ca634f64699ae04eda63ee24f005c393ffe120f0cf9203349c0d14689ad2fd66

Sharing

Copy URL Twitter E-mail

General

Target

ca634f64699ae04eda63ee24f005c393ffe120f0cf9203349c0d14689ad2fd66
Size

7.0MB
MD5

e7fc667cad741c72fdd50901383aba8f
SHA1

8858c759539d37abf7450e57f01391686da7b569
SHA256

ca634f64699ae04eda63ee24f005c393ffe120f0cf9203349c0d14689ad2fd66
SHA512

a3878fcb62cde3c57a06a2e3ed6e6a1847fb2eaeced85e7c30f1b259e5ffb329758e4f1177adeeb9227a56f998160fae15ce562403c6f4c84f7fe38b49eeb160
SSDEEP

98304:Z97QK7hhvoKXLWZofl7qqgrs8M0PK9jwPFdQp:ZlNNlomWizAI

Score

N/A

Malware Config

Signatures

Files

ca634f64699ae04eda63ee24f005c393ffe120f0cf9203349c0d14689ad2fd66
.dll windows x86

ca6cf4e0c07018d1fa3977259dd5557d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:61:8e:5c:55:72:5b:09:15:8b:62:14:9c:42:5b:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/07/2011, 00:00

Not After

03/10/2014, 23:59

Subject

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:d3:51:e3:aa:29:76:02:8c:5a:f2:f6:96:c8:d6:8a:81:00:c6:78
Signer

Actual PE Digest

bb:d3:51:e3:aa:29:76:02:8c:5a:f2:f6:96:c8:d6:8a:81:00:c6:78

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=California,C=US

05/09/2014, 10:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

python33

Py_Initialize
Py_SetPythonHome
Py_VaBuildValue
Py_RegisterMemoryDebugHooks
PySys_GetObject
PyGILState_Release
PyGILState_Ensure
PyUnicode_AsUnicodeCopy
PyMem_Free
PyExc_ZeroDivisionError
PyObject_CallMethod
PyUnicode_AsUTF8
Py_DecRef
PyDict_SetItemString
PyLong_AsDouble
PyBuffer_Release
PyUnicode_AsWideChar
PyUnicode_GetSize
PyImport_Import
PyDict_GetItem
PyUnicode_FromWideChar
PyUnicode_FromUnicode
PyObject_Str
PyObject_HasAttrString
PyObject_SetAttrString
PyDict_SetItem
PyDict_Next
PyExc_AssertionError
PyObject_Call
PyTuple_Size
PyObject_GC_Del
PyObject_GC_UnTrack
PyObject_GC_Track
_PyObject_GC_New
_Py_NotImplementedStruct
PyTuple_Type
PyObject_CallObject
PyUnicode_FromStringAndSize
PyObject_Hash
PyLong_FromVoidPtr
PyExc_SystemError
PySlice_Type
PyBool_Type
PyType_Type
PyObject_AsReadBuffer
PyErr_WriteUnraisable
PySlice_GetIndicesEx
PySlice_GetIndices
PyUnicode_DecodeUTF8
PyUnicode_AsEncodedObject
PyUnicode_AsUnicode
PyBytes_AsStringAndSize
PyObject_Free
PyObject_RichCompareBool
PyType_GenericNew
PyExc_IndexError
PyTuple_GetItem
PyLong_AsUnsignedLongLongMask
Py_Finalize
PyErr_NoMemory
PyLong_AsUnsignedLongMask
PyType_GenericAlloc
PyLong_Type
PyBaseObject_Type
PyIter_Next
PyObject_GetIter
PyModule_AddIntConstant
PyErr_Clear
PyList_GetItem
PyList_Size
PyCFunction_ClearFreeList
Py_RegisterMemoryHooks
PyImport_ImportModule
PyErr_Print
PyModule_GetDict
PyCFunction_NewEx
PyBool_FromLong
PyCallable_Check
PyFloat_Type
PyType_IsSubtype
PyObject_IsInstance
PyModule_AddObject
PyUnicode_FromFormat
PyType_Ready
PyExc_ValueError
PyExc_TypeError
PyExc_RuntimeError
PyExc_KeyError
_Py_FalseStruct
PySequence_Fast
PySequence_GetItem
PySequence_Size
PySequence_Check
Py_IsInitialized
PyEval_GetBuiltins
PyEval_InitThreads
PySys_SetObject
PySys_SetArgvEx
PySys_SetPath
Py_OptimizeFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
_PyThreadState_Current
PyFrame_Type
PyEval_GetFrame
PyCode_Addr2Line
PyModule_GetState
PyBuffer_FillInfo
PyThreadState_Get
PyExc_WindowsError
_PyWeakref_GetWeakrefCount
PyErr_Fetch
PyErr_Restore
PyObject_CallFunctionObjArgs
PyCell_Get
PyCell_Set
PyFunction_Type
PyDict_Size
PyDict_Type
PyDict_Items
PyDict_Copy
PyDict_Update
PyFrozenSet_New
PyMapping_Check
PyMapping_Size
PyList_Insert
PyList_Type
PyMem_Malloc
PyModule_GetName
PyEval_SetProfile
PyCFunction_Type
PyModule_Type
PyObject_Type
Py_BuildValue
PyArg_ParseTupleAndKeywords
PyArg_Parse
PyErr_Format
PyErr_Occurred
PyList_Append
PyList_SetItem
PyList_New
PyTuple_Pack
_PyObject_New
PyObject_IsTrue
PyObject_GetAttrString
PyExc_MemoryError
PyExc_AttributeError
PyErr_SetString
PyDict_New
PyTuple_SetItem
PyTuple_New
PyFloat_AsDouble
PyLong_AsUnsignedLongLong
PyLong_FromUnsignedLongLong
PyLong_AsUnsignedLong
PyLong_FromUnsignedLong
PyLong_FromLong
PyUnicode_FromString
PyBytes_FromStringAndSize
_Py_TrueStruct
_Py_NoneStruct
PyImport_AppendInittab
PyModule_Create2
PyArg_ParseTuple
PyDict_GetItemString
PyFloat_FromDouble
PyLong_FromLongLong
PyLong_AsLong
PyLong_AsLongLong

kernel32

QueryPerformanceFrequency
GetThreadTimes
GetCurrentThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
Sleep
GetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetProcessHeap
TryEnterCriticalSection
InitializeCriticalSection
MoveFileW
SetFilePointer
GetLogicalDrives
IsProcessorFeaturePresent
DisableThreadLibraryCalls
DecodePointer
EncodePointer
GetCurrentThreadId
CloseHandle
GetProcAddress
CreateThread
GetExitCodeThread
GetCurrentDirectoryA
CreateDirectoryA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
FormatMessageA
CreateFileA
FlushFileBuffers
WriteFile
SetThreadPriority
GetThreadPriority
GetThreadContext
GetSystemInfo
VirtualQuery
GetModuleHandleA
GetProcessAffinityMask
SetProcessAffinityMask
GetACP
WideCharToMultiByte
MultiByteToWideChar
VirtualFree
VirtualAlloc
FindNextFileW
ReadFile
GetFileSizeEx
MoveFileExW
FindFirstFileW
DeleteFileW
GetFileAttributesExW
RemoveDirectoryW
CreateDirectoryW
GetTempPathW
FindClose
SetFilePointerEx
SetEndOfFile
SuspendThread
IsDebuggerPresent
ResumeThread
RaiseException
CreateSemaphoreA
ReleaseSemaphore
InterlockedCompareExchange
InterlockedExchangeAdd
InterlockedExchange
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetTickCount
DuplicateHandle
SetThreadIdealProcessor
SwitchToThread
OutputDebugStringA
SetEnvironmentVariableA
GetEnvironmentVariableA
WaitForSingleObjectEx
GetSystemTime
GetPriorityClass
SetPriorityClass
SleepEx
GetOverlappedResult
ReadDirectoryChangesW
CancelIo
CreateFileW
CreateEventW
WaitForMultipleObjectsEx
WaitForMultipleObjects
GetLongPathNameW
InterlockedDecrement
InterlockedIncrement
GetEnvironmentVariableW
FreeLibrary
GetLocalTime
CreateEventA
ResetEvent
SetEvent
IsBadStringPtrA
IsBadReadPtr
LoadLibraryA
WaitForSingleObject

user32

MessageBoxA

msvcp120

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
_Inf
_Nan
_FInf
_FNan
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z

msvcr120

__CxxFrameHandler3
_purecall
memcpy
memset
tolower
__libm_sse2_acosf
__libm_sse2_cosf
__libm_sse2_sinf
_strtoi64
strchr
strncmp
strncpy
strstr
_snprintf
_wassert
frexp
_CIfmod
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
floor
_CIatan2
rand
_libm_sse2_asin_precise
ceil
__iob_func
fflush
fprintf
_strtoui64
strtol
strtoul
printf
_errno
strerror
strtod
sprintf
_CxxThrowException
sscanf
__RTDynamicCast
atoi
isupper
fopen
exit
_localtime64
_time64
_beginthreadex
_endthreadex
_ftime64
memcpy_s
??9type_info@@QBE_NABV0@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
_except_handler3
atof
wcschr
_snwprintf
swscanf
_vsnprintf
__libm_sse2_logf
__libm_sse2_asinf
__libm_sse2_expf
wcstod
fclose
fwrite
_wfopen
fgetpos
fsetpos
wcsrchr
_ecvt
_fcvt
__libm_sse2_pow
_aligned_malloc
isdigit
isxdigit
_finite
_isnan
strftime
_gmtime64
_wgetcwd
_wstat64i32
free
_wgetdcwd
_getdrive
isalpha
malloc
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except1
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
abort
??8type_info@@QBE_NABV0@@Z
__libm_sse2_log
_aligned_free
memmove

ws2_32

gethostname
WSAStartup
WSACleanup
shutdown
setsockopt
send
recv
ioctlsocket
WSAIoctl
WSAEnumProtocolsA
WSAGetLastError
gethostbyaddr
socket
select
ntohs
htons
getsockopt
connect
closesocket
__WSAFDIsSet
gethostbyname

advapi32

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

Exports

Exports

PyInit_HashModule
PyInit__CAS
PyInit__CollectionUtils
PyInit__CommonTypes
PyInit__LineOfSight
PyInit__Profiler
PyInit__PythonPersistenceModule
PyInit__Sims4Collections
PyInit___animation
PyInit__action_primitive
PyInit__buildbuy
PyInit__commands
PyInit__debugvis
PyInit__filemonitor
PyInit__footprints
PyInit__geometry
PyInit__guid
PyInit__lot
PyInit__math
PyInit__mdz
PyInit__omega
PyInit__ops
PyInit__pathing
PyInit__perf_api
PyInit__persistence_primitives
PyInit__placement
PyInit__primitive
PyInit__profile
PyInit__pythonutils
PyInit__resourceman
PyInit__sim_irq
PyInit__social
PyInit__telemetry
PyInit__terrain
PyInit__trace
PyInit__weakrefutils
PyInit__zone
SetTelemetryTrampolineFunctions
dllInit
dllShutdown
init_net_proto2___python

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca6cf4e0c07018d1fa3977259dd5557d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0c:61:8e:5c:55:72:5b:09:15:8b:62:14:9c:42:5b:a5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bb:d3:51:e3:aa:29:76:02:8c:5a:f2:f6:96:c8:d6:8a:81:00:c6:78Signer

Signature Validations

Verification

05/09/2014, 10:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

python33

kernel32

user32

msvcp120

msvcr120

ws2_32

advapi32

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 884KB - Virtual size: 883KB

.data Size: 200KB - Virtual size: 269KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 297KB - Virtual size: 296KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:61:8e:5c:55:72:5b:09:15:8b:62:14:9c:42:5b:a5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bb:d3:51:e3:aa:29:76:02:8c:5a:f2:f6:96:c8:d6:8a:81:00:c6:78
Signer

05/09/2014, 10:13
Valid: false

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 884KB - Virtual size: 883KB

.data
Size: 200KB - Virtual size: 269KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 297KB - Virtual size: 296KB