valkyrie logo
valkyrie logo
  • Download Threat Hunter Assessment Tool
DASHBOARD
  • Unknown File Hunter Scans
STATISTICS
SETTINGS
  • Summary
  • Static Analysis
  • Dynamic Analysis
  • Precise Detectors
  • Human Expert Analysis
  • File Details
Analyzing...
File Name:   virussign.com_4942910b7370152d737ffccbe5fef1c0.vir
SHA1:   2d575f552317f20c19fc5c624bd40fef2e1ea818
MD5:   4942910b7370152d737ffccbe5fef1c0
First Seen Date:  2024-12-01 20:15:11.284995 ( 2024-12-01 20:15:11.284995 )
Number of Clients Seen:   2
Last Analysis Date:  2024-12-02 17:40:08.197536 ( 2024-12-02 17:40:08.197536 )
Human Expert Analysis Date:  2024-12-02 17:40:07.175205 ( 2024-12-02 17:40:07.175205 )
Human Expert Analysis Result:   Malware

Analysis Summary

Analysis Type Date Verdict
Signature Based Detection 2024-12-02 17:40:08.197536 Malware
Static Analysis Overall Verdict 2024-12-02 17:40:08.197536 No Threat Found help
Dynamic Analysis Overall Verdict 2024-12-02 17:40:08.197536 No Threat Found help
Precise Detectors Overall Verdict 2024-12-02 17:40:08.197536 No Match help
Human Expert Analysis Overall Verdict 2024-12-02 17:40:07.175205 Malware

Static Analysis

Static Analysis Overall Verdict Result
No Threat Found help
Detector Result

Dynamic Analysis

Dynamic Analysis Overall Verdict Result
No Threat Found help
Suspicious Behaviors
Injects code to another process
Creates a child process
Creates file in a system directory
Writes to address space of another process
Uses a function clandestinely
Copies itself to startup
Modifies Windows Service Keys
Reads memory of another process
Modifies firewall properties
Opens a file in a system directory
Has no visible windows

virussign.com_4942910b7370152d737ffccbe5fef1c0.vir tried to connect to some addresses pinned on the map below (click pins for more details):

Behavioral Information

QueryFilePath

C:\Windows\SysWOW64\hgoohad.exe

CreateProcess

CreateMutex

RasPbFile

qnd_b__-01

qnd_b__-02

qnd_b__-03

qnd_b__-04

qnd_b__-05

qnd_b__-06

qnd_b__-07

qnd_b__-08

qnd_b__-09

qnd_b__-0A

qnd_b__-0B

qnd_b__-0C

qnd_b__-0D

qnd_b__-0E

qnd_b__-0F

qnd_b__-10

qnd_b__-11

qnd_b__-12

qnd_b__-13

{9703941E-446E-952F-954A-3DA8A91ED84F}

{10F5781A-0D97-0F99-EF77-BA382916E579}

WriteFile

C:\Windows\system32\ouxgoasef-fom.exe

C:\Users\win7\AppData\Roaming\onhoahoos-udex.dll

C:\Windows\system32\eatcedoon.exe

C:\Windows\system32\ehruteam.dll

C:\Users\win7\AppData\Roaming\tmpDFFB.tmp

ReadFile

C:\Windows\SysWOW64\hgoohad.exe

C:\Windows\system32\cmd.exe

LoadLibrary

kernel32.dll

ntdll.dll

rasapi32.dll

iphlpapi.dll

wininet.dll

OpenRegistryKey

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Securit

\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro

QueryProcessAddress

CreateRemoteThread

InternetReadFile

CreateRegistryKey

\REGISTRY\MA

\REGISTRY\MACHINE\SOFTWARE\Wow64

Precise Detectors Analysis Results

Detector Name Date Verdict Reason
Static Precise PUA Detector 1 2024-12-01 20:16:33.293973 No Match help NotDetected
Static Precise PUA Detector 4 2024-12-01 20:16:33.358797 No Match help NotDetected
Static Precise NI Detector 3 2024-12-01 20:16:33.420118 No Match help NotDetected
Static Precise PUA Detector 5 2024-12-01 20:16:33.443867 No Match help NotDetected
Static Precise Trojan Detector 1 2024-12-01 20:16:33.444797 No Match help NotDetected
Static Precise Trojan Detector 3 2024-12-01 20:16:33.453524 No Match help NotDetected
Static Precise PUA Detector 6 2024-12-01 20:16:33.504050 No Match help NotDetected
Static Precise Trojan Detector 12 2024-12-01 20:16:33.518983 No Match help NotDetected
Static Precise Virus Detector 1 2024-12-01 20:16:33.554402 No Match help NotDetected
Static Precise Virus Detector 2 2024-12-01 20:16:33.567924 No Match help NotDetected
Static Precise Trojan Detector 13 2024-12-01 20:16:33.609040 No Match help NotDetected
Static Precise PUA Detector 2 2024-12-01 20:16:33.619717 No Match help NotDetected

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Detector Result

Human Expert Analysis Results

Analysis Start Date:   2024-12-02 06:13:01.184874 ( 2024-12-02 06:13:01.184874 )
Analysis End Date:  2024-12-02 17:40:07.175205 ( 2024-12-02 17:40:07.175205 )
File Upload Date:  2024-12-01 20:14:38.836664 ( 2024-12-01 20:14:38.836664 )
Update Date:  2024-12-02 17:40:07.658741 ( 2024-12-02 17:40:07.658741 )
Human Expert Analyst Feedback:  
Verdict:   Malware
Malware Family:   Trojware
Malware Type:   Trojan Downloader

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property Value

File Paths

File Path on Client Seen Count
virussign.com_4942910b7370152d737ffccbe5fef1c0.vir 1

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy MD5

PE Imports

PE Exports

PE Resources

© Verdict Cloud, Xcitium, Inc. 2025. All rights reserved. v1.49.0-72-ENT
 
 
 
 
Loading...