VSSrv460266[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VSSrv460266.exe
Size

616KB
MD5

6166abd27ef18e5d9def814f5ffeedec
SHA1

2c4a99439eb5388e8e6788c66b1b86eb3fda60b5
SHA256

f3326ebe2106e5f9672aceeda05167111fa48052808405b81913acdc0a2710a0
SHA512

d7e34870b75472a4b982de2f6104f84f77ef1c698890bfed438763fbb7f65eb3ef8d169002797f5f6bedd1e1ebcd16f5da49d537f5a417f0dbea6dbdaf4e57ea
SSDEEP

12288:6MmlUbFPVvl2fC8cu3G/otPiI8Gj6xtlXYZXpPmQ/0xMzQT5avuJZZA7a7NjbfC:6MmYFPdl2qOumPl846xtdYX1KaqsvaZ6

Score

N/A

Malware Config

Signatures

Files

VSSrv460266.exe
.exe windows x86

dd146b8114dfb5cdb561950bfbd20252

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:5b:a2:dd:88:fe:39:8d:8c:f9:07:90:c9:d2:66:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21-07-2015 00:00

Not After

07-10-2017 23:59

Subject

CN=GAS INFORMATICA LTDA,O=GAS INFORMATICA LTDA,L=Brasilia,ST=Distrito Federal,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:24:38:d5:cd:5b:d1:f0:ec:9f:d4:cc:7f:b5:fa:f1:62:ac:31:60
Signer

Actual PE Digest

a3:24:38:d5:cd:5b:d1:f0:ec:9f:d4:cc:7f:b5:fa:f1:62:ac:31:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=GAS INFORMATICA LTDA,O=GAS INFORMATICA LTDA,L=Brasilia,ST=Distrito Federal,C=BR

04-04-2016 12:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
SuspendThread
OpenMutexA
CreateMutexA
ReleaseMutex
OpenEventA
IsBadReadPtr
CreateProcessA
FileTimeToDosDateTime
DosDateTimeToFileTime
SetFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
HeapAlloc
HeapFree
GetProcessHeap
GetSystemInfo
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
VirtualQuery
GetShortPathNameA
GetVolumeInformationA
GetFileInformationByHandle
WideCharToMultiByte
ReadProcessMemory
Module32First
CreateToolhelp32Snapshot
Module32Next
DuplicateHandle
FileTimeToSystemTime
GetSystemTime
FindFirstFileW
GetLongPathNameA
FindNextFileW
SetFilePointer
GetTempPathA
VirtualFree
VirtualAlloc
GetVersion
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiA
lstrcmpA
LocalAlloc
VirtualQueryEx
VirtualProtectEx
VirtualProtect
SetLastError
ReleaseSemaphore
OpenMutexW
OpenFileMappingW
OpenFileMappingA
OpenEventW
LoadLibraryExA
GetWindowsDirectoryW
GetThreadContext
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
GetExitCodeThread
GetCurrentThread
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedIncrement
FormatMessageA
ExitThread
CreateSemaphoreA
CreateProcessW
CreatePipe
CreateMutexW
CreateFileMappingW
SystemTimeToFileTime
ExpandEnvironmentStringsA
GetVersionExA
AreFileApisANSI
SetErrorMode
DeleteFileW
RemoveDirectoryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
SetFileAttributesA
MoveFileExA
GetModuleHandleA
InterlockedExchange
InterlockedCompareExchange
GetComputerNameA
GetLogicalDriveStringsA
GetFileSize
TerminateProcess
VerifyVersionInfoA
GetFileAttributesA
LocalFree
WriteFile
ReadFile
GetOverlappedResult
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
CreateNamedPipeA
CancelIo
DisconnectNamedPipe
LoadLibraryW
CreateFileW
GetVersionExW
GetModuleHandleW
GetProcAddress
CreateEventW
DeleteFileA
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
ProcessIdToSessionId
WaitForMultipleObjects
GetLastError
ResumeThread
SetThreadPriority
TerminateThread
GetModuleFileNameA
DeviceIoControl
GetSystemDirectoryA
QueryDosDeviceA
FindNextFileA
LoadLibraryA
FindClose
CopyFileA
FindFirstFileA
ResetEvent
GetCurrentProcess
QueryDosDeviceW
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetCurrentProcessId
Sleep
OpenProcess
GetTickCount
WaitForSingleObject
DeleteCriticalSection
SetEvent
CloseHandle
CreateEventA
InitializeCriticalSection
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
GetEnvironmentVariableA
GetLocalTime
CreateDirectoryA
RemoveDirectoryA
GetFullPathNameA
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
CreateThread
lstrcatW
FreeLibrary
FlushInstructionCache
GetWindowsDirectoryA
GetFileTime
InterlockedDecrement
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
WriteConsoleW
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
HeapCreate
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeFormatA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperA
GetCursorPos
CloseDesktop
DispatchMessageA
GetThreadDesktop
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
MessageBoxA
GetKeyboardType
CharLowerA
EnumWindows
PostMessageA
GetWindowThreadProcessId

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
CloseServiceHandle
GetKernelObjectSecurity
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
GetUserNameA
RegQueryInfoKeyA
EqualSid
GetTokenInformation
GetNamedSecurityInfoA
GetLengthSid
SetFileSecurityA
FreeSid
IsValidSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetEntriesInAclA
RegDeleteKeyA
ControlService
SetServiceStatus
QueryServiceStatus
StartServiceA
CreateServiceA
StartServiceCtrlDispatcherA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenServiceA
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
CreateProcessAsUserW
OpenProcessToken
RegCloseKey
RegOpenKeyA
RegQueryValueExA
DeleteService
OpenSCManagerA
RegisterServiceCtrlHandlerExA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
SysReAllocStringLen
SysFreeString
VariantInit
VariantClear
SysStringLen

fltlib

FilterConnectCommunicationPort
FilterSendMessage

Sections

.text
Size: - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gas0
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gas1
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd146b8114dfb5cdb561950bfbd20252

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:5b:a2:dd:88:fe:39:8d:8c:f9:07:90:c9:d2:66:baCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a3:24:38:d5:cd:5b:d1:f0:ec:9f:d4:cc:7f:b5:fa:f1:62:ac:31:60Signer

Signature Validations

Verification

04-04-2016 12:58 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

fltlib

Sections

.text Size: - Virtual size: 743KB

CODE Size: - Virtual size: 131KB

.rdata Size: - Virtual size: 286KB

.data Size: - Virtual size: 59KB

DATA Size: - Virtual size: 5KB

BSS Size: - Virtual size: 1KB

.gas0 Size: - Virtual size: 15KB

.gas1 Size: 605KB - Virtual size: 605KB

.rsrc Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:5b:a2:dd:88:fe:39:8d:8c:f9:07:90:c9:d2:66:ba
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a3:24:38:d5:cd:5b:d1:f0:ec:9f:d4:cc:7f:b5:fa:f1:62:ac:31:60
Signer

04-04-2016 12:58
Valid: false

.text
Size: - Virtual size: 743KB

CODE
Size: - Virtual size: 131KB

.rdata
Size: - Virtual size: 286KB

.data
Size: - Virtual size: 59KB

DATA
Size: - Virtual size: 5KB

BSS
Size: - Virtual size: 1KB

.gas0
Size: - Virtual size: 15KB

.gas1
Size: 605KB - Virtual size: 605KB

.rsrc
Size: 4KB - Virtual size: 3KB