Virus[.]Hijack[.]ATA_virussign[.]com_fcf6de7351633752cf96e861d60b2a8c[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Virus.Hijack.ATA_virussign.com_fcf6de7351633752cf96e861d60b2a8c.exe
Size

211KB
MD5

fcf6de7351633752cf96e861d60b2a8c
SHA1

548662dfac5acd8306b09d0af1385b6615b423da
SHA256

def2f0b62f4af989da3cd943e3120ed81c9fb24979925faac774cca11eb2ea54
SHA512

0365c358f470843623ab0d425adc53e27027a82e02f800629c54f2913d285f827c85bb35f103743b2a4664cb24fe92f0f1f152bea1eedd341cb9f5c6011325b0
SSDEEP

6144:+mKVGe1XIpQiU/ma3MB8hH2Tkp6bYnWcZVol0N5TzQ3:w71YpQiU/RcO1VQInVob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Virus.Hijack.ATA_virussign.com_fcf6de7351633752cf96e861d60b2a8c.exe

Files

Virus.Hijack.ATA_virussign.com_fcf6de7351633752cf96e861d60b2a8c.exe
.exe windows:4 windows x86 arch:x86

088303a3216315a2ba8d66c94c7b80a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
SetComputerNameA
GlobalFindAtomW
Beep
IsBadReadPtr
BeginUpdateResourceW
WaitForSingleObject
lstrcpyA
GetLogicalDrives
GetProcAddress
SetCurrentDirectoryW
FindResourceW
FileTimeToLocalFileTime
GetFileTime
GetThreadLocale
MulDiv
EnumTimeFormatsW
ExpandEnvironmentStringsA
CreateNamedPipeA
GetVolumeInformationA
GetSystemTime
GetLastError
GetProcessHeap
GetWindowsDirectoryW
GetStartupInfoW
GetSystemInfo
ExitProcess
GetTempFileNameA
GetVolumeInformationW
CreateSemaphoreA
SetCalendarInfoW
lstrcmpA
lstrcmpiA
CreateFileA
GetUserDefaultLangID
GlobalAlloc
GetModuleHandleA
GetDateFormatW
SleepEx

user32

wvsprintfW
GetDesktopWindow
CopyImage
GetMenuInfo
LoadMenuW
SetWindowRgn
MessageBoxIndirectW
PostMessageA
GetActiveWindow
GetWindowRect
SetWindowPos
MonitorFromPoint
CreateDialogParamA
SetDlgItemInt
WinHelpA
GetSystemMetrics
GetDC
SetWindowLongA
GetSysColorBrush
InsertMenuA
DrawTextA
EnumDesktopWindows
InsertMenuItemW
GetWindowRgn
LoadMenuA
OpenClipboard
IsChild
EnableMenuItem
LoadMenuIndirectW
ShowCaret
SetCursorPos
MessageBeep
EnumWindows
GetClientRect
CreateDialogParamW
InsertMenuW

gdi32

CreateFontIndirectA
ResizePalette
PolyBezier
SaveDC
ScaleWindowExtEx
CloseEnhMetaFile
SetBoundsRect
SetViewportExtEx

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegRestoreKeyW

comdlg32

GetOpenFileNameW
ChooseFontA
GetFileTitleW
PrintDlgExW
PrintDlgW

setupapi

SetupDiSetDeviceInstallParamsA
SetupGetLineTextA
SetupQueueCopyW
SetupDiEnumDeviceInfo
pSetupVerifyCatalogFile
CM_Get_Device_Interface_List_SizeA

version

VerInstallFileA
VerLanguageNameW
VerFindFileA

urlmon

RegisterMediaTypes
GetClassURL

winmm

waveOutGetPlaybackRate
timeKillEvent

winspool.drv

GetFormA

inetcomm

HrAttachDataFromFile
MimeGetAddressFormatW
MimeOleGetCodePageInfo
MimeOleStripHeaders
HrGetLastOpenFileDirectoryW
MimeOleCreateSecurity

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lm
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qaQL
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yP
Size: 3KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bPUeWG
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PaB
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dOh
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HvNW
Size: 1024B - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pPJb
Size: 512B - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bBut
Size: 512B - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

088303a3216315a2ba8d66c94c7b80a0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

setupapi

version

urlmon

winmm

winspool.drv

inetcomm

Sections

.text Size: 11KB - Virtual size: 11KB

.lm Size: 1024B - Virtual size: 35KB

.qaQL Size: 2KB - Virtual size: 5KB

.yP Size: 3KB - Virtual size: 40KB

.bPUeWG Size: 2KB - Virtual size: 20KB

.PaB Size: 1024B - Virtual size: 5KB

.data Size: 14KB - Virtual size: 14KB

.dOh Size: 1KB - Virtual size: 6KB

.HvNW Size: 1024B - Virtual size: 43KB

.pPJb Size: 512B - Virtual size: 30KB

.bBut Size: 512B - Virtual size: 207KB

.rsrc Size: 170KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 954B

.text
Size: 11KB - Virtual size: 11KB

.lm
Size: 1024B - Virtual size: 35KB

.qaQL
Size: 2KB - Virtual size: 5KB

.yP
Size: 3KB - Virtual size: 40KB

.bPUeWG
Size: 2KB - Virtual size: 20KB

.PaB
Size: 1024B - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 14KB

.dOh
Size: 1KB - Virtual size: 6KB

.HvNW
Size: 1024B - Virtual size: 43KB

.pPJb
Size: 512B - Virtual size: 30KB

.bBut
Size: 512B - Virtual size: 207KB

.rsrc
Size: 170KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 954B