virussign[.]com_c7fb34ae4b36c9ee7ec8b0bfdb036250[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

virussign.com_c7fb34ae4b36c9ee7ec8b0bfdb036250.vir
Size

1.0MB
MD5

c7fb34ae4b36c9ee7ec8b0bfdb036250
SHA1

0413f3662c9b9bb23fad79bcc50d3cf6082da98f
SHA256

b5ff7a7e2bf1afae1532a3eb18ffa5247571eb995572dbf3dbd47712d19a08e6
SHA512

9a145050d90d859801138fa01b68cfd1cfb1fe82b776b4acb3a8ec3799d38bd0b783d0f208c2a45eb8c165c950c5bb21433b2e8000b2994d83372214f0bbc1e2
SSDEEP

24576:Zyis3+L5I/xd7ymgDLkfHMYjviDb4aCrEH7p:ZyOgFy34vMYjviDsab

Score

1^/10

Malware Config

Signatures

Files

virussign.com_c7fb34ae4b36c9ee7ec8b0bfdb036250.vir
.exe windows:6 windows x86 arch:x86

a761739ba3c7f3464dc381d2fe6e46cc

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:7a:85:3c:8b:4f:e0:63:ff:8c:44:30:a0:d1:e6:f2
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/09/2016, 00:00

Not After

08/10/2017, 23:59

Subject

CN=CANON INC.,OU=Office Imaging Products,O=CANON INC.,L=Kawasaki,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:89:d7:f1:7c:ab:97:9e:6a:93:c2:83:85:95:f5:0b:f0:6a:04:d7:b5:a8:3d:39:a7:91:f4:21:d4:a5:ae:ef
Signer

Actual PE Digest

49:89:d7:f1:7c:ab:97:9e:6a:93:c2:83:85:95:f5:0b:f0:6a:04:d7:b5:a8:3d:39:a7:91:f4:21:d4:a5:ae:ef

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\v4src\v4builds\Win32\Release\UNINSTAL.pdb

Imports

setupapi

SetupGetSourceInfoW
SetupGetSourceFileLocationW
SetupCopyOEMInfW
SetupGetFileCompressionInfoW
SetupGetLineByIndexW
SetupIterateCabinetW
SetupFindNextLine
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupGetLineTextW
SetupOpenInfFileW

rstrtmgr

RmRegisterResources
RmGetList
RmEndSession
RmStartSession

kernel32

LocalReAlloc
FileTimeToSystemTime
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
ReadFile
SetEndOfFile
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
GlobalHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
GetStdHandle
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
GetCPInfo
LCMapStringW
GetStringTypeW
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
CompareStringA
GetVersionExW
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetCurrentThreadId
EncodePointer
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
GetACP
GetLocalTime
GetFileSize
GetCurrentProcess
GetCurrentThread
SystemTimeToFileTime
LocalAlloc
OutputDebugStringW
WriteFile
SetFilePointer
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
GetNativeSystemInfo
GetComputerNameW
WideCharToMultiByte
SetCurrentDirectoryW
GetExitCodeThread
WaitForSingleObject
ResumeThread
GetLocaleInfoW
GetUserPreferredUILanguages
GetCurrentDirectoryW
CreateMutexW
OpenMutexW
CreateDirectoryW
MultiByteToWideChar
ReleaseMutex
GetPrivateProfileIntW
GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
CopyFileW
GetTempPathW
RemoveDirectoryW
FindNextFileW
CloseHandle
OpenProcess
MoveFileExW
DeleteFileW
SetFileAttributesW
Sleep
GetSystemDirectoryW
DeleteCriticalSection
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
FindClose
FindFirstFileW
GetWindowsDirectoryW
LocalFree
SetLastError
lstrcmpiW
lstrlenW
GetPrivateProfileSectionW
GetPrivateProfileStringW
lstrcatW
GetModuleFileNameW
HeapFree
HeapAlloc
GetProcessHeap
FormatMessageW
GlobalFree
GlobalAlloc
GetLastError
lstrcpyW
lstrcmpW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryW
FreeLibrary
SetStdHandle
WriteConsoleW
GetUserDefaultLCID
ReadConsoleW

user32

KillTimer
SetTimer
RealChildWindowFromPoint
DestroyMenu
GetSysColorBrush
GetCursorPos
GetMessageW
PostQuitMessage
GetWindowThreadProcessId
ClientToScreen
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
GetParent
GetForegroundWindow
EnableWindow
GetClientRect
SendMessageW
GetWindowLongW
CharUpperW
GetWindowRect
SetCursor
LoadCursorW
UnregisterClassW
GetSystemMetrics
ShowWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
SetWindowLongW
GetDesktopWindow
GetDC
ReleaseDC
wsprintfW
DestroyIcon
GetSysColor
MessageBoxW
PostMessageW
LoadIconW
IsIconic
DrawIcon
InvalidateRect
PeekMessageW
TranslateMessage
DispatchMessageW
RedrawWindow
UpdateWindow
SetForegroundWindow
SetActiveWindow
FindWindowW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetWindowTextW
RemovePropW
GetPropW
SetPropW
GetScrollPos
ValidateRect
EndPaint
BeginPaint
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
UnhookWindowsHookEx
GetMessagePos
RegisterWindowMessageW

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
GetStockObject
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtTextOutW
TextOutW
SetMapMode
SelectObject
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
SetTextColor
GetObjectW
CreateBitmap
DeleteDC
DeleteObject
Escape
GetClipBox

winspool.drv

EnumPortsW
OpenPrinterW
ClosePrinter
EnumPrinterDriversW
GetPrinterDriverW
EnumPrintersW
GetPrinterDataExW
GetPrinterW
SetPrinterW
UploadPrinterDriverPackageW
DocumentPropertiesW

advapi32

GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
DeregisterEventSource
ReportEventW
RegOpenKeyExW
OpenProcessToken
OpenThreadToken
RegisterEventSourceW
RegEnumValueW
EnumDependentServicesW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetKnownFolderPath
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
ExtractIconExW

comctl32

ImageList_ReplaceIcon
ImageList_Draw
ImageList_Add
ImageList_GetIcon
ord345
ImageList_GetImageCount

shlwapi

PathFileExistsW
PathAddBackslashW
PathRemoveBackslashW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysFreeString

userenv

GetUserProfileDirectoryW

oleacc

CreateStdAccessibleObject
LresultFromObject

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a761739ba3c7f3464dc381d2fe6e46cc

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

18:7a:85:3c:8b:4f:e0:63:ff:8c:44:30:a0:d1:e6:f2Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

49:89:d7:f1:7c:ab:97:9e:6a:93:c2:83:85:95:f5:0b:f0:6a:04:d7:b5:a8:3d:39:a7:91:f4:21:d4:a5:ae:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

rstrtmgr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

userenv

oleacc

imagehlp

Sections

.text Size: 460KB - Virtual size: 460KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 13KB - Virtual size: 26KB

.gfids Size: 4KB - Virtual size: 4KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 309KB - Virtual size: 309KB

.reloc Size: 28KB - Virtual size: 27KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

18:7a:85:3c:8b:4f:e0:63:ff:8c:44:30:a0:d1:e6:f2
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

49:89:d7:f1:7c:ab:97:9e:6a:93:c2:83:85:95:f5:0b:f0:6a:04:d7:b5:a8:3d:39:a7:91:f4:21:d4:a5:ae:ef
Signer

.text
Size: 460KB - Virtual size: 460KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 13KB - Virtual size: 26KB

.gfids
Size: 4KB - Virtual size: 4KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 309KB - Virtual size: 309KB

.reloc
Size: 28KB - Virtual size: 27KB