Xcitium Cloud Verdict

File Name: Virus.Hijack.ATA_virussign.com_f7fb22e6541ee0c4daff30804661c1ff.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: a4b12de2ef261f8aa5ea50ef8df1d51ab7d66a56

MD5: f7fb22e6541ee0c4daff30804661c1ff

CREATED / DROPPED FILES

File Path	Type and Hashes

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	Virus.Hijack.ATA_virussign.com_f7fb22e6541ee0c4daff30804661c1ff.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	a4b12de2ef261f8aa5ea50ef8df1d51ab7d66a56
MD5:	f7fb22e6541ee0c4daff30804661c1ff
First Seen Date:	2023-12-21 11:20:41.060495 ( 2023-12-21 11:20:41.060495 )
Number of Clients Seen:	2
Last Analysis Date:	2023-12-21 11:23:10.613833 ( 2023-12-21 11:23:10.613833 )
Human Expert Analysis Date:	2023-12-21 16:42:28.319769 ( 2023-12-21 16:42:28.319769 )
Human Expert Analysis Result:	Malware

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	7
trid	[[43.5, u'Win32 Dynamic Link Library (generic)'], [29.8, u'Win32 Executable (generic)'], [13.2, u'Generic Win/DOS Executable'], [13.2, u'DOS Executable Generic']]
compilation time stamp	0x3A15F751 [Sat Nov 18 03:28:17 2000 UTC]
LegalCopyright	Drafting
FileVersion	2.5.7.7
CompanyName	ArcaBit
ProductName	Bonelessness
ProductVersion	6.3.9.2
FileDescription	Rascally
Translation	0x0000 0x04b0
entry point	0x403000 (.peSRE)
machine type	Intel 386 or later - 32Bit
file size	213504
ssdeep	6144:NJRDxRqdSqQts6iRZsTZuDbhivDVDN8zqF3:NcjQKUZigDVJ5
sha256	b67f5e50a90074722d2eed01544f89f6c15a12292c8d7c9e61c7a7fd14433c91
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/4/b/1/a4b12de2ef261f8aa5ea50ef8df1d51ab7d66a56', u'EXE:ProductName': u'Bonelessness', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:12:21 11:20:34+00:00', u'EXE:InitializedDataSize': 198815, u'File:FileModifyDate': u'2023:12:21 11:20:30+00:00', u'EXE:FileVersionNumber': u'2.5.7.7', u'EXE:FileVersion': u'2.5.7.7', u'File:FileSize': u'208 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': u'6.3.9.2', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'ArcaBit', u'File:FileName': u'a4b12de2ef261f8aa5ea50ef8df1d51ab7d66a56', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2000:11:18 03:28:17+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Drafting', u'EXE:LinkerVersion': 6.7, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/4/b/1', u'EXE:FileDescription': u'Rascally', u'EXE:EntryPoint': u'0x3000', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 13312, u'File:FileInodeChangeDate': u'2023:12:21 11:20:33+00:00', u'EXE:UninitializedDataSize': 753720, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'6.3.9.2'}]
mime type	application/x-dosexec
imphash	91c8557273d46cefa6ad80b57deb236d

File Paths

File Path on Client	Seen Count
a4b12de2ef261f8aa5ea50ef8df1d51ab7d66a56	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.ZYkKE	0x1000	0x1a9f	0x1a9f	6.39741712478	271cc19fdeee5d95e9758d8f976dfe1f
.peSRE	0x3000	0x339a	0x3400	6.0600472289	6e0f6cceb67bc2e4e4abe713c2c624c4
.ig	0x7000	0x4361	0xe00	4.87462817706	f4d08e0a40e61eacb8469ba4d5fa6113
.data	0xc000	0x5f514	0x22000	7.98178203561	ec74f7c616ff52d4f195ea701cd8ed8f
.LI	0x6c000	0x787c3	0xe00	6.52783260597	944e23da79393d3719209e04377751b8
.rsrc	0xe5000	0xadec	0xae00	7.76802483138	d58882b27e7579e4d4637b8cefff2405
.reloc	0xf0000	0x36e	0x400	6.47476323444	7f71000ea8c08019c48bfd973cc55da0

PE Imports

KERNEL32.DLL
- FindAtomA
- SetCalendarInfoA
- FindResourceA
- lstrcmp
- GetDateFormatW
- SetCurrentDirectoryA
- CopyFileA
- DisconnectNamedPipe
- LoadLibraryA
- SuspendThread
- GetProcAddress
user32.dll
- PostQuitMessage
- SetFocus
- RemoveMenu
- EnumChildWindows
- MessageBoxIndirectW
- GetDC
- LoadMenuW
- GetActiveWindow
- LoadMenuA
- EnumDesktopWindows
- RegisterWindowMessageA
- GetWindowTextW
- EnumDesktopsW
- GetClassNameA
- LoadCursorA
- GetWindowTextA
- GetTopWindow
- LoadBitmapA
- GetMenuInfo
- GetCapture
- wvsprintfA
- SetCursorPos
- IsDlgButtonChecked
- GetMenuStringW
- CheckMenuRadioItem
- DestroyWindow
- SetActiveWindow
- AppendMenuW
- GetDlgItemTextW
- UpdateLayeredWindow
- IsChild
- CreateDialogParamW
- GetMenuStringA
- ShowCaret
- GetKeyState
- GetCaretPos
- GetCapture
- CreateWindowExA
- CheckDlgButton
- GetIconInfo
- CopyImage
- WinHelpA
- CopyIcon
- DialogBoxParamA
- GetDC
gdi32.dll
- GetGlyphIndicesA
- GetColorAdjustment
- GetTextCharset
- GetTextColor
- CreatePen
- SetSystemPaletteUse
- SwapBuffers
- GetICMProfileA
- GetFontUnicodeRanges
- StartPage
- CreateDCA
- SetWinMetaFileBits
advapi32.dll
- RegCreateKeyExA
- RegDeleteKeyW
- RegEnumValueA
- RegOpenKeyExA
- RegDeleteValueA
- RegCreateKeyExW
- RegOpenKeyW
shell32.dll
- SHGetDataFromIDListA
- SHGetFileInfoW
shlwapi.dll
- PathRemoveBlanksW
- UrlHashA
- PathIsDirectoryEmptyW
- StrStrNIW
- StrCmpNA
- PathIsContentTypeA
- PathAppendA
- PathRemoveBackslashA
- PathSkipRootA
- PathGetDriveNumberW
- PathSearchAndQualifyW
ole32.dll
- CoUninitialize
INETCOMM.DLL
- HrGetLastOpenFileDirectory
- MimeEditIsSafeToRun
- EssSecurityLabelDecodeEx
- CreateSMTPTransport
- HrDoAttachmentVerb
- MimeOleGetDefaultCharset
- MimeOleSMimeCapsFull
oledlg.dll
- OleUIChangeSourceA
- OleUIUpdateLinksW
- OleUIConvertW
- OleUIObjectPropertiesA
- OleUIUpdateLinksA
- OleUIBusyA
- OleUIPasteSpecialA
- OleUIEditLinksW
crypt32.dll
- CryptStringToBinaryA
- PFXExportCertStore
- CertCreateContext
- CertGetCRLFromStore
- CertFindChainInStore
- CertFindAttribute
- RegOpenHKCUKeyExU
- I_CertUpdateStore
- CertGetIntendedKeyUsage
- CertDuplicateCRLContext
- CryptMsgControl
- CryptBinaryToStringA

PE Resources

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 938972, u'sha256': u'7267e349c708d14e1b0c588aaa43d4e03f358985f81ca5a0b7532281655c6499', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 943236, u'sha256': u'd79618293696411b23f03fd46758d78f23c96d41c439f174453e7ec3fa299b4a', u'type': u'data', u'size': 82}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 943320, u'sha256': u'f3b84f908b6a76d02040b370c800e613e28a54168f181a770fc96bd60900d663', u'type': u'data', u'size': 46}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 943368, u'sha256': u'76772467e99365cf0a90f2905b42a348aa1d3d0fe25ee25ee66730ba99b1405b', u'type': u'data', u'size': 82}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 943452, u'sha256': u'6a5228cda5c58f5d72ae56d41f06084c9a05a2e8a9a81dd96809dc5e44768bbb', u'type': u'data', u'size': 6288}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 949740, u'sha256': u'26d51b7bdc220d4252761e48458bce19fcd8173973afb2dae43f8169ade43856', u'type': u'data', u'size': 10733}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 960476, u'sha256': u'f29013fcb93fa71e58a8e9669e56b14c45b9171d97a43666987bb5e0f3dc605e', u'type': u'data', u'size': 21070}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 981548, u'sha256': u'6223a0fb7aa2e85503a989151b7f4dbff4378db1ca8728becd189ef13b3becdc', u'type': u'data', u'size': 51}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 981600, u'sha256': u'42037e9cc77962c546911280c92c20543d88a5d4f7919fc16ab5434fcb5a5935', u'type': u'data', u'size': 79}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 981680, u'sha256': u'8501cefb657e9d1d1a55cc0cae2b8426e813bc9857b8f75cafc2f8d97db61031', u'type': u'data', u'size': 87}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 981768, u'sha256': u'c120e185962daf2870b84807051e318b3453c0745957f37ab9c0d91c7b0c98b2', u'type': u'data', u'size': 75}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 981844, u'sha256': u'b949d7d1e14c5c04f14645bc8bb20462a550848c9beb22b48ffd19a414505df8', u'type': u'data', u'size': 97}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 981944, u'sha256': u'a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0', u'type': u'MS Windows icon resource - 1 icon, 32x32', u'size': 20}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 981964, u'sha256': u'ad82ffe8fff588e293edbc56b2ff6267187f018810ec7cc47039bd827250d71e', u'type': u'data', u'size': 544}

CERTIFICATE VALIDATION

Loading...