d8c69e9701e63fb93e57d0b019c14d11303f68f23abb1e168de4da1647addeaa

Sharing

Copy URL Twitter E-mail

General

Target

d8c69e9701e63fb93e57d0b019c14d11303f68f23abb1e168de4da1647addeaa
Size

2.5MB
MD5

968d0ef54510836e5d04bd958795760f
SHA1

808ee56fdac605c5bae56eaff06f9c9eb303e9a9
SHA256

d8c69e9701e63fb93e57d0b019c14d11303f68f23abb1e168de4da1647addeaa
SHA512

d4c4416a844e7d25593d9d4508f154d7d745d0e2222adcf109eb892fd0c0aaddd766a99dfa69bb6197792627298251f5b60bf198d44fdee352d19fbaabd589d9
SSDEEP

49152:bASnQ2VzyWqn02Vr2pJ/5zqZDaeXVvO/xAXXlPEe5QyQf9C:bfnQ2VzEp2pJRzmaeogX

Score

N/A

Malware Config

Signatures

Files

d8c69e9701e63fb93e57d0b019c14d11303f68f23abb1e168de4da1647addeaa
.exe windows x86

05f4f36d17d6e65c7a4040803acf29e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:d5:ed:71:d8:6c:4a:e2:3b:1e:b2:18:62:8f:81:3c:27:24:77:4a
Signer

Actual PE Digest

4a:d5:ed:71:d8:6c:4a:e2:3b:1e:b2:18:62:8f:81:3c:27:24:77:4a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

29/05/2014, 16:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
freeaddrinfo
getaddrinfo
WSAIoctl
ntohs
getsockopt
getpeername
connect
send
recv
WSASetLastError
accept
listen
WSAGetLastError
WSACleanup
WSAStartup
socket
getsockname
closesocket
setsockopt
sendto
select
htonl
ntohl
shutdown
recvfrom
htons
ioctlsocket
bind
__WSAFDIsSet

kernel32

GetProcessHeap
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetCurrentThreadId
GetExitCodeProcess
SystemTimeToTzSpecificLocalTime
GetTickCount
GetLastError
SetLastError
VerSetConditionMask
VerifyVersionInfoA
Sleep
SleepEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetVersion
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetVersionExA
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetModuleHandleW
GetFileSize
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
FindClose
GetDriveTypeW
OpenProcess
DeleteFileW
FindFirstFileW
FindNextFileW
HeapAlloc
MoveFileExW
GetTimeFormatW
GetDateFormatW
CreateIoCompletionPort
GetCurrentProcess
FileTimeToSystemTime
WideCharToMultiByte
GetStringTypeW
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
GetCommandLineA
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FileTimeToLocalFileTime
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
GetFullPathNameW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetCommandLineW
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
GetProcAddress
FindFirstFileExW
SetStdHandle
FreeEnvironmentStringsW
VirtualQuery
GetEnvironmentStringsW
GetModuleFileNameW
ReadConsoleW
GetConsoleCP
IsValidCodePage
GetACP
HeapFree
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
GetCurrentDirectoryW
GetOEMCP

advapi32

RegOpenKeyA
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey

ole32

CoTaskMemFree

wldap32

ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord143
ord50
ord60
ord41
ord46

sdl2

SDL_CreateTextureFromSurface
SDL_iconv_string
SDL_malloc
SDL_SetRenderDrawColor
SDL_isspace
SDL_SetMainReady
SDL_QuitSubSystem
SDL_InitSubSystem
SDL_GetTicks
SDL_DXGIGetOutputInfo
SDL_DestroyRenderer
SDL_RenderReadPixels
SDL_RenderDrawRect
SDL_UpdateYUVTexture
SDL_CreateRenderer
SDL_ShowSimpleMessageBox
SDL_SetHint
SDL_HapticStopEffect
SDL_HapticRunEffect
SDL_HapticUpdateEffect
SDL_HapticNewEffect
SDL_HapticQuery
SDL_HapticClose
SDL_HapticOpenFromJoystick
SDL_JoystickIsHaptic
SDL_GameControllerClose
SDL_GameControllerGetAxis
SDL_GameControllerGetJoystick
SDL_GameControllerGetAttached
SDL_GameControllerName
SDL_GameControllerOpen
SDL_GameControllerNameForIndex
SDL_IsGameController
SDL_JoystickInstanceID
SDL_NumJoysticks
SDL_FreeCursor
SDL_SetCursor
SDL_CreateColorCursor
SDL_SetRelativeMouseMode
SDL_WarpMouseInWindow
SDL_GetMouseState
SDL_DisableScreenSaver
SDL_EnableScreenSaver
SDL_IsScreenSaverEnabled
SDL_DestroyWindow
SDL_SetWindowGrab
SDL_SetWindowFullscreen
SDL_MinimizeWindow
SDL_ShowWindow
SDL_GetWindowSize
SDL_SetWindowSize
SDL_SetWindowIcon
SDL_SetWindowTitle
SDL_CreateWindow
SDL_GetDesktopDisplayMode
SDL_CreateRGBSurfaceFrom
SDL_CloseAudio
SDL_PauseAudio
SDL_RenderClear
SDL_OpenAudio
SDL_GetError
SDL_memset
SDL_PushEvent
SDL_RestoreWindow
SDL_RaiseWindow
SDL_GetWindowFlags
SDL_DestroyTexture
SDL_RenderFillRect
SDL_GetRendererOutputSize
SDL_RenderCopy
SDL_GetRenderDrawColor
SDL_SetTextureAlphaMod
SDL_SetTextureColorMod
SDL_wcslen
SDL_FreeSurface
SDL_CreateRGBSurface
SDL_RenderDrawLine
SDL_SetTextureBlendMode
SDL_CreateTexture
SDL_SetRenderTarget
SDL_PollEvent
SDL_RenderGetD3D9Device
SDL_RenderPresent
SDL_RenderDrawPoint

tier0_s

?Lock@CThreadMutex@@QAEXXZ
Log
AssertMsgImplementation
ThreadGetCurrentRunningRef
?Get@CThreadLocalBase@@QBEPAXXZ
?Set@CThreadLocalBase@@QAEXPAX@Z
?ClaimMemory@CValidator@@QAEXPAX@Z
?EnterScope@CVProfile@@QAE_NPBDH0_NHPAX@Z
?ExitScope@CVProfile@@QAEXXZ
?AddProfileForThread@CVProfManager@@QAEPAVCVProfileThreadEntry@@PAVCVProfile@@II@Z
CreateVProfile
g_VProfProfilesRunningCount
g_VProfManager
g_VProfile
g_pMemAllocSteam
Error
ThreadInterlockedAssignIf64
??1CThreadSyncObject@@QAE@XZ
?Wait@CThreadSyncObject@@QAE_NI@Z
??0CThreadEvent@@QAE@_N@Z
?Set@CThreadEvent@@QAE_NXZ
??0CThread@@QAE@XZ
??1CThread@@UAE@XZ
?SetName@CThread@@QAEXPBD@Z
?Start@CThread@@QAE_NI@Z
?Join@CThread@@QAE_NI@Z
ETWMark1I
?GetThreadProc@CThread@@EAEP6GIPAX@ZXZ
?Init@CThread@@MAE_NXZ
?IsThreadRunning@CThread@@MAE_NXZ
?OnExit@CThread@@MAEXXZ
Plat_ExitProcess
Plat_IsInDebugSession
WriteMiniDump
g_dwDllEntryThreadId
ThreadSleep
??0CThreadMutex@@QAE@XZ
??1CThreadMutex@@QAE@XZ
?Lock@CThreadSpinLock@@ACEXI@Z
?IsAlive@CThread@@QAE_NXZ
Test_SetFailed
Test_IsActive
??1CThreadLocalBase@@QAE@XZ
??0CThreadLocalBase@@QAE@XZ
?Unlock@CThreadMutex@@QAEXXZ
_DMsg
_SpewMessageType
ThreadInMainThread
Plat_OutputDebugStringRaw
?UnlockWrite@CThreadSpinRWLock@@QAEXXZ
?LockForWrite@CThreadSpinRWLock@@QAEXXZ
?UnlockRead@CThreadSpinRWLock@@QAEXXZ
?LockForRead@CThreadSpinRWLock@@QAEXXZ
??0CThreadSpinRWLock@@QAE@XZ
Msg
?ClaimArrayMemory@CValidator@@QAEXPAX@Z
Plat_localtime
ETWSendPacket
ETWIsTracingEnabled
Plat_RelativeTickFrequency
ETWMark3I
ETWMark2I
ETWMark
EnableCrashingOnCrashes
CatchAndWriteMiniDumpExReturnsInt
SpewOutputFunc
Plat_gmtime
?GetCPUInformation@@YAABUCPUInformation@@XZ
Warning
Plat_RelativeTicks
?Pop@CValidator@@QAEXXZ
?Push@CValidator@@QAEXPBDPAX0@Z

vstdlib_s

Q_strncpy
Q_strncat
WeakRandomInt
Q_vsnprintfRet
Q_snprintf
Q_strnicmp
Q_vsnprintf
Q_strtoui64
Q_hextobinary
?Q_stristr@@YAPBDPBD0@Z
Q_UTF16ToUTF8
Q_UTF32ToUTF8
Q_UnqualifiedFileName
Q_IsAbsolutePath
Q_FixSlashes
Q_UTF8ToUTF16
Q_MakeAbsolutePath
V_FixDoubleSlashes
Q_tolower
KeyValuesSystemSteam
DebugStatsSystem

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW

Exports

Exports

CreateInterface
opus_decode
opus_decode_float
opus_decoder_create
opus_decoder_ctl
opus_decoder_destroy
opus_decoder_get_nb_samples
opus_decoder_get_size
opus_decoder_init
opus_get_version_string
opus_packet_get_bandwidth
opus_packet_get_nb_channels
opus_packet_get_nb_frames
opus_packet_get_nb_samples
opus_packet_get_samples_per_frame
opus_packet_parse
opus_pcm_soft_clip
opus_strerror

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05f4f36d17d6e65c7a4040803acf29e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8Certificate

Extended Key Usages

Key Usages

4a:d5:ed:71:d8:6c:4a:e2:3b:1e:b2:18:62:8f:81:3c:27:24:77:4aSigner

Signature Validations

Verification

29/05/2014, 16:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

ole32

wldap32

sdl2

tier0_s

vstdlib_s

user32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 581KB - Virtual size: 581KB

.data Size: 98KB - Virtual size: 135KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 104KB - Virtual size: 104KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

4a:d5:ed:71:d8:6c:4a:e2:3b:1e:b2:18:62:8f:81:3c:27:24:77:4a
Signer

29/05/2014, 16:24
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 581KB - Virtual size: 581KB

.data
Size: 98KB - Virtual size: 135KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 104KB - Virtual size: 104KB