BvSshServer-Inst[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BvSshServer-Inst.exe
Size

19.8MB
MD5

9735e58aeb9f04f8b4b78316cb52dae3
SHA1

5affe1e228301a99e37373b324fc27ab77c5924b
SHA256

bf15cadef3e12f93184a099cb0d6377da1f22cdc6116ed2e5846205ece284571
SHA512

0048c8ab296acc240047f371791a17654ad08b276547d3d5e834ea33cf81a1ebdc6ed1fdd6cb2b8eb1bea76ae35ae4314baebc96718f5f6a6a09994646e23e40
SSDEEP

393216:hotN8tqgJJoVMciEfN98EE6o3lHZnfM9CGHw1nUWqL1UJ0lBLmlyX4ZJS:hotNEqgJcrF9Cn2dq9qL1UJ0ltAw8JS

Score

1^/10

Malware Config

Signatures

Files

BvSshServer-Inst.exe
.exe windows x86

7b8dd795805c3d5c802c629f62f81503

Code Sign

0a:ec:df:40:de:c3:7c:db:70:4e:30:4a:64:6d:10:fb
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/10/2017, 00:00

Not After

02/11/2020, 12:00

Subject

SERIALNUMBER=802795978,CN=Bitvise Limited,O=Bitvise Limited,L=Colleyville,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13055465786173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:ec:df:40:de:c3:7c:db:70:4e:30:4a:64:6d:10:fb
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/10/2017, 00:00

Not After

02/11/2020, 12:00

Subject

SERIALNUMBER=802795978,CN=Bitvise Limited,O=Bitvise Limited,L=Colleyville,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13055465786173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:7e:f6:ea:7e:cc:26:93:ea:51:f6:e2:23:e9:99:44:e0:60:8f:30:f0:1b:b8:8c:7e:da:e9:e9:99:ff:6d:20
Signer

Actual PE Digest

42:7e:f6:ea:7e:cc:26:93:ea:51:f6:e2:23:e9:99:44:e0:60:8f:30:f0:1b:b8:8c:7e:da:e9:e9:99:ff:6d:20

Digest Algorithm

sha256

PE Digest Matches

true

3d:49:a3:e9:a3:0a:fa:ac:fa:92:5d:3a:a5:fc:5b:30:88:00:52:23
Signer

Actual PE Digest

3d:49:a3:e9:a3:0a:fa:ac:fa:92:5d:3a:a5:fc:5b:30:88:00:52:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
OutputDebugStringA
GetStdHandle
CreateFileA
WriteFile
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
WriteConsoleW
ReadConsoleW
ReadFile
FreeLibrary
VerSetConditionMask
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
InterlockedIncrement
WaitForMultipleObjectsEx
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
SwitchToThread
InterlockedDecrement
WaitForSingleObject
ResetEvent
InterlockedCompareExchange
GetModuleHandleExW
GetModuleFileNameW
ReleaseMutex
lstrlenW
FormatMessageW
GetModuleHandleA
GetSystemInfo
RtlCaptureStackBackTrace
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
FoldStringW
FindFirstFileW
FindClose
FindNextFileW
LoadLibraryExW
GlobalLock
GlobalUnlock
LocalAlloc
GetVolumePathNameW
GetVolumeInformationW
GetTickCount
GetSystemTimeAsFileTime
GetTempPathW
QueryPerformanceCounter
ExpandEnvironmentStringsW
CreateFileW
GetFileSize
SetFilePointer
GetFileType
FlushFileBuffers
CopyFileW
DeleteFileW
MoveFileW
WaitForSingleObjectEx
CreateDirectoryW
RemoveDirectoryW
GetTempFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLongPathNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetExitCodeProcess
GetSystemWow64DirectoryW
TerminateProcess
OpenProcess
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetConsoleMode
GetCommandLineA
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
HeapSize
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
SetFilePointerEx
EncodePointer
GlobalAlloc
GlobalFree
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
CreateProcessW
CreateMutexW
LocalFree
GetModuleHandleW
GetFileAttributesW
MoveFileExW
SetEvent
Process32NextW
GetCurrentProcess
DuplicateHandle
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
ProcessIdToSessionId
GetLastError
SetLastError
CloseHandle
OpenMutexW
GetFullPathNameW
CreateThread
GetCurrentThreadId

user32

MapDialogRect
DialogBoxIndirectParamW
GetSystemMenu
RemoveMenu
GetMenuState
DestroyIcon
CharLowerW
DestroyMenu
CreatePopupMenu
AppendMenuW
GetMessagePos
TrackPopupMenu
LoadCursorW
AllowSetForegroundWindow
GetWindowThreadProcessId
MonitorFromRect
GetCursorPos
GetWindowPlacement
GetMonitorInfoW
GetParent
GetClientRect
ScreenToClient
CallWindowProcW
CloseClipboard
OpenClipboard
GetWindowDC
ReleaseDC
EndPaint
BeginPaint
MoveWindow
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
wsprintfA
EmptyClipboard
MessageBoxW
FindWindowW
ExitWindowsEx
SetCursor
IsWindow
GetClipboardData
IsClipboardFormatAvailable
GetDlgCtrlID
SendMessageW
MessageBeep
SetWindowTextW
OffsetRect
DrawTextW
ReleaseCapture
SetCapture
GetMessageTime
TrackMouseEvent
PtInRect
CreateWindowExW
FrameRect
RemovePropA
SetPropA
GetPropA
InvalidateRect
SetDlgItemTextW
SetFocus
GetSysColor
LoadImageW
CheckRadioButton
CheckDlgButton
SystemParametersInfoW
SetClassLongW
IsWindowEnabled
EnableWindow
ShowWindow
IsDlgButtonChecked
EndDialog
DestroyWindow
IsWindowVisible
GetSystemMetrics
SetWindowPos
GetWindowRect
GetDlgItem
SetWindowLongW
GetWindowLongW
DialogBoxParamW
GetWindowTextW
GetWindowTextLengthW
FillRect
SetClipboardData

gdi32

DeleteObject
CreateFontIndirectW
CreateBrushIndirect
GetNearestColor
GetTextMetricsW
SetBkMode
SetTextColor
GetObjectW
GetTextExtentPoint32W
GetStockObject
SelectObject
CreateBitmapIndirect

advapi32

AdjustTokenPrivileges
GetLengthSid
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
GetSidSubAuthority
OpenProcessToken
EqualSid
CopySid
GetSidLengthRequired
InitializeSid
LookupAccountSidW
SetEntriesInAclW
InitializeSecurityDescriptor
RegCloseKey
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
StartServiceW
QueryServiceStatus
OpenServiceW
ConvertSidToStringSidW
RegSetKeySecurity
RegGetKeySecurity
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
GetTokenInformation
IsValidSid
LookupPrivilegeValueW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
OpenSCManagerW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW

ole32

OleInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
OleUninitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
SysStringLen
VariantInit

shlwapi

SHCopyKeyW

psapi

GetModuleFileNameExW

secur32

LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaLookupAuthenticationPackage

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 743KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.7MB - Virtual size: 18.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b8dd795805c3d5c802c629f62f81503

Code Sign

0a:ec:df:40:de:c3:7c:db:70:4e:30:4a:64:6d:10:fbCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0a:ec:df:40:de:c3:7c:db:70:4e:30:4a:64:6d:10:fbCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

42:7e:f6:ea:7e:cc:26:93:ea:51:f6:e2:23:e9:99:44:e0:60:8f:30:f0:1b:b8:8c:7e:da:e9:e9:99:ff:6d:20Signer

3d:49:a3:e9:a3:0a:fa:ac:fa:92:5d:3a:a5:fc:5b:30:88:00:52:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

secur32

version

Sections

.text Size: 743KB - Virtual size: 743KB

.rdata Size: 260KB - Virtual size: 259KB

.data Size: 18KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 18.7MB - Virtual size: 18.7MB

.reloc Size: 55KB - Virtual size: 55KB

0a:ec:df:40:de:c3:7c:db:70:4e:30:4a:64:6d:10:fb
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0a:ec:df:40:de:c3:7c:db:70:4e:30:4a:64:6d:10:fb
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

42:7e:f6:ea:7e:cc:26:93:ea:51:f6:e2:23:e9:99:44:e0:60:8f:30:f0:1b:b8:8c:7e:da:e9:e9:99:ff:6d:20
Signer

3d:49:a3:e9:a3:0a:fa:ac:fa:92:5d:3a:a5:fc:5b:30:88:00:52:23
Signer

.text
Size: 743KB - Virtual size: 743KB

.rdata
Size: 260KB - Virtual size: 259KB

.data
Size: 18KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 18.7MB - Virtual size: 18.7MB

.reloc
Size: 55KB - Virtual size: 55KB