PlantsVsZombies_20110922_EN_3_1[.]exe

Resubmissions

11/03/2023, 22:09

230311-12545sdc8z 7

11/03/2023, 22:05

230311-1zv66adc8w 8

Sharing

Copy URL Twitter E-mail

General

Target

PlantsVsZombies_20110922_EN_3_1.exe
Size

40.7MB
MD5

de23cdebf6842a725646c5bfa31ad38c
SHA1

f65a99a478d44d2f0a660fc7b8cb6110ca2363f5
SHA256

ee276706679fa28fd0310cca7bcd35ff8d4fdeb9335affdd9555bf491ee39995
SHA512

bb6ec6f09b36c9fcf422b9871e16b4fc217f6adae1cd785a48dada3f04bafb2d9f3de6bf9acbe259f1146ae6a59ade62c5833eeb0b9c526c02fa0c876603dab6
SSDEEP

786432:l+0cfpUPJLcBxRcY6eqbxAbZ5se/n+bUw+VJTdwIuCbFXTG:l+0BcDR/jVbLse/gBMF/E

Score

1^/10

Malware Config

Signatures

Files

PlantsVsZombies_20110922_EN_3_1.exe
.exe windows x86

5ed716f11736e6213b137c0ffeeb36d9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:f0:be:25:f0:28:bf:ed:b5:bd:f0:ce:5c:7a:9e:26
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/09/2009, 00:00

Not After

20/09/2012, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:52:4b:fc:62:4b:5a:c2:14:63:a2:ee:d4:45:90:ca:13:f3:b9:ca
Signer

Actual PE Digest

b4:52:4b:fc:62:4b:5a:c2:14:63:a2:ee:d4:45:90:ca:13:f3:b9:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

21/09/2011, 22:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetModuleFileNameA
GetModuleHandleA
GetVersionExA
LocalFree
DeleteFileA
CreateThread
LoadLibraryW
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
InterlockedDecrement
FindFirstFileW
LoadLibraryExW
FindClose
FindNextFileW
ExpandEnvironmentStringsW
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetFileAttributesA
IsValidCodePage
GetOEMCP
GetACP
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetHandleCount
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetFileType
VirtualAlloc
VirtualFree
HeapCreate
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
RaiseException
LoadLibraryA
ResetEvent
CopyFileA
GetProcAddress
GetLastError
CreateDirectoryA
MultiByteToWideChar
MulDiv
GetExitCodeProcess
CreateEventA
Sleep
TerminateThread
OpenProcess
GetWindowsDirectoryA
SetEvent
GetTickCount
WaitForSingleObject
GetCurrentProcess
FreeLibrary
GetSystemDirectoryA
WideCharToMultiByte
LocalFileTimeToFileTime
CloseHandle
SetFileAttributesA
SetFileTime
CreateFileA
DosDateTimeToFileTime
RemoveDirectoryA
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleW
ResumeThread
ExitThread
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindNextFileA
FindFirstFileA
CreateFileW
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection

user32

EndDeferWindowPos
DestroyIcon
SetWindowTextW
DialogBoxParamA
EnableWindow
MapWindowPoints
LoadStringW
FindWindowA
GetWindowThreadProcessId
SetWindowLongA
CharLowerA
EndPaint
GetClassNameA
SetTimer
GetWindowRect
SendDlgItemMessageA
FillRect
DrawTextW
KillTimer
DrawTextA
DrawIconEx
DialogBoxParamW
GetClientRect
SendMessageA
RegisterWindowMessageA
BeginPaint
GetDC
DrawFocusRect
GetWindowTextA
GetWindowLongA
GetWindowTextW
CreateWindowExA
GetClassNameW
ReleaseDC
IsWindowUnicode
GetDlgItem
EndDialog
GetDesktopWindow
GetSysColor
SetWindowPos
EnumChildWindows
ShowWindow
GetSysColorBrush
IsDlgButtonChecked
IsWindow
PostMessageA
AdjustWindowRectEx
DeferWindowPos
MessageBoxW
BeginDeferWindowPos
GetSystemMetrics
SetWindowTextA
LoadImageA
SendMessageW

gdi32

GetTextExtentPoint32W
SetTextColor
DeleteDC
CreateFontA
GetDeviceCaps
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontW
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
BitBlt

advapi32

RegCreateKeyExA
RegQueryValueExA
RegDeleteKeyA
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
SHChangeNotify

ole32

CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5ed716f11736e6213b137c0ffeeb36d9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

60:f0:be:25:f0:28:bf:ed:b5:bd:f0:ce:5c:7a:9e:26Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

b4:52:4b:fc:62:4b:5a:c2:14:63:a2:ee:d4:45:90:ca:13:f3:b9:caSigner

Signature Validations

Verification

21/09/2011, 22:11 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 31KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

60:f0:be:25:f0:28:bf:ed:b5:bd:f0:ce:5c:7a:9e:26
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b4:52:4b:fc:62:4b:5a:c2:14:63:a2:ee:d4:45:90:ca:13:f3:b9:ca
Signer

21/09/2011, 22:11
Valid: false

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 31KB - Virtual size: 31KB