bluescreenview-x64[.]zip

Resubmissions

Sharing

Copy URL Twitter E-mail

General

Target

bluescreenview-x64.zip
Size

83KB
MD5

e3a494133b25553b3835397c9adcc502
SHA1

6b4484a300da934a351f2ffb8147ba5501e8ef42
SHA256

df57d4c9418dd2771035f2f7b70952caeb20d2269af683a0ab0665125c821479
SHA512

3568d0fb1c4a92a72a2f0773aac4c2f6c54acd5068576a30834ec6260240006919edc4dc5700cd61dffcf7e3ae8bccb2e30cba8b814f76a06163270f40e07f20
SSDEEP

1536:a6hZSji4jVS8mj3qtWJt1WrXSm/X3yD3g7yK/I8lR/2y5BGpOdE5je2J/iy1f:a6Eimp0MTN/Qg7bjl5tGpr3tiq

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/BlueScreenView.exe	Nirsoft

Files

bluescreenview-x64.zip
.zip
BlueScreenView.chm
.chm
BlueScreenView.exe
.exe windows x64

560c2b0021e5c85591d13a11400a7794

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:50:e8:b7:53:f7:1d:43:6b:44:a2:b9:66:33:09:34:4b:2a:d0:fb
Signer

Actual PE Digest

61:50:e8:b7:53:f7:1d:43:6b:44:a2:b9:66:33:09:34:4b:2a:d0:fb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

29/01/2015, 08:12
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
__setusermatherr
__C_specific_handler
_onexit
__dllonexit
strlen
qsort
_wcslwr
memmove
wcstoul
wcsrchr
_commode
_fmode
__set_app_type
_XcptFilter
wcscmp
malloc
_memicmp
free
modf
memcmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
_wcsicmp
wcschr
_itow
_purecall
_wtoi
wcscpy
memset
wcsncat
wcscat
_snwprintf

comctl32

ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GlobalFree
ReadProcessMemory
ExitProcess
GetCurrentProcessId
DeleteFileW
CreateProcessW
SetErrorMode
WaitForSingleObject
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetCurrentProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GetProcAddress
WritePrivateProfileStringW
FindResourceW
GetModuleFileNameW
ReadFile
CompareFileTime
CloseHandle
GetWindowsDirectoryW
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
GetFileSize
LoadLibraryW
FileTimeToSystemTime
FreeLibrary
SystemTimeToFileTime
GetDriveTypeW
GetLogicalDrives
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
LoadResource
LocalFree
GlobalAlloc
MultiByteToWideChar
LoadLibraryExW
lstrlenW
lstrcpyW
GetNumberFormatW
LockResource
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetLocaleInfoW
GetDateFormatW
GlobalLock
SizeofResource
GetTempFileNameW
GetLastError
FormatMessageW
GetVersionExW
FindNextFileW
FindFirstFileW
GetModuleHandleW
SetFilePointer
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile

user32

ReleaseCapture
FillRect
SetCapture
DrawTextExW
SetWindowTextA
IsDialogMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
DeferWindowPos
CreateWindowExW
GetMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadImageW
PeekMessageW
DispatchMessageW
LoadIconW
TranslateMessage
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetSubMenu
GetClassNameW
OpenClipboard
MoveWindow
GetMenuItemCount
CheckMenuItem
CheckMenuRadioItem
GetMenuStringW
GetCursorPos
SetClipboardData
GetSysColor
ScreenToClient
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
GetParent
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetWindowTextW
GetFocus
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
SendDlgItemMessageW

gdi32

SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
PatBlt
CreateSolidBrush
SelectObject

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetFileInfoW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

560c2b0021e5c85591d13a11400a7794

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

61:50:e8:b7:53:f7:1d:43:6b:44:a2:b9:66:33:09:34:4b:2a:d0:fbSigner

Signature Validations

Verification

29/01/2015, 08:12 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 21KB - Virtual size: 21KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

61:50:e8:b7:53:f7:1d:43:6b:44:a2:b9:66:33:09:34:4b:2a:d0:fb
Signer

29/01/2015, 08:12
Valid: false

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 21KB - Virtual size: 21KB