101XP_Game_Center_1673186958[.]9ebf3c9f48bcff9f4c7a3afbc649ebc7_340[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

101XP_Game_Center_1673186958.9ebf3c9f48bcff9f4c7a3afbc649ebc7_340.exe
Size

6.4MB
MD5

9ef2373039f411790115f4f547bf2bdd
SHA1

bd3e9d479cd325aa648ca4ebb55698da6bd05e87
SHA256

350272f99f10082012c7d060b8bf61957c6e1933fc38e1c2cb7d2478fbf4f20e
SHA512

b4799a83f5b8dfa47f1728885d960598c4895115400f17b36c50cd7e96f1df107e5532ab496e458c8292541935bdada55d01cd14c06b030faf29e070e45ed6e0
SSDEEP

98304:2jf+00A56Bw370gBEeEhRbMQAHf1w47y9DMbJcioxcKK2SewFiYCJc7vfmIwH:g90A56lgBKMQAH9w471wH

Score

N/A

Malware Config

Signatures

Files

101XP_Game_Center_1673186958.9ebf3c9f48bcff9f4c7a3afbc649ebc7_340.exe
.exe windows x86

e1b9c9acabc44a4a26f789865934b080

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:10:03:03:cc:3c:9a:31:71:eb:1a:98
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2021, 11:53

Not After

22/04/2024, 05:35

Subject

SERIALNUMBER=1157746703058,CN=101XP LABS LLC,O=101XP LABS LLC,STREET=ul Tvardovskogo\, 8 / str 1 et/pom/kom 6/I/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:6a:76:cd:48:38:a4:5e:4a:db:de:2c:3c:9b:48:e4:cc:48:11:5a
Signer

Actual PE Digest

bf:6a:76:cd:48:38:a4:5e:4a:db:de:2c:3c:9b:48:e4:cc:48:11:5a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=1157746703058,CN=101XP LABS LLC,O=101XP LABS LLC,STREET=ul Tvardovskogo\, 8 / str 1 et/pom/kom 6/I/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

29/11/2022, 19:11
Valid: true

Chain 1

SERIALNUMBER=1157746703058,CN=101XP LABS LLC,O=101XP LABS LLC,STREET=ul Tvardovskogo\, 8 / str 1 et/pom/kom 6/I/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCloseHandle
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse

ws2_32

getservbyname
htons
WSAGetLastError
setsockopt
ioctlsocket
sendto
recvfrom
accept
ntohs
connect
freeaddrinfo
getaddrinfo
recv
send
WSACleanup
__WSAFDIsSet
gethostname
ntohl
getsockopt
gethostbyname
htonl
select
WSASetLastError
WSAStartup
WSAIoctl
shutdown
listen
getpeername
bind
closesocket
getsockname
socket

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

user32

ReleaseDC
GetForegroundWindow
SendMessageW
CharUpperW
GetUserObjectInformationW
GetProcessWindowStation
SetActiveWindow
WindowFromPoint
SetForegroundWindow
MessageBoxA
GetSysColor
FillRect
SetRect
MessageBeep
PostThreadMessageA
SystemParametersInfoA
CopyIcon
CreateIconIndirect
DestroyIcon
LoadIconA
LoadCursorA
GetWindow
GetParent
SetWindowLongA
GetWindowLongA
MapWindowPoints
ClientToScreen
GetCursorPos
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
ValidateRgn
InvalidateRect
GetUpdateRgn
KillTimer
SetTimer
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
GetAsyncKeyState
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
ChangeClipboardChain
SetClipboardViewer
GetIconInfo
CloseClipboard
OpenClipboard
BringWindowToTop
IsIconic
GetDC
SetWindowLongW
GetSystemMetrics
SetWindowRgn
SetWindowPos
GetWindowLongW
LoadIconW
MessageBoxW
GetKeyboardLayout
RegisterWindowMessageW
TranslateMessage
DispatchMessageW
GetClipboardOwner
PeekMessageA
PeekMessageW
SendMessageA
PostMessageA
DefWindowProcA
DefWindowProcW
RegisterClassExA
RegisterClassExW
CreateWindowExA
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
OpenIcon

advapi32

LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
RegDeleteKeyW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
GetUserNameW

gdi32

Pie
Arc
ExtCreatePen
Polygon
DPtoLP
MoveToEx
PolyPolygon
RectInRegion
LineTo
GetRgnBox
EqualRgn
SetPixel
ExtCreateRegion
CreateCompatibleDC
BitBlt
SelectPalette
SelectObject
RealizePalette
GetStockObject
CreateSolidBrush
Polyline
CreateDCA
CreateFontA
GetGlyphOutlineW
GetObjectW
GetTextExtentPoint32W
GetCharacterPlacementW
CreatePen
SetTextColor
GetDIBits
GetTextMetricsA
TextOutW
StretchDIBits
OffsetRgn
CreatePalette
GetDCOrgEx
GetObjectA
SelectClipRgn
CreateRoundRectRgn
GdiFlush
LPtoDP
CreatePolygonRgn
CreateDIBSection
PlayEnhMetaFile
GetEnhMetaFileHeader
AddFontMemResourceEx
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
RestoreDC
SaveDC
SetBkMode
SetDIBitsToDevice
SetTextAlign
UpdateColors

wldap32

ord211
ord30
ord200
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord143
ord46
ord79
ord60
ord45
ord301

normaliz

IdnToAscii

kernel32

InterlockedFlushSList
GetModuleHandleExW
GetModuleFileNameA
LockFileEx
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetExitCodeThread
GetProcessHeap
HeapFree
HeapAlloc
IsDebuggerPresent
InitializeSListHead
UnlockFileEx
UnhandledExceptionFilter
GetFullPathNameW
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
ExpandEnvironmentStringsA
SleepEx
WaitForSingleObjectEx
GetTickCount64
InitializeCriticalSectionEx
SetFilePointer
SetEndOfFile
InterlockedPushEntrySList
GetVersionExW
GetProcessAffinityMask
CreateEventW
MoveFileW
SetFileAttributesW
VirtualFree
VirtualAlloc
FlushConsoleInputBuffer
GlobalMemoryStatus
GetTickCount
OutputDebugStringA
GetStdHandle
GetStartupInfoW
GetExitCodeProcess
LCMapStringW
UnregisterWaitEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
SetFilePointerEx
SetStdHandle
GetConsoleCP
ExitThread
GetFileSize
RtlUnwind
FreeLibraryAndExitThread
QueryPerformanceCounter
ReadConsoleInputA
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetTimeZoneInformation
SetEnvironmentVariableA
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
VerSetConditionMask
GetSystemInfo
QueryPerformanceFrequency
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
GetThreadTimes
VirtualProtect
FileTimeToSystemTime
InterlockedPopEntrySList
QueryDepthSList
SetEnvironmentVariableW
VerifyVersionInfoA
GetFileType
IsProcessorFeaturePresent
FindClose
WriteConsoleW
ReadConsoleW
GetConsoleMode
SetConsoleMode
Sleep
SetConsoleCtrlHandler
SwitchToThread
DuplicateHandle
PeekNamedPipe
TlsFree
TlsGetValue
DeleteCriticalSection
GetEnvironmentVariableA
GetFileAttributesA
GetSystemTimeAsFileTime
GetCurrentProcess
CreateFileW
GetCurrentThreadId
GetLastError
CloseHandle
RaiseException
GetCurrentProcessId
SetUnhandledExceptionFilter
GetLogicalDrives
GetCurrentThread
VirtualQuery
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateProcessW
CreateDirectoryW
FindFirstFileW
InterlockedDecrement
GetModuleFileNameW
GetTempPathW
LoadLibraryW
MultiByteToWideChar
FormatMessageW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
CopyFileW
SizeofResource
LockResource
LoadResource
FindResourceW
ReleaseSemaphore
CreateSemaphoreW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitOnceExecuteOnce
WideCharToMultiByte
DeleteFileW
FindNextFileW
RemoveDirectoryW
FreeLibrary
LoadLibraryExW
Module32FirstW
Module32NextW
LoadLibraryA
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObject
CreateThread
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoA
GetACP
GetComputerNameA
ExitProcess
lstrlenA
ReadFile
SetLastError
WriteFile
DeviceIoControl
SetFileTime
CreateHardLinkW
GetFileAttributesW
GetFileInformationByHandle
MoveFileExW
FlushFileBuffers
FormatMessageA
CreateIoCompletionPort
RegisterWaitForSingleObject
UnregisterWait
PostQueuedCompletionStatus
CreateEventA
SetErrorMode
TryEnterCriticalSection
TlsSetValue
WaitForMultipleObjects
ResumeThread
SetEvent
TlsAlloc
ResetEvent

shell32

SHGetMalloc
DragQueryFileW
ShellExecuteA
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ExtractIconW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
OleUninitialize
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantCopy
SysAllocStringLen
SysStringLen

dbghelp

SymFromAddr
SymSetOptions
StackWalk64
SymInitialize
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
MiniDumpWriteDump

comctl32

_TrackMouseEvent

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1b9c9acabc44a4a26f789865934b080

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

21:10:03:03:cc:3c:9a:31:71:eb:1a:98Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

bf:6a:76:cd:48:38:a4:5e:4a:db:de:2c:3c:9b:48:e4:cc:48:11:5aSigner

Signature Validations

Verification

29/11/2022, 19:11 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

ws2_32

rpcrt4

user32

advapi32

gdi32

wldap32

normaliz

kernel32

shell32

ole32

oleaut32

dbghelp

comctl32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 107KB - Virtual size: 156KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 600KB - Virtual size: 600KB

.reloc Size: 149KB - Virtual size: 149KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

21:10:03:03:cc:3c:9a:31:71:eb:1a:98
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

bf:6a:76:cd:48:38:a4:5e:4a:db:de:2c:3c:9b:48:e4:cc:48:11:5a
Signer

29/11/2022, 19:11
Valid: true

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 107KB - Virtual size: 156KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 600KB - Virtual size: 600KB

.reloc
Size: 149KB - Virtual size: 149KB