2e:d0:85:a4
Certificate

Issuer

CN=vpn.speed.com,O=fobwifi,C=CN

Not Before

29-05-2020 15:24

Not After

24-05-2040 15:24

Subject

CN=vpn.speed.com,O=speed,C=CN

58:68:79:01:c8:64:67:ae:57:2a:f1:10:f6:94:97:8c:09:64:e1:46:ba:d5:30:da:d5:f2:a5:3f:a8:ac:e8:a0
Signer

Actual PE Digest

58:68:79:01:c8:64:67:ae:57:2a:f1:10:f6:94:97:8c:09:64:e1:46:ba:d5:30:da:d5:f2:a5:3f:a8:ac:e8:a0

Digest Algorithm

sha256

PE Digest Matches

true

56:c0:05:a2:0a:e9:c6:26:dd:e2:7e:1d:6f:c1:01:e8:51:59:0e:c9
Signer

Actual PE Digest

56:c0:05:a2:0a:e9:c6:26:dd:e2:7e:1d:6f:c1:01:e8:51:59:0e:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP

user32

TranslateMDISysAccel

gdi32

ExtSelectClipRgn

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExW

shell32

DragQueryFileA

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA

ole32

CoFreeUnusedLibraries

oleaut32

SysAllocStringLen

oledlg

ord8

oleacc

LresultFromObject

gdiplus

GdipGetImageGraphicsContext

imm32

ImmGetOpenStatus

winmm

PlaySoundA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 26.9MB - Virtual size: 26.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c5fd16fd31ce7e7a1a17ee683b3917c

Code Sign

72:85:e4:6e:2e:d0:85:a4Certificate

72:85:e4:6e:2e:d0:85:a4Certificate

58:68:79:01:c8:64:67:ae:57:2a:f1:10:f6:94:97:8c:09:64:e1:46:ba:d5:30:da:d5:f2:a5:3f:a8:ac:e8:a0Signer

56:c0:05:a2:0a:e9:c6:26:dd:e2:7e:1d:6f:c1:01:e8:51:59:0e:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

msvcrt

iphlpapi

psapi

Sections

.text Size: 26.9MB - Virtual size: 26.9MB

.sedata Size: 1.3MB - Virtual size: 1.3MB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

72:85:e4:6e:2e:d0:85:a4
Certificate

72:85:e4:6e:2e:d0:85:a4
Certificate

58:68:79:01:c8:64:67:ae:57:2a:f1:10:f6:94:97:8c:09:64:e1:46:ba:d5:30:da:d5:f2:a5:3f:a8:ac:e8:a0
Signer

56:c0:05:a2:0a:e9:c6:26:dd:e2:7e:1d:6f:c1:01:e8:51:59:0e:c9
Signer

.text
Size: 26.9MB - Virtual size: 26.9MB

.sedata
Size: 1.3MB - Virtual size: 1.3MB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB