996f884cba8ebd5af190ece5f3c47b408474e4b8a0ca64949588f521bab6377e

Sharing

Copy URL

Twitter E-mail

General

Target

996f884cba8ebd5af190ece5f3c47b408474e4b8a0ca64949588f521bab6377e
Size

8.0MB
MD5

8c7606bfb6037815265196e57152ec69
SHA1

3cf55944ff7ac15d252880f7cd5e57c22f787812
SHA256

996f884cba8ebd5af190ece5f3c47b408474e4b8a0ca64949588f521bab6377e
SHA512

2418b6df8ea64b408f49e3e5982182f26d88e314402292f6ef860005ff32aaaf7fc2b07bf25531c6a83a8dd4a1fa125aaa237ea055ce5456798c2d13b39a196c
SSDEEP

196608:KkEmeEYZcccHVn6fs+0iEcQnruJhLnZVFH6Iz3YKAeu+J2oAnP3owxopfEGI9Z:KkiZ3LSi7Er8hLnZVUuJjMP3owx6I9Z

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/10901268/10901268/dydatadir/doyo_setup.doyo000	upx
static1/unpack001/10901268/Setup.exe	upx

Files

996f884cba8ebd5af190ece5f3c47b408474e4b8a0ca64949588f521bab6377e
.rar
10901268/10901268/ACGHH_.dsv
10901268/10901268/ACGHH_.nds
10901268/10901268/DeSmuME_VS2008.doyo000
.exe windows x86

744b91ec496befe0122d3122226096b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dinput8

DirectInput8Create

ddraw

DirectDrawCreateEx

dsound

ord11

avifil32

AVISaveOptions
AVIStreamRelease
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileInit
AVIFileCreateStreamA

winmm

timeSetEvent
timeEndPeriod
waveInClose
waveInPrepareHeader
waveInOpen
waveInAddBuffer
waveInReset
waveInStart
timeGetDevCaps
timeKillEvent
timeGetTime
timeBeginPeriod

opengl32

glDeleteTextures
glPixelStorei
glEnd
glFinish
glBindTexture
glVertex4fv
glTexImage2D
glGetError
glDisable
glGetString
glBegin
glDepthMask
glTexParameteri
glClearDepth
glClearStencil
glAlphaFunc
glDepthFunc
glClear
glClearColor
glTexParameterf
wglMakeCurrent
wglCreateContext
glLoadIdentity
glGenTextures
glTexCoord2fv
wglGetProcAddress
glEnable
glStencilOp
glColor4fv
glTexImage1D
glViewport
glTexEnvi
glMatrixMode
glScalef
glCullFace
glBlendFunc
glPolygonMode
glStencilFunc
glReadPixels
glColorMask

ws2_32

closesocket
WSACleanup
WSAStartup
recvfrom
htonl
select
htons
setsockopt
sendto
bind
socket

user32

PostMessageA
MessageBoxA
GetAsyncKeyState
GetWindowTextA
GetKeyboardState
GetKeyState
ScreenToClient
SetDlgItemTextA
SetDlgItemTextW
GetDlgItemTextW
CharPrevExA
CharToOemA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharNextA
GetParent
CreateMenu
LoadAcceleratorsA
RemoveMenu
FrameRect
GetScrollInfo
GetScrollPos
PostQuitMessage
GetDlgItemInt
SetScrollRange
SetScrollPos
SendInput
DrawMenuBar
SetMenuItemInfoA
CreateWindowExW
DialogBoxParamA
ClientToScreen
CloseClipboard
TrackPopupMenu
SetCapture
IsZoomed
GetSubMenu
SetForegroundWindow
DeleteMenu
LoadMenuA
GetMenuStringW
GetMenuItemInfoW
IsDialogMessageA
SetDlgItemInt
GetMenu
OffsetRect
SetPropA
PeekMessageA
EnableMenuItem
EmptyClipboard
TranslateAcceleratorA
GetMenuItemInfoA
GetMenuItemCount
CheckRadioButton
OpenClipboard
ReleaseCapture
InsertMenuA
SetClipboardData
DestroyMenu
GetDlgItemTextA
SetMenuItemInfoW
ModifyMenuA
MoveWindow
SetActiveWindow
GetFocus
GetWindowTextLengthA
RedrawWindow
GetActiveWindow
IsWindowEnabled
GetForegroundWindow
SetWindowTextW
LoadStringW
EndDialog
GetDlgCtrlID
SendDlgItemMessageA
GetMessageA
GetWindowRect
CreateDialogParamA
KillTimer
SetTimer
EnableWindow
SetWindowTextA
InsertMenuItemA
DrawTextA
GetMenuBarInfo
LoadBitmapA
LoadIconA
GetDC
TranslateMessage
SetRect
UnregisterClassA
ReleaseDC
GetSysColor
SetWindowPos
ShowWindow
SetMenu
DispatchMessageA
AdjustWindowRectEx
SystemParametersInfoA
GetSystemMetrics
UpdateWindow
AdjustWindowRect
CheckMenuItem
EndPaint
RegisterClassExA
FillRect
GetClientRect
BeginPaint
InvalidateRect
GetWindowLongA
CreateWindowExA
DefWindowProcA
GetSysColorBrush
LoadCursorA
DestroyWindow
DialogBoxParamW
wsprintfA
SetFocus
SendMessageA
SetWindowLongA
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
CreateDialogParamW
CallWindowProcA
GetCursorPos

gdi32

StretchBlt
MoveToEx
LineTo
CreatePen
BitBlt
SetBkMode
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SetPixelFormat
SetDIBitsToDevice
CreateFontA
CreateCompatibleBitmap
TextOutA
SetTextColor
SetBkColor
GetStockObject
ExtTextOutA
GetTextExtentPoint32A
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
SetDIBits
GetObjectA
DeleteObject
CreateSolidBrush

shell32

DragFinish
ShellExecuteA
DragAcceptFiles
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shlwapi

PathCompactPathA

kernel32

GetLocaleInfoW
MultiByteToWideChar
SetFileAttributesA
CopyFileA
GetFileAttributesA
CloseHandle
CreateEventA
Sleep
SetEvent
WaitForSingleObject
CreateThread
GetModuleFileNameA
lstrlenA
FindNextFileA
FindClose
GetLastError
FindFirstFileA
AllocConsole
FreeLibrary
SetConsoleScreenBufferSize
FreeConsole
SetEnvironmentVariableA
FlushFileBuffers
CreatePipe
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringW
CompareStringA
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetConsoleOutputCP
CreateFileA
GetCurrentDirectoryA
GetTimeZoneInformation
GetOEMCP
SetHandleCount
HeapCreate
HeapSize
SetLastError
TlsFree
LCMapStringW
LCMapStringA
RaiseException
GetCPInfo
GetProcessHeap
SetEndOfFile
ExitThread
CreateProcessA
MoveFileA
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
DeleteFileA
GetFileType
SetStdHandle
ExitProcess
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetConsoleCP
GetACP
SetConsoleTitleA
GetStdHandle
GetProcAddress
LoadLibraryA
WaitForMultipleObjects
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
VirtualFree
VirtualAlloc
LocalFileTimeToFileTime
CompareFileTime
GetVersion
GetModuleHandleW
FormatMessageW
LocalFree
GetThreadLocale
GetLocaleInfoA
InterlockedExchangeAdd
IsValidCodePage
GetCPInfoExA
WideCharToMultiByte
IsDBCSLeadByteEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleFileNameW
TlsAlloc
GetCurrentThread
DuplicateHandle
SetThreadPriority
TlsGetValue
TlsSetValue
ReleaseMutex
CreateMutexA
DeleteCriticalSection
CreateSemaphoreA
GetExitCodeProcess
ReleaseSemaphore
GetSystemTimeAsFileTime
IsDebuggerPresent
FormatMessageA
SetCurrentDirectoryA
SwitchToThread
GetTickCount
GetFullPathNameA
GetTempPathA
QueryPerformanceFrequency
GetSystemInfo
ResetEvent
GetPrivateProfileStringA
EnterCriticalSection
SetThreadLocale
LeaveCriticalSection
InitializeCriticalSection
SignalObjectAndWait
QueryPerformanceCounter
GetCurrentProcess
GlobalAddAtomA
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleOutputCP
SetConsoleWindowInfo
WritePrivateProfileStringA
GetPrivateProfileIntA
FindCloseChangeNotification
GetFileAttributesExA
TerminateThread
FindFirstChangeNotificationA
ResumeThread
SetProcessAffinityMask
GetModuleHandleA

oleaut32

SysFreeString
SysAllocString
VariantCopy
SysAllocStringByteLen
VariantClear

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 982KB - Virtual size: 57.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
10901268/10901268/DeSmuME_VS2008_NoConsole.doyo000
.exe windows x86

d1e8a6177e863da3d368d68bcd0fc0dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dinput8

DirectInput8Create

ddraw

DirectDrawCreateEx

dsound

ord11

avifil32

AVISaveOptions
AVIStreamRelease
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileInit
AVIFileCreateStreamA

winmm

timeSetEvent
timeEndPeriod
waveInClose
waveInPrepareHeader
waveInOpen
waveInAddBuffer
waveInReset
waveInStart
timeGetDevCaps
timeKillEvent
timeGetTime
timeBeginPeriod

opengl32

glDeleteTextures
glPixelStorei
glEnd
glFinish
glBindTexture
glVertex4fv
glTexImage2D
glGetError
glDisable
glGetString
glBegin
glDepthMask
glTexParameteri
glClearDepth
glClearStencil
glAlphaFunc
glDepthFunc
glClear
glClearColor
glTexParameterf
wglMakeCurrent
wglCreateContext
glLoadIdentity
glGenTextures
glTexCoord2fv
wglGetProcAddress
glEnable
glStencilOp
glColor4fv
glTexImage1D
glViewport
glTexEnvi
glMatrixMode
glScalef
glCullFace
glBlendFunc
glPolygonMode
glStencilFunc
glReadPixels
glColorMask

ws2_32

closesocket
WSACleanup
WSAStartup
recvfrom
htonl
select
htons
setsockopt
sendto
bind
socket

user32

PostMessageA
MessageBoxA
GetAsyncKeyState
GetWindowTextA
GetKeyboardState
GetKeyState
ScreenToClient
SetDlgItemTextA
SetDlgItemTextW
GetDlgItemTextW
CharPrevExA
CharToOemA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharNextA
GetParent
CreateMenu
LoadAcceleratorsA
RemoveMenu
FrameRect
GetScrollInfo
GetScrollPos
PostQuitMessage
GetDlgItemInt
SetScrollRange
SetScrollPos
SendInput
DrawMenuBar
SetMenuItemInfoA
CreateWindowExW
DialogBoxParamA
ClientToScreen
CloseClipboard
TrackPopupMenu
SetCapture
IsZoomed
GetSubMenu
SetForegroundWindow
DeleteMenu
LoadMenuA
GetMenuStringW
GetMenuItemInfoW
IsDialogMessageA
SetDlgItemInt
GetMenu
OffsetRect
SetPropA
PeekMessageA
EnableMenuItem
EmptyClipboard
TranslateAcceleratorA
GetMenuItemInfoA
GetMenuItemCount
CheckRadioButton
OpenClipboard
ReleaseCapture
InsertMenuA
SetClipboardData
DestroyMenu
GetDlgItemTextA
SetMenuItemInfoW
ModifyMenuA
MoveWindow
SetActiveWindow
GetFocus
GetWindowTextLengthA
RedrawWindow
GetActiveWindow
IsWindowEnabled
GetForegroundWindow
SetWindowTextW
LoadStringW
EndDialog
GetDlgCtrlID
SendDlgItemMessageA
GetMessageA
GetWindowRect
CreateDialogParamA
KillTimer
SetTimer
EnableWindow
SetWindowTextA
InsertMenuItemA
DrawTextA
GetMenuBarInfo
LoadBitmapA
LoadIconA
GetDC
TranslateMessage
SetRect
UnregisterClassA
ReleaseDC
GetSysColor
SetWindowPos
ShowWindow
SetMenu
DispatchMessageA
AdjustWindowRectEx
SystemParametersInfoA
GetSystemMetrics
UpdateWindow
AdjustWindowRect
CheckMenuItem
EndPaint
RegisterClassExA
FillRect
GetClientRect
BeginPaint
InvalidateRect
GetWindowLongA
CreateWindowExA
DefWindowProcA
GetSysColorBrush
LoadCursorA
DestroyWindow
DialogBoxParamW
wsprintfA
SetFocus
SendMessageA
SetWindowLongA
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
CreateDialogParamW
CallWindowProcA
GetCursorPos

gdi32

StretchBlt
MoveToEx
LineTo
CreatePen
BitBlt
SetBkMode
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SetPixelFormat
SetDIBitsToDevice
CreateFontA
CreateCompatibleBitmap
TextOutA
SetTextColor
SetBkColor
GetStockObject
ExtTextOutA
GetTextExtentPoint32A
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
SetDIBits
GetObjectA
DeleteObject
CreateSolidBrush

shell32

DragFinish
ShellExecuteA
DragAcceptFiles
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shlwapi

PathCompactPathA

kernel32

GetLocaleInfoW
MultiByteToWideChar
SetFileAttributesA
CopyFileA
GetFileAttributesA
CloseHandle
CreateEventA
Sleep
SetEvent
WaitForSingleObject
CreateThread
GetModuleFileNameA
lstrlenA
FindNextFileA
FindClose
GetLastError
FindFirstFileA
FreeLibrary
SetEnvironmentVariableA
FlushFileBuffers
CreatePipe
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringW
CompareStringA
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetConsoleOutputCP
CreateFileA
GetCurrentDirectoryA
GetTimeZoneInformation
GetOEMCP
SetHandleCount
HeapCreate
HeapSize
SetLastError
TlsFree
LCMapStringW
LCMapStringA
RaiseException
GetCPInfo
GetProcessHeap
SetEndOfFile
ExitThread
CreateProcessA
MoveFileA
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
DeleteFileA
GetFileType
SetStdHandle
ExitProcess
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetACP
GetStdHandle
GetProcAddress
LoadLibraryA
WaitForMultipleObjects
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
VirtualFree
VirtualAlloc
LocalFileTimeToFileTime
CompareFileTime
GetVersion
GetModuleHandleW
FormatMessageW
LocalFree
GetThreadLocale
GetLocaleInfoA
InterlockedExchangeAdd
IsValidCodePage
GetCPInfoExA
WideCharToMultiByte
IsDBCSLeadByteEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleFileNameW
TlsAlloc
GetCurrentThread
DuplicateHandle
SetThreadPriority
TlsGetValue
TlsSetValue
ReleaseMutex
CreateMutexA
DeleteCriticalSection
CreateSemaphoreA
GetExitCodeProcess
ReleaseSemaphore
GetSystemTimeAsFileTime
IsDebuggerPresent
FormatMessageA
SetCurrentDirectoryA
SwitchToThread
GetTickCount
GetFullPathNameA
GetTempPathA
QueryPerformanceFrequency
GetSystemInfo
ResetEvent
GetPrivateProfileStringA
EnterCriticalSection
SetThreadLocale
LeaveCriticalSection
InitializeCriticalSection
SignalObjectAndWait
QueryPerformanceCounter
GetCurrentProcess
GlobalAddAtomA
WriteConsoleA
WritePrivateProfileStringA
GetPrivateProfileIntA
FindCloseChangeNotification
GetFileAttributesExA
TerminateThread
FindFirstChangeNotificationA
ResumeThread
SetProcessAffinityMask
GetModuleHandleA

oleaut32

SysFreeString
SysAllocString
VariantCopy
SysAllocStringByteLen
VariantClear

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 982KB - Virtual size: 57.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
10901268/10901268/Game.doyo000
.exe windows x86

6cac206bccb0caafd42b8ad91aa78cfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2915
ord2818
ord924
ord800
ord858
ord4129
ord5683
ord860
ord1168
ord5731
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord2379
ord755
ord470
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord4673
ord1576

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
__getmainargs

kernel32

CloseHandle
GetPrivateProfileStringA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
CreateProcessA

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
10901268/10901268/desmume.doyo003
10901268/10901268/doyo_run_param.doyo003
10901268/10901268/doyo_thumbnail.doyo013
.jpg
10901268/10901268/doyogame.doyo001
10901268/10901268/dydatadir/doyo_setup.doyo000
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:94:95:00:06:2b:71
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

01-09-2011 10:16

Not After

02-09-2012 11:23

Subject

CN=BeiJing Doyo Networking Technologies Ltd.,O=BeiJing Doyo Networking Technologies Ltd.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c15646f796f7365727669636540676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:cd:a0:96:9f:c0:c8:c8:38:da:cc:02:67:0e:39:8e:ee:82:f3:f1
Signer

Actual PE Digest

1f:cd:a0:96:9f:c0:c8:c8:38:da:cc:02:67:0e:39:8e:ee:82:f3:f1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BeiJing Doyo Networking Technologies Ltd.,O=BeiJing Doyo Networking Technologies Ltd.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c15646f796f7365727669636540676d61696c2e636f6d

06-01-2012 03:26
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
10901268/10901268/game.doyo003
10901268/10901268/index.dat
10901268/Setup.exe
.exe windows x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:94:95:00:06:2b:71
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

01-09-2011 10:16

Not After

02-09-2012 11:23

Subject

CN=BeiJing Doyo Networking Technologies Ltd.,O=BeiJing Doyo Networking Technologies Ltd.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c15646f796f7365727669636540676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:90:ab:8b:94:b0:47:8c:b9:01:78:95:04:a1:fa:79:08:58:6e:61
Signer

Actual PE Digest

0f:90:ab:8b:94:b0:47:8c:b9:01:78:95:04:a1:fa:79:08:58:6e:61

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BeiJing Doyo Networking Technologies Ltd.,O=BeiJing Doyo Networking Technologies Ltd.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c15646f796f7365727669636540676d61696c2e636f6d

05-01-2012 06:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 892KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 435KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
10901268/config.ini

Sharing

General

Malware Config

Signatures

Files

744b91ec496befe0122d3122226096b8

Headers

DLL Characteristics

File Characteristics

Imports

dinput8

ddraw

dsound

avifil32

winmm

opengl32

ws2_32

user32

gdi32

shell32

comdlg32

shlwapi

kernel32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 594KB - Virtual size: 593KB

.data Size: 982KB - Virtual size: 57.0MB

.rsrc Size: 277KB - Virtual size: 277KB

d1e8a6177e863da3d368d68bcd0fc0dc

Headers

DLL Characteristics

File Characteristics

Imports

dinput8

ddraw

dsound

avifil32

winmm

opengl32

ws2_32

user32

gdi32

shell32

comdlg32

shlwapi

kernel32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 594KB - Virtual size: 593KB

.data Size: 982KB - Virtual size: 57.0MB

.rsrc Size: 277KB - Virtual size: 277KB

6cac206bccb0caafd42b8ad91aa78cfa

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 324B

.rsrc Size: 12KB - Virtual size: 9KB

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

19:9d:f8:79Certificate

Key Usages

09:94:95:00:06:2b:71Certificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 594KB - Virtual size: 593KB

.data
Size: 982KB - Virtual size: 57.0MB

.rsrc
Size: 277KB - Virtual size: 277KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 594KB - Virtual size: 593KB

.data
Size: 982KB - Virtual size: 57.0MB

.rsrc
Size: 277KB - Virtual size: 277KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 324B

.rsrc
Size: 12KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

19:9d:f8:79
Certificate

09:94:95:00:06:2b:71
Certificate

39
Certificate

1f:cd:a0:96:9f:c0:c8:c8:38:da:cc:02:67:0e:39:8e:ee:82:f3:f1
Signer

06-01-2012 03:26
Valid: false

UPX0
Size: - Virtual size: 344KB

UPX1
Size: 163KB - Virtual size: 164KB

.rsrc
Size: 31KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

19:9d:f8:79
Certificate

09:94:95:00:06:2b:71
Certificate

39
Certificate

0f:90:ab:8b:94:b0:47:8c:b9:01:78:95:04:a1:fa:79:08:58:6e:61
Signer

05-01-2012 06:01
Valid: false

UPX0
Size: - Virtual size: 892KB

UPX1
Size: 435KB - Virtual size: 436KB

.rsrc
Size: 36KB - Virtual size: 40KB