996b50d4193dc305377b68c7b56e4fa587153a811adb378645885df2d2de6a73

Sharing

Copy URL Twitter E-mail

General

Target

996b50d4193dc305377b68c7b56e4fa587153a811adb378645885df2d2de6a73
Size

1.8MB
MD5

c6cba67a86576ba8ebc268d3badd3873
SHA1

48a16c6dcfe9912b5b1c601820e148a6aac91b92
SHA256

996b50d4193dc305377b68c7b56e4fa587153a811adb378645885df2d2de6a73
SHA512

b20ae431172a307e1986f5550781dc30b290c8ccc50c43f2bb908dddacf744401eea8dbaf125004f64b8704af56ff853f1c61791f3425c070da4e042986e9e61
SSDEEP

49152:OcQAetL1sghI/F2gOKByQSnTHpShO30UHgPnfQOuO39lzV:fYta+I/p+tQlF

Score

N/A

Malware Config

Signatures

Files

996b50d4193dc305377b68c7b56e4fa587153a811adb378645885df2d2de6a73
.exe windows x86

5f913a2d96a38c8193683a6b4c73fc12

Code Sign

80:87:28:ff:bf:02:0e:89:29:81:3b:59:aa:2e:c5:29
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/04/2015, 00:00

Not After

14/04/2016, 23:59

Subject

CN=City Center Games (Extreme White Limited),O=City Center Games (Extreme White Limited),POSTALCODE=2373,STREET=Tassou Papadopulu 6 (flat/office 22),L=Nicosia,ST=Agios Dometios,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:77:21:5b:24:b6:b7:fd:f2:ff:8e:cb:4e:50:6f:fd:be:dc:35:58
Signer

Actual PE Digest

41:77:21:5b:24:b6:b7:fd:f2:ff:8e:cb:4e:50:6f:fd:be:dc:35:58

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=City Center Games (Extreme White Limited),O=City Center Games (Extreme White Limited),POSTALCODE=2373,STREET=Tassou Papadopulu 6 (flat/office 22),L=Nicosia,ST=Agios Dometios,C=CY

24/11/2022, 14:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

userenv

GetProfilesDirectoryW

wininet

InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW

psapi

GetModuleFileNameExW

rpcrt4

UuidCreateSequential

kernel32

GetTempPathW
CopyFileW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
Sleep
FreeLibrary
FileTimeToSystemTime
SystemTimeToFileTime
CloseHandle
OpenProcess
GetLastError
FindFirstFileW
FindNextFileW
GetEnvironmentVariableW
GetFileAttributesW
FindClose
CreateFileW
GetFileSize
GetFileSizeEx
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
SetFileTime
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
GetCurrentProcess
WaitForSingleObject
TerminateProcess
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
LeaveCriticalSection
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetVersionExW
GetFileAttributesA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetVersion
CreateDirectoryW
DosDateTimeToFileTime
CreateProcessW
WaitForMultipleObjects
TerminateThread
FlushViewOfFile
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetModuleHandleA
GetFileType
GetStdHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
EnterCriticalSection
InterlockedDecrement
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MultiByteToWideChar
GetACP
GetOEMCP
GetConsoleCP
GetTimeZoneInformation
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
UnlockFileEx
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
GetCommandLineW
IsDebuggerPresent
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
CreateThread
ExitThread
LoadLibraryExW

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
EnumChildWindows
FindWindowExW
GetClassNameW
LoadStringW
GetWindowThreadProcessId
EnumWindows
PostMessageW

advapi32

RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
RegDeleteKeyW
RegSetValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoCreateGuid
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

SysAllocStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f913a2d96a38c8193683a6b4c73fc12

Code Sign

80:87:28:ff:bf:02:0e:89:29:81:3b:59:aa:2e:c5:29Certificate

Extended Key Usages

Key Usages

41:77:21:5b:24:b6:b7:fd:f2:ff:8e:cb:4e:50:6f:fd:be:dc:35:58Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

userenv

wininet

psapi

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 371KB - Virtual size: 370KB

.data Size: 58KB - Virtual size: 76KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 61KB - Virtual size: 60KB

80:87:28:ff:bf:02:0e:89:29:81:3b:59:aa:2e:c5:29
Certificate

41:77:21:5b:24:b6:b7:fd:f2:ff:8e:cb:4e:50:6f:fd:be:dc:35:58
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 371KB - Virtual size: 370KB

.data
Size: 58KB - Virtual size: 76KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 61KB - Virtual size: 60KB