re5dx9[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

re5dx9.exe
Size

14.3MB
MD5

553fdbb0afb20ac73b8ee44bd9361128
SHA1

45fc817f292e2ef17d721db4b4ce7357cab3557d
SHA256

f9d5046d3c19c2dde7b5abc5114a042d6d36e70e3fa29d79dc5336d6e03a0c1f
SHA512

9aefec89be417a1bcee99dc72fe1164a5f3e928073a161e15cc9c6fc9914cb06cd748a6b63c147db8e69dd047b43ddcf60560092ab8b69644a641a0b2e226f8b
SSDEEP

196608:emCKChXCxC/qWCmVokjTZYbFyawNYsd2XZLGvzspCN59w:emCKChXCxcNokjg/skXwvYP

Score

N/A

Malware Config

Signatures

Files

re5dx9.exe
.exe windows x86

b5e8fc2089d34d2c4207370e68ad1b51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:02:9f:41:f6:3a:52:88:34:d3:60:39:87:19:92:95
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/04/2017, 00:00

Not After

03/05/2018, 23:59

Subject

CN=CAPCOM Co.\,Ltd.,OU=R&D Asset Management Section,O=CAPCOM Co.\,Ltd.,L=Osaka,ST=Osaka,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:14:b6:3d:7b:2f:b5:e7:72:5c:93:a4:35:18:3a:27:7a:fa:9e:08:29:fb:59:f0:42:c7:fa:1d:51:9f:53:c0
Signer

Actual PE Digest

80:14:b6:3d:7b:2f:b5:e7:72:5c:93:a4:35:18:3a:27:7a:fa:9e:08:29:fb:59:f0:42:c7:fa:1d:51:9f:53:c0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CAPCOM Co.\,Ltd.,OU=R&D Asset Management Section,O=CAPCOM Co.\,Ltd.,L=Osaka,ST=Osaka,C=JP

24/01/2018, 07:31
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

steam_api

SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_RunCallbacks
SteamNetworking
SteamMatchmaking
SteamClient
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamApps
SteamFriends
SteamAPI_Shutdown
SteamUtils
SteamAPI_IsSteamRunning
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamUser
SteamUserStats
SteamRemoteStorage

kernel32

CreateDirectoryA
SetCurrentDirectoryA
CreateFileA
ReadFile
CloseHandle
GetOverlappedResult
DeleteFileA
FindClose
FindFirstFileA
lstrcpyA
lstrlenA
InitializeCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
CreateThread
GetExitCodeThread
GetCurrentThreadId
FindNextFileA
GetFileAttributesA
InterlockedExchangeAdd
GetModuleFileNameA
GetStdHandle
HeapSize
ExitProcess
HeapReAlloc
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
RtlUnwind
GetLastError
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsDebuggerPresent
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
SuspendThread
SetThreadPriority
GlobalUnlock
GlobalAlloc
GlobalLock
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
MoveFileA
CopyFileA
ReadFileEx
FileTimeToSystemTime
WriteFile
SetFileTime
HeapDestroy
SleepEx
GetSystemDefaultLangID
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA
InterlockedDecrement
VerifyVersionInfoA
VerSetConditionMask
GetCommandLineA
DebugBreak
OutputDebugStringA
SetLastError
GetCurrentDirectoryA
GetCPInfo
CreateSemaphoreA
GetACP
GetOEMCP
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetThreadIdealProcessor
GetSystemInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedIncrement
SetHandleCount
CompareStringW
CompareStringA
WriteConsoleW
ResumeThread
QueryPerformanceFrequency
ResetEvent
SetEvent
QueryPerformanceCounter
FatalAppExitA
GetFileType
SetUnhandledExceptionFilter
LocaleNameToLCID
MultiByteToWideChar
WaitForMultipleObjects
GetSystemTimeAsFileTime
GetUserDefaultLangID
FormatMessageA
ReleaseMutex
WaitForSingleObject
CreateEventA
CreateMutexA
HeapCreate
GetConsoleOutputCP
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
ReleaseSemaphore

user32

AdjustWindowRect
DefWindowProcW
GetWindowThreadProcessId
MoveWindow
DispatchMessageW
wsprintfA
CreateWindowExW
ShowWindow
LoadAcceleratorsA
SetWindowPos
PeekMessageW
SetWindowLongA
LoadIconW
RegisterClassExW
SetWindowTextW
TranslateMessage
BeginPaint
GetClientRect
AttachThreadInput
IsZoomed
PostQuitMessage
GetMessageW
GetWindowRect
GetSystemMenu
EndPaint
SendMessageA
DefWindowProcA
CreateWindowExA
UpdateWindow
RegisterClassExA
DestroyWindow
UnhookWindowsHookEx
GetKeyboardState
FindWindowW
GetFocus
GetForegroundWindow
IsIconic
CallNextHookEx
ClipCursor
GetCursorPos
SetCursorPos
ShowCursor
ScreenToClient
ClientToScreen
SetClipboardData
EmptyClipboard
CloseClipboard
GetSystemMetrics
SetActiveWindow
SetForegroundWindow
SetClassLongA
GetClassLongA
DestroyCursor
SetCursor
LoadCursorA
LoadIconA
SystemParametersInfoA
SetWindowsHookExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

DragAcceptFiles
SHGetFolderPathA

ws2_32

closesocket
getpeername
ioctlsocket
recvfrom
getsockname
sendto
getsockopt
WSACleanup
select
__WSAFDIsSet
accept
ntohs
inet_ntoa
setsockopt
bind
listen
gethostname
WSAStartup
WSAAsyncSelect
htons
inet_addr
gethostbyname
connect
send
recv
socket
WSAGetLastError

iphlpapi

GetIfEntry
GetIfTable

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

d3d9

D3DPERF_GetStatus
Direct3DCreate9

xinput1_3

ord4
ord3
ord2

dinput8

DirectInput8Create

dsound

ord11

wmvcore

WMCreateSyncReader

avifil32

AVIFileCreateStreamA
AVIFileExit
AVIStreamRelease
AVIFileInit
AVIStreamSetFormat
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIMakeCompressedStream

msvfw32

ICCompressorChoose
ICCompressorFree

xlive

ord5002
ord5297
ord5310
ord5007
ord5003
ord5001
ord5030
ord14
ord4
ord10
ord7
ord11
ord6
ord22
ord27
ord13
ord20
ord24
ord3
ord12
ord9
ord67
ord68
ord5304
ord5344
ord5305
ord5308
ord5307
ord5345
ord5306
ord84
ord2
ord5311
ord38
ord40
ord72
ord83
ord5324
ord71
ord5339
ord1082
ord5209
ord5337
ord5275
ord5312
ord5315
ord73
ord5254
ord1083
ord64
ord5314
ord75
ord5264
ord5270
ord651
ord5035
ord5037
ord5036
ord5034
ord5038
ord5260
ord5262
ord5265
ord5277
ord5331
ord5263
ord5280
ord5256
ord5251
ord5267
ord5278
ord18

gdi32

GetStockObject

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 852KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5e8fc2089d34d2c4207370e68ad1b51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

54:02:9f:41:f6:3a:52:88:34:d3:60:39:87:19:92:95Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

80:14:b6:3d:7b:2f:b5:e7:72:5c:93:a4:35:18:3a:27:7a:fa:9e:08:29:fb:59:f0:42:c7:fa:1d:51:9f:53:c0Signer

Signature Validations

Verification

24/01/2018, 07:31 Valid: false

Headers

File Characteristics

Imports

steam_api

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

winmm

d3d9

xinput1_3

dinput8

dsound

wmvcore

avifil32

msvfw32

xlive

gdi32

ole32

oleaut32

Sections

.text Size: 11.3MB - Virtual size: 11.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 852KB - Virtual size: 1.8MB

.rsrc Size: 741KB - Virtual size: 740KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

54:02:9f:41:f6:3a:52:88:34:d3:60:39:87:19:92:95
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

80:14:b6:3d:7b:2f:b5:e7:72:5c:93:a4:35:18:3a:27:7a:fa:9e:08:29:fb:59:f0:42:c7:fa:1d:51:9f:53:c0
Signer

24/01/2018, 07:31
Valid: false

.text
Size: 11.3MB - Virtual size: 11.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 852KB - Virtual size: 1.8MB

.rsrc
Size: 741KB - Virtual size: 740KB