HeavyWeapon[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HeavyWeapon.exe
Size

1.5MB
MD5

a8aef11e2fff7d7f30f7eb1ba2cdf5d8
SHA1

a7e46176e4ac5d40d875a155312f415dcf1532cf
SHA256

ec7f5785636eb791373f525e02aa075c6e101020bf2f047a2376c225493f968b
SHA512

68c7a23832277c77c27ea123428654d78b1e3e5adb6d31316aba4919a004d8c0aeb1201b3644711e770bfdaa67e53ebfd0df64dca993d241960fca2155d8521f
SSDEEP

49152:8Vz5xIQkEAx84oQhAetZNN0XkgbwF46U8qMZk:r7x84oS70NMq

Score

N/A

Malware Config

Signatures

Files

HeavyWeapon.exe
.exe windows x86

a3ad2ded74c515104b2d72d0a7ab9d39

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:f0:be:25:f0:28:bf:ed:b5:bd:f0:ce:5c:7a:9e:26
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/09/2009, 00:00

Not After

20/09/2012, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9a:68:fe:c0:50:d4:92:01:64:7f:7a:ea:3f:92:4a:a6:e9:ec:45:4c
Signer

Actual PE Digest

9a:68:fe:c0:50:d4:92:01:64:7f:7a:ea:3f:92:4a:a6:e9:ec:45:4c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

24/06/2010, 16:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
SetCurrentDirectoryA
Sleep
FreeLibrary
GetTickCount
GetProcAddress
LoadLibraryA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
SetThreadPriority
GetCurrentThread
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetCommandLineA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetModuleHandleA
GetLastError
CreateMutexA
GetCurrentThreadId
CloseHandle
InterlockedDecrement
MulDiv
SetUnhandledExceptionFilter
GetCurrentProcess
VirtualQuery
QueryPerformanceCounter
QueryPerformanceFrequency
GetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
IsBadWritePtr
VirtualProtect
SetErrorMode
GetWindowsDirectoryA
GetFileTime
CreateFileA
WideCharToMultiByte
GetLocaleInfoA
RtlUnwind
RaiseException
ExitProcess
HeapAlloc
GetStartupInfoA
ExitThread
TlsSetValue
TlsGetValue
ResumeThread
CreateThread
IsBadReadPtr
GetLocalTime
GetSystemTimeAsFileTime
TerminateProcess
HeapFree
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
HeapReAlloc
GetCPInfo
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
TlsFree
SetLastError
TlsAlloc
GetCurrentProcessId
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
GetSystemInfo
GetACP
GetOEMCP
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
lstrlenA
LocalFree
CopyFileA
InterlockedIncrement
DeleteFileA
RemoveDirectoryA

user32

EmptyClipboard
OpenClipboard
EndDialog
ReleaseDC
MoveWindow
GetClientRect
GetDC
SendMessageA
GetDlgItem
DialogBoxIndirectParamA
SetCapture
WindowFromPoint
GetWindowPlacement
DispatchMessageA
PeekMessageA
TranslateMessage
SetFocus
SetWindowTextA
GetWindowTextA
GetClipboardData
DefWindowProcA
EndPaint
BeginPaint
SetForegroundWindow
GetWindowLongA
GetWindowRect
IsWindowVisible
IsIconic
SetClipboardData
EnumWindows
EnumDisplaySettingsA
GetSystemMetrics
CreateCursor
SetWindowLongA
CreateWindowExA
RegisterClassA
LoadIconA
RegisterWindowMessageA
SetTimer
AdjustWindowRect
DestroyCursor
GetCursor
DrawTextExA
OffsetRect
GetMessageA
IsDialogMessageA
DrawTextA
FillRect
GetFocus
GetSysColor
GetSysColorBrush
GetDesktopWindow
SystemParametersInfoA
ShowWindow
CallNextHookEx
SetWindowsHookExA
CloseClipboard
MessageBoxA
SetCursor
ClientToScreen
LoadCursorA
ScreenToClient
ReleaseCapture
GetCursorPos
PostMessageA
ChangeDisplaySettingsA
UnhookWindowsHookEx
DestroyWindow

winmm

mixerSetControlDetails
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerClose
timeBeginPeriod
timeEndPeriod
PlaySoundA
timeGetTime

wsock32

select
WSACleanup
__WSAFDIsSet
WSAStartup
socket
recv
send
WSAGetLastError
connect
htons
gethostbyname
ioctlsocket
inet_ntoa
closesocket

gdi32

GetTextMetricsA
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkMode
IntersectClipRect
SetTextColor
TextOutA
GetDeviceCaps
CreateFontA
DeleteObject
CreateFontIndirectA
GetObjectA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3ad2ded74c515104b2d72d0a7ab9d39

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

60:f0:be:25:f0:28:bf:ed:b5:bd:f0:ce:5c:7a:9e:26Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

9a:68:fe:c0:50:d4:92:01:64:7f:7a:ea:3f:92:4a:a6:e9:ec:45:4cSigner

Signature Validations

Verification

24/06/2010, 16:43 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

winmm

wsock32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 224KB - Virtual size: 220KB

.data Size: 52KB - Virtual size: 284KB

.rsrc Size: 120KB - Virtual size: 117KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

60:f0:be:25:f0:28:bf:ed:b5:bd:f0:ce:5c:7a:9e:26
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

9a:68:fe:c0:50:d4:92:01:64:7f:7a:ea:3f:92:4a:a6:e9:ec:45:4c
Signer

24/06/2010, 16:43
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 224KB - Virtual size: 220KB

.data
Size: 52KB - Virtual size: 284KB

.rsrc
Size: 120KB - Virtual size: 117KB