SecuriteInfo[.]com[.]not-a-virus[.]HEUR[.]Downloader[.]Win32[.]VrBrothers[.]gen[.]21403[.]9170[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.VrBrothers.gen.21403.9170.exe
Size

805KB
MD5

375c5a431ba933a9924aee3b1693f206
SHA1

6db73cd5ec684d9b30c2bcc11541d437939e40ce
SHA256

bae8dcc5cc33855279d4ce79527bef08e22393e7736fb3c1b58d2cab04fa8cd1
SHA512

af1eb187b22ab98ce46fd3f00bd22e55776f4725a4f226535616a75cb7d6f26bc1c509b3178803914a9b096f01d1c20b4ab2dcd963d4c39284016d4aa8119131
SSDEEP

6144:H0tEDuTtlJwd/jPN/nwaD28iiqKBsHBZPLGyzGhsF0IWntbS1IgdCEsehSCh7sTH:6rJwVPNNteFQSVCEnhk

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.VrBrothers.gen.21403.9170.exe
.exe windows x86

c1c81d558313e0a47369bd5994d98e8b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

inproc

ord2
ord5
ord7
ord6
ord1
ord3

hook

ord2
ord4
ord3
ord1

winmm

timeGetTime

mfc42

ord3092
ord4710
ord4853
ord6569
ord2777
ord6927
ord4129
ord5710
ord6930
ord3301
ord2379
ord5450
ord5440
ord6383
ord6394
ord4247
ord4248
ord4245
ord4246
ord1644
ord2455
ord4457
ord4724
ord5053
ord2863
ord4499
ord1133
ord4810
ord4774
ord3021
ord6453
ord4458
ord4500
ord4501
ord4775
ord2575
ord4396
ord3574
ord3721
ord795
ord609
ord2301
ord2302
ord3619
ord3626
ord2414
ord2817
ord4160
ord1641
ord5981
ord2642
ord6334
ord6673
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord565
ord817
ord2726
ord4226
ord1988
ord1200
ord926
ord3573
ord3610
ord656
ord3571
ord5787
ord284
ord1146
ord5875
ord2243
ord413
ord711
ord755
ord470
ord4220
ord2584
ord3654
ord941
ord2614
ord5572
ord2919
ord2438
ord5823
ord3664
ord996
ord640
ord5785
ord1640
ord323
ord2859
ord415
ord613
ord289
ord715
ord5641
ord1867
ord1168
ord2866
ord816
ord5789
ord562
ord283
ord2754
ord1871
ord384
ord686
ord5607
ord2762
ord896
ord2096
ord2408
ord1642
ord2453
ord1862
ord3701
ord500
ord772
ord1176
ord6142
ord2567
ord5788
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord4277
ord3920
ord472
ord6194
ord2860
ord6877
ord5860
ord3702
ord1083
ord501
ord1621
ord4202
ord5856
ord536
ord5606
ord2753
ord696
ord1265
ord5642
ord4185
ord5628
ord6467
ord3706
ord2452
ord4023
ord909
ord1816
ord2546
ord3815
ord291
ord1979
ord1724
ord5256
ord706
ord408
ord1865
ord5101
ord2101
ord5104
ord3351
ord976
ord4152
ord2382
ord5283
ord5254
ord2445
ord401
ord1858
ord2102
ord5473
ord407
ord645
ord1864
ord1842
ord5805
ord4145
ord5484
ord3232
ord1137
ord1140
ord2152
ord1859
ord6242
ord1819
ord3102
ord6154
ord2531
ord4364
ord4057
ord5471
ord4121
ord2389
ord5083
ord1709
ord1713
ord5234
ord6369
ord5279
ord5248
ord2444
ord331
ord4236
ord6652
ord2714
ord3643
ord394
ord773
ord812
ord1270
ord1232
ord559
ord6144
ord3089
ord6605
ord2405
ord2380
ord5781
ord6119
ord3797
ord5862
ord940
ord4133
ord4297
ord1233
ord4204
ord3337
ord1158
ord2370
ord4287
ord6380
ord6282
ord6283
ord1199
ord6928
ord4400
ord3630
ord2450
ord5786
ord3370
ord2582
ord4402
ord3640
ord693
ord682
ord4243
ord801
ord6907
ord6883
ord5861
ord541
ord3998
ord6007
ord3286
ord6143
ord3996
ord6675
ord6888
ord3631
ord3719
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord809
ord683
ord616
ord793
ord556
ord2297
ord2363
ord3226
ord1087
ord2122
ord5148
ord4673
ord4274
ord6375
ord4486
ord2554
ord858
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord692
ord790
ord1106
ord1134
ord2820
ord2725
ord3716
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2358
ord2460
ord850
ord6241
ord6111
ord4694
ord6302
ord4168
ord1088
ord6358
ord4299
ord6270
ord6779
ord3803
ord6403
ord3522
ord3521
ord6402
ord4476
ord1949
ord4034
ord4284
ord1105
ord665
ord924
ord2915
ord823
ord2841
ord825
ord567
ord540
ord2864
ord2124
ord818
ord3663
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord4275
ord923
ord6663
ord4224
ord6379
ord6696
ord6905
ord3874
ord4234
ord324
ord542
ord3597
ord4425
ord5280
ord1775
ord6052
ord4998
ord4376
ord5265
ord353
ord6010
ord2514
ord802
ord641
ord2763
ord5683
ord6648
ord1768
ord537
ord6199
ord6880
ord389
ord5207
ord690
ord4467
ord2135
ord366
ord2092
ord535
ord674
ord3623
ord4427
ord5252
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord5103
ord5100
ord3059
ord2390
ord2723
ord3402
ord5290
ord2107
ord3811
ord2078
ord2113
ord5953
ord860
ord5216
ord3758
ord3408
ord3227
ord3054
ord3425
ord3880
ord551
ord2818
ord939
ord354
ord922
ord5186
ord3318
ord5442
ord2688
ord4242
ord5030
ord539
ord2764

msvcrt

__p__fmode
__set_app_type
_controlfp
_strnicmp
isspace
_mbschr
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_mbsnbcpy
_fstat
ctime
fwrite
_purecall
_ftol
strncpy
_splitpath
exit
fputs
isupper
isdigit
_mbsicmp
strtoul
_mbsstr
strstr
strncmp
ftell
rewind
fread
free
fgets
fopen
fseek
fgetc
fclose
fputc
rand
_mbscmp
time
srand
__CxxFrameHandler
sscanf
atoi
tolower
_ismbcspace
_mbspbrk
_mbsnbicmp
_CxxThrowException
malloc
strrchr
sprintf
_access
atol
fprintf
_setmbcp
__p__commode

kernel32

CreateToolhelp32Snapshot
Module32Next
GetCurrentProcess
GetCurrentThread
SetUnhandledExceptionFilter
GetFileSize
ReadFile
GetFullPathNameA
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
SizeofResource
GetCurrentProcessId
OpenProcess
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
SetCurrentDirectoryA
GetCommandLineA
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
GlobalUnlock
DeviceIoControl
lstrcatA
lstrlenA
WinExec
lstrcpyA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetCurrentThreadId
SetLastError
MulDiv
GetLastError
FormatMessageA
LocalFree
GetVersion
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
SuspendThread
ResumeThread
CreateThread
Sleep
GetLocalTime
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
CloseHandle
QueryPerformanceFrequency
SetLocalTime
QueryPerformanceCounter
CreateProcessA
WaitForSingleObject
GetTempPathA
CreateDirectoryA
DeleteFileA
IsBadReadPtr
SetFileAttributesA
MoveFileExA
GetTickCount
Module32First

user32

GetClientRect
GetWindowRect
GetNextDlgTabItem
TrackPopupMenuEx
IsWindowVisible
GetDesktopWindow
DestroyCursor
MessageBeep
SetDoubleClickTime
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
EnumWindows
SetForegroundWindow
RegisterHotKey
UnregisterHotKey
SetCursor
GetDoubleClickTime
LoadIconA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PtInRect
ChildWindowFromPointEx
GetDC
LoadImageA
SetWindowRgn
WindowFromPoint
GetActiveWindow
ScreenToClient
GetClassInfoA
DefWindowProcA
LoadCursorA
CallNextHookEx
GetClassNameA
GetWindowLongA
FrameRect
CallWindowProcA
GetPropA
RemovePropA
UnhookWindowsHookEx
SetWindowsHookExA
IntersectRect
DeleteMenu
IsRectEmpty
ClientToScreen
GetMenuState
AppendMenuA
ModifyMenuA
GrayStringA
GetMenuDefaultItem
DrawTextA
TabbedTextOutA
DrawEdge
SetRect
DrawFocusRect
GetMessagePos
DrawStateA
GetMenuItemCount
GetMenuItemID
WindowFromDC
CopyRect
DestroyIcon
GetIconInfo
FillRect
MessageBoxA
GetMenuItemRect
GetMenuItemInfoA
OffsetRect
IsMenu
GetWindowDC
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
ReleaseDC
PostMessageA
SetTimer
LoadMenuA
GetSubMenu
GetMenuStringA
InflateRect
InvalidateRect
LoadBitmapA
GetSysColor
GetFocus
IsChild
KillTimer
SetPropA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
RedrawWindow
GetParent
IsWindow
EnableWindow
SendMessageA
GetSystemMenu
MenuItemFromPoint
GetCursorPos
GetMenu
DestroyMenu

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
Rectangle
GetStockObject
CreatePatternBrush
DeleteDC
GetDeviceCaps
CreateFontIndirectA
GetNearestColor
SetPixel
GetPixel
GetObjectA
RoundRect
GetTextExtentPoint32A
CreatePen
SetBrushOrgEx
UnrealizeObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
SelectClipRgn
FrameRgn
FillRgn
OffsetRgn
CreatePolygonRgn
CreateRoundRectRgn
GetTextMetricsA
StretchBlt
GetTextColor
SetDIBitsToDevice
DeleteObject
CreateCompatibleBitmap
ExtCreateRegion

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegQueryValueA
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyA
CloseServiceHandle
CreateServiceA
RegCloseKey

shell32

ExtractIconA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_Replace
_TrackMouseEvent
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_AddMasked

ole32

CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SysFreeString

urlmon

URLDownloadToFileA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ

msvcirt

?close@ifstream@@QAEXXZ
?get@istream@@QAEHXZ
??1ios@@UAE@XZ
??1ifstream@@UAE@XZ
?read@istream@@QAEAAV1@PADH@Z
??0ifstream@@QAE@PBDHH@Z
?openprot@filebuf@@2HB
?seekg@istream@@QAEAAV1@J@Z
?tellg@istream@@QAEJXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??_Difstream@@QAEXXZ

olepro32

ord251

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sp0
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1c81d558313e0a47369bd5994d98e8b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

inproc

hook

winmm

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp60

msvcirt

olepro32

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 460KB - Virtual size: 459KB

.sp0 Size: 32KB - Virtual size: 31KB

.reloc Size: 4KB - Virtual size: 76B

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 460KB - Virtual size: 459KB

.sp0
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 76B