exe[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

exe.rar
Size

39.0MB
MD5

2671152aebc9cdff2fd2fb4baa2398cc
SHA1

bda8270069c7e6bbf94778ace8d4689a91c82185
SHA256

7bac4bde974463d259fdc46d61231d891aa107415eedfcf32cdbcec1e258b16d
SHA512

160ae6298196271d11d0059e7873a3f5e315617d5a75e0e62e68a79e769a0efc083b3bac46be87943104b90dc6e687bbcba0c5c1afb00c6e5c0f249ba1b20420
SSDEEP

786432:SlINyMHujfc5cLlMfcNvBuwWndGHimD40Zm3niTcbJMNH:7keujfca2fcNvBuwWndZqsniwlMNH

Score

N/A

Malware Config

Signatures

Files

exe.rar
.rar
LauncherFenix-Java-8u51-Windows-x64.exe
.exe windows x64

a23751c22082fd810661b62322b99b1d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-04-2015 00:00

Not After

13-04-2018 23:59

Subject

CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:c7:f3:5c:8d:66:d6:a3:08:37:fe:d1:be:b5:ad:83:f2:d2:10:39
Signer

Actual PE Digest

46:c7:f3:5c:8d:66:d6:a3:08:37:fe:d1:be:b5:ad:83:f2:d2:10:39

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

09-06-2015 02:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoCreateGuid
CoInitialize
CoUninitialize
OleRun
OleSetContainedObject
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoCreateInstance

shell32

SHGetPathFromIDListA
SHGetFolderLocation
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathA
FindExecutableA
SHBrowseForFolderA

wininet

InternetCrackUrlA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
InternetErrorDlg
HttpSendRequestA
InternetOpenA

comctl32

InitCommonControlsEx

kernel32

InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
MulDiv
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
EnterCriticalSection
GlobalFree
LockResource
GlobalHandle
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetCurrentThreadId
FindResourceW
CreateDirectoryA
DeleteFileA
lstrcpyA
CreateFileA
lstrcpynA
Process32First
WriteFile
GetSystemDirectoryA
lstrcatA
Process32Next
CreateToolhelp32Snapshot
CloseHandle
GetTempPathA
GetTickCount
CreateEventA
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
ReadFile
LoadLibraryA
OpenProcess
Sleep
CreateFileW
FileTimeToSystemTime
WaitForSingleObject
FormatMessageA
GetExitCodeProcess
CreateProcessA
LocalAlloc
ExitProcess
GetLocaleInfoA
SetDllDirectoryA
HeapReAlloc
WideCharToMultiByte
FindClose
LoadLibraryExW
GetNativeSystemInfo
GetSystemWow64DirectoryA
GetVersionExW
FormatMessageW
GetLocalTime
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
MoveFileExA
GetFileAttributesA
RemoveDirectoryA
PeekNamedPipe
SetHandleInformation
CreatePipe
OpenThread
GetExitCodeThread
SetEvent
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
SetFilePointer
LoadLibraryW
GetModuleHandleExA
CreateMutexA
ReleaseMutex
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStartupInfoW
GetSystemTimeAsFileTime
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetConsoleCP
GlobalAlloc
GetCommandLineA
GlobalLock
GetCurrentProcess
LoadResource
GetConsoleMode
CreateDirectoryW
GetFullPathNameW
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
ExitThread
CreateThread
GetCPInfo
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
FreeLibrary
lstrlenA
lstrcmpA
FindResourceA
GetCommandLineW
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSize
GetLocaleInfoW
GetModuleHandleW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
InitializeCriticalSection
DecodePointer
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetACP
GetOEMCP
IsValidCodePage
GetCurrentDirectoryW
GetFileInformationByHandle
SetEndOfFile
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
TerminateProcess
EncodePointer

user32

GetMessageA
PostQuitMessage
TranslateMessage
GetAncestor
DispatchMessageA
GetWindowRect
GetWindowLongPtrW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
AdjustWindowRectEx
SetWindowLongPtrW
SetWindowTextW
GetDialogBaseUnits
DefWindowProcW
GetWindowThreadProcessId
GetSystemMenu
EnableMenuItem
PostMessageA
LoadImageA
GetTopWindow
SetForegroundWindow
CheckDlgButton
IsDlgButtonChecked
MapDialogRect
LoadBitmapA
SetWindowContextHelpId
EndDialog
ShowWindow
EnableWindow
GetDlgCtrlID
SetRect
IsWindowVisible
MapWindowPoints
EndPaint
ClientToScreen
DestroyWindow
GetClassNameA
DestroyAcceleratorTable
GetWindowTextW
GetWindowLongPtrA
RegisterClassExA
FillRect
IsChild
GetClassInfoExA
SetCapture
LoadStringA
GetFocus
GetParent
InvalidateRgn
wsprintfA
CharNextA
GetClientRect
SetFocus
GetWindowTextLengthA
SendMessageA
RegisterWindowMessageA
BeginPaint
GetDC
CreateDialogIndirectParamA
GetWindowTextA
SetWindowLongA
MessageBoxA
CreateAcceleratorTableA
GetWindowLongA
CreateWindowExA
ReleaseDC
GetDlgItem
DefWindowProcA
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
GetActiveWindow
SetWindowLongPtrA
IsWindow
ReleaseCapture
SetWindowTextA
CallWindowProcA
DialogBoxIndirectParamA
LoadCursorA
GetWindow
MoveWindow
EnumWindows
DrawTextW
LoadStringW
DispatchMessageW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
PeekMessageA
GetMessageW
UnregisterClassA
ScreenToClient
InvalidateRect

advapi32

RegSetValueExA
RegQueryInfoKeyW
RegDeleteKeyA
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetTokenInformation
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GetWindowsAccountDomainSid
CreateWellKnownSid
CryptReleaseContext
CryptGetHashParam
RegOpenKeyA
RegOpenCurrentUser
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
CryptAcquireContextA

oleaut32

SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
SysFreeString
LoadRegTypeLi
VariantCopy
VariantChangeType
SysAllocString

shlwapi

PathAppendA

gdi32

DeleteDC
BitBlt
GetDeviceCaps
DeleteObject
SelectObject
StretchBlt
SetDIBColorTable
CreateDIBSection
SetTextColor
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SetBkMode
CreateSolidBrush
GetStockObject

gdiplus

GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup

crypt32

CryptStringToBinaryA
CryptUnprotectData
CryptBinaryToStringA
CryptProtectData

msi

ord137
ord141
ord168
ord87

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

rpcrt4

RpcStringFreeA
UuidToStringA

Sections

.text
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40.3MB - Virtual size: 40.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LauncherFenix-Minecraft-v7.exe
.exe windows x86

c6e51dda1622035b42b177c9afe67c30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
InitializeCriticalSection
LeaveCriticalSection
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_strdup
_stricoll
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_errno
_findclose
_findfirst
_findnext
_fullpath
_iob
_itoa
_onexit
_open
_read
_setmode
_stat64
_stricmp
abort
atexit
atoi
calloc
fclose
fopen
fprintf
fputs
free
fwrite
isspace
malloc
mbstowcs
memcpy
printf
puts
realloc
setlocale
signal
strcat
strchr
strcmp
strcoll
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok
tolower
vfprintf
wcstombs

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a23751c22082fd810661b62322b99b1d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

46:c7:f3:5c:8d:66:d6:a3:08:37:fe:d1:be:b5:ad:83:f2:d2:10:39Signer

Signature Validations

Verification

09-06-2015 02:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

comctl32

kernel32

user32

advapi32

oleaut32

shlwapi

gdi32

gdiplus

crypt32

msi

version

rpcrt4

Sections

.text Size: 618KB - Virtual size: 618KB

.rdata Size: 247KB - Virtual size: 246KB

.data Size: 23KB - Virtual size: 35KB

.pdata Size: 29KB - Virtual size: 28KB

.rsrc Size: 40.3MB - Virtual size: 40.3MB

.reloc Size: 23KB - Virtual size: 23KB

c6e51dda1622035b42b177c9afe67c30

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 16B

.rdata Size: 2KB - Virtual size: 2KB

.eh_fram Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 35KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 296KB - Virtual size: 296KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

46:c7:f3:5c:8d:66:d6:a3:08:37:fe:d1:be:b5:ad:83:f2:d2:10:39
Signer

09-06-2015 02:06
Valid: false

.text
Size: 618KB - Virtual size: 618KB

.rdata
Size: 247KB - Virtual size: 246KB

.data
Size: 23KB - Virtual size: 35KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 40.3MB - Virtual size: 40.3MB

.reloc
Size: 23KB - Virtual size: 23KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 2KB - Virtual size: 2KB

.eh_fram
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 296KB - Virtual size: 296KB