ss_conn_service.exe

First submission 2024-02-07 08:03:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 874.59 KB (895584 bytes)
Compile time: 2015-07-09 03:33:22
MD5: 4fd20b83f785393e13bf3734fb9ed52f
SHA1: f54a3597ec715dfab41d04f8625c343546c12e3d
SHA256: 560aba847a47f07ccaaeded06dd799b134ef537d3b5239ae60df9c340d60ee33
Import Hash : fba1887ae5b6b2e15cd99552cc1cb329
Sections 6 .text .rdata .data .tls .rsrc .reloc
Directories 6 import resource debug tls relocation security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.233.132.73/uvsrvnerosvedb/ss_conn_service.exe VirusTotal Report 193.233.132.73 VirusTotal Report 2024-02-07 08:03:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x83ea9 540672 a2bc77861f28bf57735680f5affd6af16e36f45b a5148ccbfe92faacfee58d715485ce8d
.rdata 0x85000 0x154b8 87552 d016e9a7c007e36ddd6a49e06286f4ef070dfbac a60c623f57563005ea0bd7303919eb3c
.data 0x9b000 0x6bc84 21504 d73d4c64d1dfda2b4f22d5e395446abf214bc731 d35d1a37fc4a0a54bfb13a37d47bb533
.tls 0x107000 0x2 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x108000 0x568 1536 e0f89d4acb6703cfc273d8c37b4f76ab78b9af05 a5e44068a940f6dc300281f78fd3fae9
.reloc 0x109000 0x37600 226816 f9bc8d3b7862503d22a947ac2adccaa76413faa3 35dd0d3a28af50a31425d93ce4e18425

PE Resources 2

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_KOREAN SUBLANG_KOREAN 0x1080a0 672
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x108340 548

Meta infos 7

LegalCopyright: Copyright (C) DEVGURU 2002-2013 (www.devguru.co.kr)
ProductVersion: 2.5.8.0
CompanyName: DEVGURU Co., LTD.
FileVersion: 2.5.8.0
FileDescription: MSS CS Connectivity Service
Translation: 0x0412 0x04b0
ProductName: MSS CS

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 7

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

File signature

MD5 SHA1 Block size Virtual Address
b8fe942641219b4008d77f8dd2eab7a2 51eb3ed04bee389234d4af12f72b7a8c34080717 15968 879616

Strings analysis - File found

Library
FKERNEL32.DLL
mscoree.dll
USER32.dll
combase.dll
ADVAPI32.dll
SHELL32.dll
WS2_32.dll
MSWSOCK.DLL
SETUPAPI.dll
KERNEL32.dll

Strings analysis - Possible IPs found 2

255.255.255.255
127.0.0.1

Strings analysis - Possible URLs found 18

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
http://www.symauth.com/rpa00
http://sv.symcb.com/sv.crt0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://sv.symcd.com0&
http://www.symauth.com/cps0(
http://s2.symcb.com0
http://sv.symcb.com/sv.crl0f
http://ocsp.thawte.com0
https://d.symcb.com/cps0%
http://s1.symcb.com/pca3-g5.crl0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://ts-ocsp.ws.symantec.com07
https://d.symcb.com/rpa0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions