virussign[.]com_5ea22c60287d438a09fd04382326ce90[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_5ea22c60287d438a09fd04382326ce90.vir
Size

3.4MB
MD5

5ea22c60287d438a09fd04382326ce90
SHA1

6190beb8b0325e3f25ff111dfcee1bb2e076968c
SHA256

0956c909a15db36d79f5e3eaf9c8d7d608dc78fa1b5ed2ac7b0cdf862350c991
SHA512

fde76c5dc9ecef1e3893f7b3c18ee32b4b5a9ae7273bbc08bc9e28087ac2ccdf6e94b2c9f21e760fe83ecc20fa0331a57c04353ada506f0bc01a9cf1f85ff27c
SSDEEP

49152:eoRaUUzzNAZGA5kiT/4QcYdzcOZ7tLQo7R/ecA4IRURL7QgIZj+uzst:eoRaPzBlA5uYdn7R37R/ecA4EOLMgvuo

Score

1^/10

Malware Config

Signatures

Files

virussign.com_5ea22c60287d438a09fd04382326ce90.vir
.dll windows:4 windows x86 arch:x86

2695b6dbc063c4d12dce90cc7e04255b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:79:59:23:56:99:84:e7:69:d3:51:10:83:63:c0:cd:5c:f1:f1:f4
Signer

Actual PE Digest

af:79:59:23:56:99:84:e7:69:d3:51:10:83:63:c0:cd:5c:f1:f1:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\Release\QQPCDownload.pdb

Imports

ws2_32

htonl
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider
htons
ntohl

psapi

GetModuleFileNameExW

kernel32

GetCurrentThreadId
lstrcmpiW
TerminateThread
GetVersion
WaitForMultipleObjects
InterlockedCompareExchange
SetEvent
InterlockedExchange
WaitForSingleObject
WritePrivateProfileStringW
GetCurrentThread
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
CreateProcessW
SetFilePointer
OpenMutexW
GetFullPathNameW
GetCPInfo
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
SearchPathW
TerminateProcess
SetUnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
lstrcpynW
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
Module32FirstW
Module32NextW
GetLocalTime
GetTempPathW
CreateDirectoryW
GetExitCodeProcess
MoveFileW
OpenThread
CreateThread
MoveFileExW
ResumeThread
GetExitCodeThread
ReleaseMutex
GetModuleHandleExW
MapViewOfFile
GetTempFileNameW
OpenEventW
GetLogicalDriveStringsW
IsBadReadPtr
RemoveDirectoryW
GetSystemDefaultLangID
GetSystemInfo
VirtualQuery
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetFileAttributesW
GetCommandLineW
CreateIoCompletionPort
TlsGetValue
TlsFree
PostQueuedCompletionStatus
TlsAlloc
TlsSetValue
GetQueuedCompletionStatus
FindNextFileW
LocalFileTimeToFileTime
SetFileTime
GetCurrentDirectoryW
VirtualAlloc
VirtualProtectEx
GetThreadContext
SetThreadContext
CreateRemoteThread
VirtualFree
GlobalLock
CreateFileA
UnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
HeapReAlloc
GetCommandLineA
GetVersionExA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetCurrentDirectoryA
SetHandleCount
GetFileType
OpenProcess
SetLastError
SetDllDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTickCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
CompareStringA
CompareStringW
FlushFileBuffers
LoadLibraryExW
LeaveCriticalSection
WideCharToMultiByte
RaiseException
FreeResource
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FlushInstructionCache
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateMutexW
lstrlenA
CreateEventW
DuplicateHandle
InterlockedIncrement
Sleep
IsBadWritePtr
VirtualProtect
GetModuleHandleW
GetSystemDirectoryW
WriteProcessMemory
lstrlenW
GlobalAlloc
GetCurrentProcessId
Process32NextW
Process32FirstW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalFree
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
WriteFile
ReadFile
GetFileSize
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CopyFileW
FreeLibrary
GetDriveTypeW
GetLogicalDrives
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetLastError
GetProcAddress
LoadLibraryW
FindResourceW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetThreadLocale
ExitProcess
IsDebuggerPresent
SuspendThread

user32

GetFocus
GetWindowTextW
GetWindowTextLengthW
EndDialog
ReleaseCapture
MsgWaitForMultipleObjects
CharUpperW
GetUserObjectInformationW
CreateDesktopW
CloseDesktop
GetForegroundWindow
GetWindowThreadProcessId
SetThreadDesktop
IsWindowVisible
GetSystemMenu
SetCapture
LoadIconW
EndPaint
BeginPaint
SetWindowTextW
TrackPopupMenu
DestroyIcon
KillTimer
DrawFrameControl
DrawTextW
EqualRect
LoadImageW
GetDlgCtrlID
DrawIconEx
PostThreadMessageW
WaitMessage
SetCursor
EnableWindow
EnumWindows
CallWindowProcW
MoveWindow
PostMessageW
FindWindowW
FindWindowExW
wsprintfW
SendMessageTimeoutW
CallNextHookEx
GetLastInputInfo
IsIconic
FindWindowA
MsgWaitForMultipleObjectsEx
PostQuitMessage
GetSysColor
GetQueueStatus
IsWindowEnabled
SetActiveWindow
CharNextW
DestroyWindow
DefWindowProcW
MapWindowPoints
IsWindow
GetWindowLongW
GetActiveWindow
GetDesktopWindow
ReleaseDC
GetDC
GetParent
ClientToScreen
CreateWindowExW
SetWindowRgn
GetClientRect
InvalidateRect
GetWindowRect
SystemParametersInfoW
SetWindowPos
DispatchMessageW
ShowWindow
TranslateMessage
RegisterClassExW
GetMessageW
OffsetRect
PeekMessageW
InflateRect
LoadCursorW
GetWindow
GetClassInfoExW
SetRect
GetMonitorInfoW
SendMessageW
SetTimer
UnregisterClassW
CopyRect
MonitorFromWindow
GetDlgItem
RegisterWindowMessageW
GetKeyState
MessageBoxW
SetWindowLongW
LoadStringW
CopyImage
UnregisterClassA
PtInRect

gdi32

SelectObject
SetBkColor
ExtTextOutW
DeleteDC
StretchBlt
CreatePen
CreateRectRgn
CombineRgn
CreateBitmap
SetTextColor
GetStockObject
GetObjectW
CreateFontIndirectW
Rectangle
BitBlt
SetRectRgn
OffsetRgn
CreateCompatibleBitmap
CreateCompatibleDC
SelectClipRgn
RoundRect
GetCurrentObject
CreateSolidBrush
TextOutW
MoveToEx
GetTextExtentPoint32W
LineTo
RectInRegion
SetBkMode
CreateRectRgnIndirect
SaveDC
RestoreDC
CreateDIBSection
DeleteObject
GetClipRgn

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegQueryInfoKeyW
StartServiceW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle

shell32

SHCreateDirectoryExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
CoLoadLibrary
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VarBstrCmp
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SysFreeString
SysStringByteLen
OleLoadPicture

shlwapi

PathCombineW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathRemoveFileSpecW
StrToIntA
PathAppendW
PathQuoteSpacesW
PathFindFileNameW
PathAddBackslashW
PathUnquoteSpacesW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdipCreateImageAttributes
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectI
GdipGetImageHeight
GdipDisposeImageAttributes
GdipDeleteGraphics
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipFree
GdipDrawImageI
GdipCreateFromHDC
GdiplusShutdown
GdipDrawImageRectRectI
GdiplusStartup
GdipSetImageAttributesColorMatrix

rpcrt4

UuidCreate

wininet

InternetReadFile
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW

Exports

Exports

CreateTxdlController
EntryPoint
IsSupportNoReName
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_GetChildLaucherParam
TxDl_GetCurrentLaucherIndex
TxDl_GetLaucher
TxDl_InitDownloadEngine
TxDl_Initialize
TxDl_IsDownloading
TxDl_LoadRoutine
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
TxDl_ReleaseLaucher
Txdl_GetVersion

Sections

.text
Size: 776KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareInj
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Downlaod
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EventHoo
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2695b6dbc063c4d12dce90cc7e04255b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

af:79:59:23:56:99:84:e7:69:d3:51:10:83:63:c0:cd:5c:f1:f1:f4Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

netapi32

comctl32

gdiplus

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 776KB - Virtual size: 774KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 112KB - Virtual size: 118KB

ShareInj Size: 4KB - Virtual size: 1KB

Downlaod Size: 28KB - Virtual size: 24KB

DLLShare Size: 4KB - Virtual size: 1KB

EventHoo Size: 4KB - Virtual size: 1KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.vmp0 Size: 52KB - Virtual size: 50KB

.vmp1 Size: 44KB - Virtual size: 41KB

.reloc Size: 36KB - Virtual size: 35KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

af:79:59:23:56:99:84:e7:69:d3:51:10:83:63:c0:cd:5c:f1:f1:f4
Signer

.text
Size: 776KB - Virtual size: 774KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 112KB - Virtual size: 118KB

ShareInj
Size: 4KB - Virtual size: 1KB

Downlaod
Size: 28KB - Virtual size: 24KB

DLLShare
Size: 4KB - Virtual size: 1KB

EventHoo
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.vmp0
Size: 52KB - Virtual size: 50KB

.vmp1
Size: 44KB - Virtual size: 41KB

.reloc
Size: 36KB - Virtual size: 35KB