SecuriteInfo[.]com[.]BScope[.]TrojanSpy[.]Ursnif[.]1787[.]7467

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.BScope.TrojanSpy.Ursnif.1787.7467
Size

2.1MB
MD5

643186ea798cfadd6b10502050213c85
SHA1

b8471b82546d07dba96c1cf06138533aa0d957f8
SHA256

b0c30b90084fcb391f604153668c62f26df0ffd7c3b49ae2769a38e1e17f8c43
SHA512

b8bf8f19157d1f648df971136d34219a51930a3387d44fc4b428485c695e8af76f996069dbaea75433b0395922e415c6ee72a1bfb941c93529c0bb301a45e1d5
SSDEEP

49152:J/TyD0SGvZ0OjKiIHZ2NdkkD08A0+eoBki9xEN1oWV:Jwjm3jKPEmd0tikzoK

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.BScope.TrojanSpy.Ursnif.1787.7467
.exe windows:4 windows x86 arch:x86

7a318cfeab484fb60c7cd40afd73e3fe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:ed:4d:73:9d:a5:b4:a5:3f:8d:0f:05:33:05:9c:7a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/06/2012, 00:00

Not After

08/06/2015, 23:59

Subject

CN=Chengdu Xishanju Interactive Entertainment Co. Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Chengdu Xishanju Interactive Entertainment Co. Ltd,L=chengdu,ST=sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:be:36:7b:6a:d9:5c:a9:8e:56:71:f9:97:5a:b6:75:a9:f5:c1:be
Signer

Actual PE Digest

7a:be:36:7b:6a:d9:5c:a9:8e:56:71:f9:97:5a:b6:75:a9:f5:c1:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA
EnumProcesses

shlwapi

PathStripToRootA
PathFindFileNameA
PathIsUNCA
PathFileExistsA

wininet

HttpOpenRequestA
InternetSetOptionA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA

urlmon

URLDownloadToFileA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

LocalReAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
lstrcmpA
GlobalFlags
GlobalGetAtomNameA
GetThreadLocale
FileTimeToSystemTime
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
GetCPInfo
GetOEMCP
MoveFileA
DeleteFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
FileTimeToLocalFileTime
GetFileTime
GetExitCodeProcess
ResetEvent
CreateThread
GetExitCodeThread
FindResourceExW
GetPrivateProfileStringW
LCMapStringW
GetComputerNameA
GetSystemDirectoryW
TlsSetValue
GetWindowsDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetACP
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
FreeEnvironmentStringsA
LCMapStringA
HeapCreate
VirtualFree
GetTimeZoneInformation
GetStdHandle
SetHandleCount
IsValidCodePage
SetStdHandle
GetFileType
GetDiskFreeSpaceA
GetConsoleMode
GetConsoleCP
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitThread
VirtualAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetFileAttributesA
ReadFile
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
CompareStringW
GetVersion
CompareStringA
lstrlenW
InterlockedExchange
SetCurrentDirectoryA
GetCurrentDirectoryA
RemoveDirectoryA
WaitForMultipleObjects
MoveFileExA
LocalAlloc
LocalFree
WideCharToMultiByte
OpenProcess
LoadResource
SizeofResource
FindResourceA
SetEvent
TerminateProcess
CreateEventA
CreateDirectoryA
FreeResource
WriteFile
CreateFileA
LockResource
InitializeCriticalSection
GetTickCount
LeaveCriticalSection
InterlockedDecrement
EnterCriticalSection
Sleep
DeleteCriticalSection
FreeLibrary
LoadLibraryA
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
GlobalMemoryStatusEx
GetPrivateProfileIntA
GetSystemInfo
GetVersionExA
GetCurrentProcess
WritePrivateProfileStringA
GetModuleHandleA
GetProcAddress
GetPrivateProfileStringA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
CloseHandle
FindClose
GetLastError
WaitForSingleObject
FindNextFileA
CreateProcessA
FindFirstFileA
SetFileAttributesA
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GetLocalTime
GetProcessHeap

user32

GetDC
ReleaseDC
LoadIconA
RegisterClassExA
CreateWindowExA
ShowWindow
MessageBoxA
LoadCursorA
RegisterClassA
DefWindowProcA
GetWindowLongA
SetWindowLongA
UpdateLayeredWindow
DispatchMessageA
TranslateMessage
UpdateWindow
GetMessageA
PeekMessageA
GetWindowRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
PostMessageA
GetClientRect
DestroyWindow
GetSystemMetrics
CheckMenuItem
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
CopyRect
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetKeyState
ValidateRect
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
CharUpperA
PostQuitMessage
LoadStringA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA

ole32

CoGetClassObject
OleDraw
OleCreate
CoCreateGuid
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleSetContainedObject
OleUninitialize
OleInitialize
CoInitialize

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation

oleaut32

VariantChangeType
VariantClear
VariantInit
GetErrorInfo
SysFreeString
SysAllocString

setupapi

SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDriverInfoList

gdi32

GetDeviceCaps
CreateDIBSection
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateCompatibleDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

ws2_32

WSAStartup
WSACleanup
WSASocketA
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
closesocket
setsockopt
WSARecv
WSAEnumNetworkEvents
WSASend
ntohl
inet_ntoa
ntohs
gethostbyname
inet_addr
WSAConnect
htons

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a318cfeab484fb60c7cd40afd73e3fe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:ed:4d:73:9d:a5:b4:a5:3f:8d:0f:05:33:05:9c:7aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7a:be:36:7b:6a:d9:5c:a9:8e:56:71:f9:97:5a:b6:75:a9:f5:c1:beSigner

Headers

File Characteristics

Imports

psapi

shlwapi

wininet

urlmon

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

setupapi

gdi32

comdlg32

winspool.drv

ws2_32

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:ed:4d:73:9d:a5:b4:a5:3f:8d:0f:05:33:05:9c:7a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7a:be:36:7b:6a:d9:5c:a9:8e:56:71:f9:97:5a:b6:75:a9:f5:c1:be
Signer

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB