General

Malware Config

Signatures

Files

• LDPlayer-Dump.rar

  .7z
• LDPLayer.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Code Sign

  1b:e7:15

  Certificate

  Issuer

  OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

  Not Before

  01-01-2014 07:00

  Not After

  30-05-2031 07:00

  Subject

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  10-05-2010 00:00

  Not After

  10-05-2015 23:59

  Subject

  CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  07

  Certificate

  Issuer

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  c1:a3:91:d6:4c:66

  Certificate

  Issuer

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  13-10-2014 03:25

  Not After

  13-10-2015 03:25

  Subject

  CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  a6:3a:b4:66:5a:d1:89:a0:bf:a5:91:a6:c0:1c:14:f7:da:05:3b:3b

  Signer

  Actual PE Digest

  a6:3a:b4:66:5a:d1:89:a0:bf:a5:91:a6:c0:1c:14:f7:da:05:3b:3b

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

  19-10-2014 02:25

  Valid: true

  Chain 1

  CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Chain 2

  CN=Murray Hurps Software Pty Ltd,O=Murray Hurps Software Pty Ltd,L=Box Hill,ST=New South Wales,C=AU

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 361KB - Virtual size: 360KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• RealO/DscCore.dll

  .dll windows x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Sections

  .rsrc

  Size: 49KB - Virtual size: 49KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• RealO/ODBC.INI
• RealO/ODBCINST.INI
• RealO/PFRO.log
• RealO/PSDSCFileDownloadManagerEvents.dll

  .dll windows x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Sections

  .rsrc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• RealO/en-US/DscCoreR.dll.mui

  .dll windows x86

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .rsrc

  Size: 23KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• RealO/en-US/PSDSCFileDownloadManagerEvents.dll.mui

  .dll windows x86

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .rsrc

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• RealO/eulaLic.docx

  .html