home

vosrv.exe

The application vosrv.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Contrast Barcode”. The file has been seen being downloaded from d296o9iv9f6nks.cloudfront.net.
MD5:
87b6e7582cca2b227a4fcedd7f18beb0

SHA-1:
43da2f98b50bc110b3292fec361d5fc562cf3200

SHA-256:
ec3f4fb277e9347e3f7108449ba1a80d987b330305ba9011178da2fd1b4e732d

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 4:38:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.175822
663

Baidu Antivirus
Hacktool.Win32.Agent
4.0.3.15412

Bitdefender
Gen:Variant.Adware.Graftor.175822
1.0.20.510

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.175822
8.15.04.12.08

F-Secure
Gen:Variant.Adware.Graftor
11.2015-12-04_1

G Data
Gen:Variant.Adware.Graftor.175822
15.4.25

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2201

MicroWorld eScan
Gen:Variant.Adware.Graftor.175822
16.0.0.306

NANO AntiVirus
Trojan.Win32.Agent.domfgz
0.30.0.296

Panda Antivirus
Trj/CI.A
15.04.12.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.12.16

File size:
192 KB (196,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temporary internet files\content.ie5\{random}\vosrv.exe

File PE Metadata
Compilation timestamp:
2/12/2015 8:40:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:vzxWlhldYqF0EAKXD/gGc17UgmJCmbi9dSgUKrucqkg1vrZ7h2G3qz:vzxshDYC3xzL1bwTVucqk6/az

Entry address:
0x9241

Entry point:
E8, 91, 68, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 64, 0A, 43, 00, FF, 15, E8, 90, 42, 00, 85, C0, 75, 18, 56, E8, 2C, 12, 00, 00, 8B, F0, FF, 15, 3C, 90, 42, 00, 50, E8, DC, 11, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, 53, 33, DB, 3B, CB, 76, 1B, 6A, E0, 33, D2, 58, F7, F1, 3B, 45, 10, 73, 0F, E8, F8, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 41, 0F, AF, 4D, 10, 56, 57, 8B, F1, 39, 5D, 08, 74, 0B, FF, 75, 08, E8, 23...
 
[+]

Entropy:
6.4955

Code size:
156.5 KB (160,256 bytes)

Service
Display name:
Contrast Barcode

Service name:
cipexogy

Description:
Ongoing updates responsible service.

Type:
Win32OwnProcess


The file vosrv.exe has been seen being distributed by the following URL.

http://d296o9iv9f6nks.cloudfront.net/.../VOsrv.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-184-73-245-76.compute-1.amazonaws.com  (184.73.245.76:80)

TCP (HTTP):
Connects to ec2-54-235-96-50.compute-1.amazonaws.com  (54.235.96.50:80)

Remove vosrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.