virussign[.]com_608f019a450a0b4c928d93d0f8949d50[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_608f019a450a0b4c928d93d0f8949d50.vir
Size

679KB
MD5

608f019a450a0b4c928d93d0f8949d50
SHA1

aa4fb35e82038cd56f92cb018d4ef7e233e597a1
SHA256

8dc749f1dcc6b15c473e3e9a47c81b8fea64d5bad42cf6a17f70a7abe4fc7c4a
SHA512

660ea0f16eafd4663acaeb96dc9ad45b6ccd03f6cb40b039576621324a84a3dc744b11e50349a7608b3294c02334818ab6284b1a7e8928c4d5e426134c0334ec
SSDEEP

12288:mSULYD8JLTx2c4ShJ74QRR0IA+Emk3usesnYaU7fsVDjJaN39:mOD8J3xESX0IA+EBvesnTBjJg39

Score

1^/10

Malware Config

Signatures

Files

virussign.com_608f019a450a0b4c928d93d0f8949d50.vir
.exe windows:6 windows x64 arch:x64

672c7b0d40ab65168eeb96dfebf432b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/06/2015, 00:00

Not After

02/07/2017, 23:59

Subject

CN=Conexant Systems\, Inc.,O=Conexant Systems\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:5a:c9:85:fd:7d:9d:66:0a:55:3e:05:5e:5d:63:c8:c4:36:92:32
Signer

Actual PE Digest

af:5a:c9:85:fd:7d:9d:66:0a:55:3e:05:5e:5d:63:c8:c4:36:92:32

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ControlService
QueryServiceStatus
DeleteService
GetUserNameW
RegOpenKeyW
RegSetValueExW
RegisterServiceCtrlHandlerW
RegOpenKeyExW
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
SetServiceStatus
RegCloseKey
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
RegCreateKeyExW
RegDeleteKeyW
RegCreateKeyW
RegEnumKeyExW

kernel32

GetSystemDirectoryW
FindResourceW
InitializeCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
ResetEvent
OutputDebugStringW
DeleteCriticalSection
Sleep
FreeLibrary
GetVersionExW
WaitForSingleObject
MultiByteToWideChar
GetCommandLineW
OutputDebugStringA
SetEvent
GetModuleFileNameW
SizeofResource
CloseHandle
RaiseException
LockResource
CreateFileW
LoadResource
DeviceIoControl
LoadLibraryW
CreateThread
GetLastError
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
CreateProcessW
GetExitCodeProcess
GetModuleHandleW
lstrlenA
FindResourceExW
GetProcAddress
CreateEventW
WriteConsoleW
SetStdHandle
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
FlushFileBuffers
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
DecodePointer
EncodePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlPcToFileHeader
VirtualQuery
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetStartupInfoW
ExitThread
FlsSetValue
FlsGetValue
RtlUnwindEx
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo

gdi32

DeleteDC
CreateDCW

user32

UnregisterClassA
EnumDisplayDevicesW
GetClassNameW
GetWindowTextLengthW
SetWindowsHookExW
CallNextHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
IsWindow
RegisterWindowMessageW
FindWindowW
EnumDisplaySettingsW
RegisterClassExW
LoadCursorW
LoadIconW
DefWindowProcW
UnhookWindowsHookEx
PostQuitMessage
DispatchMessageW
TranslateMessage
KillTimer
PeekMessageW
EndPaint
BeginPaint
MsgWaitForMultipleObjects
PostMessageW
ShowWindow
SetTimer
CreateWindowExW
SendMessageW
GetWindowTextW

ole32

CoInitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList

shlwapi

StrCmpNW
SHStrDupW

Exports

Exports

?HDMI_GetCnxtPlaybackAudioDeviceInfo@@YAJPEAK@Z
?HDMI_GetDefaultAudioDevice@@YAJPEAKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_GetDefaultAudioDeviceFromRegistry@@YAJPEAK@Z
?HDMI_SetDefaultAudioDevice@@YAJKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_SetDefaultAudioDeviceToRegistry@@YAJK@Z
?HDMI_SetThirdPartyDefaultAudioDevice@@YAJPEAGKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_SetThirdPartySingleHDMIDefaultAudioDevice@@YAJXZ

Sections

.text
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

672c7b0d40ab65168eeb96dfebf432b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

af:5a:c9:85:fd:7d:9d:66:0a:55:3e:05:5e:5d:63:c8:c4:36:92:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

ole32

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 621KB - Virtual size: 621KB

.data Size: 15KB - Virtual size: 60KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 27KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

af:5a:c9:85:fd:7d:9d:66:0a:55:3e:05:5e:5d:63:c8:c4:36:92:32
Signer

.text
Size: 621KB - Virtual size: 621KB

.data
Size: 15KB - Virtual size: 60KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 27KB - Virtual size: 26KB