Wow[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Wow.exe
Size

7.3MB
MD5

45892bdedd0ad70aed4ccd22d9fb5984
SHA1

178f78380affd260cb775d44397ba6b33ac05fdb
SHA256

aa63a5750d60ef16746c686b3d5e26876d98953eab08b1c026cd0faf78e88cb8
SHA512

bc67f85d7935016abca7ea5a79254b9b1406532be2d7941154423382313b2bb1604bb7bf2ce716632811415cff2e9ce2897b45754f035df8f2eddfe977ee8b0b
SSDEEP

98304:DSWhGvPwsP+Wc36vu00ovRwqZPNprDlYtUb17TLFdGr4QtT+W50hlm:DfgTyovRwqZPNB9b1S4Ql+m

Score

1^/10

Malware Config

Signatures

Files

Wow.exe
.exe windows x86

b7fc31b6422013c5f943a1da91692ed3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:71:5b:33:47:bc:57:b2:5c:66:b3:42:02:f4:a1:a0
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

08/01/2010, 00:00

Not After

05/12/2011, 23:59

Subject

CN=Blizzard Entertainment\, Inc.,OU=TECHNICAL SUPPORT,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

06:0a:b3:7b:48:61:32:ed:37:8c:51:cc:d6:35:07:0d:c1:56:5e:0e
Signer

Actual PE Digest

06:0a:b3:7b:48:61:32:ed:37:8c:51:cc:d6:35:07:0d:c1:56:5e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Blizzard Entertainment\, Inc.,OU=TECHNICAL SUPPORT,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

25/06/2010, 07:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetTimeZoneInformation
GetConsoleOutputCP
DeleteCriticalSection
OpenFile
DeviceIoControl
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
WriteConsoleA
WaitForMultipleObjectsEx
WriteFileEx
ReadFileEx
GetOverlappedResult
CancelIo
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsAlloc
RtlUnwind
SetStdHandle
GetFileType
SetHandleCount
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
ConvertThreadToFiber
CreateFiberEx
DeleteFiber
GetDateFormatA
GetTimeFormatA
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
GetLocaleInfoA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
HeapSize
Sleep
VirtualQuery
UnmapViewOfFile
GetDriveTypeA
ExitThread
GetFullPathNameA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
VirtualProtect
LocalFree
FlushInstructionCache
GetQueuedCompletionStatus
CreateIoCompletionPort
GetCommandLineW
GlobalMemoryStatusEx
GetPriorityClass
SetPriorityClass
IsBadWritePtr
OpenThread
SuspendThread
GetThreadContext
Thread32First
Thread32Next
lstrcpynA
IsBadReadPtr
MulDiv
SwitchToFiber
GetSystemInfo
SetEvent
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GlobalMemoryStatus
ResumeThread
TerminateThread
SetThreadPriority
GetThreadPriority
GetProcessAffinityMask
SignalObjectAndWait
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
SizeofResource
LockResource
LoadResource
FindResourceExA
QueryPerformanceFrequency
Module32First
Module32Next
GetDiskFreeSpaceA
ReadFile
CreateThread
GetFileAttributesExA
GetFileSize
GetFileAttributesA
MoveFileA
DeleteFileA
CreateEventA
OpenEventA
GetComputerNameA
GetTempPathA
CreateToolhelp32Snapshot
SetThreadAffinityMask
WaitForSingleObjectEx
CreateProcessA
DuplicateHandle
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceExA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
SetEndOfFile
SetFileAttributesA
SetFileTime
ResetEvent
WaitForMultipleObjects
SetProcessAffinityMask
GetLocalTime
FormatMessageA
GetExitCodeProcess
GetVersion
OutputDebugStringA
CreateMutexA
ReleaseMutex

opengl32

glGenTextures
glEnable
glTexParameteri
glReadPixels
wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext
glBindTexture
glTexImage2D
glDeleteTextures
glDisable
glGetError
glGetIntegerv
glGetString
glCopyTexSubImage2D
glCopyTexImage2D
wglGetCurrentDC
glCullFace
glBlendFunc
glMatrixMode
glPolygonOffset
wglGetCurrentContext
glColorPointer
glTexCoordPointer
glScissor
glClipPlane
glPolygonMode
glViewport
glDepthRange
glDepthMask
glColorMask
glTexGeni
glNormalPointer
glVertexPointer
glLightf
glLightfv
glLightModelfv
glColor4fv
glMaterialfv
glLoadIdentity
glLoadMatrixf
glFogf
glFogi
glPixelStorei
glColorMaterial
glLightModeli
glTexGenfv
glPointSize
glFrontFace
glDepthFunc
glFogfv
glAlphaFunc
glMaterialf
glTexSubImage2D
glClear
glClearColor
wglSwapLayerBuffers
glFinish
glDrawArrays
glDrawElements
glLineWidth
glTexEnviv
glHint
glTexEnvi
glTexEnvf
glTexEnvfv
glEnableClientState
glDisableClientState
glGetFloatv

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imm32

ImmGetConversionStatus
ImmGetContext
ImmGetCompositionStringA
ImmAssociateContext
ImmSetConversionStatus
ImmAssociateContextEx
ImmNotifyIME
ImmGetCandidateListA
ImmReleaseContext

wininet

InternetReadFileExA
InternetCloseHandle
HttpQueryInfoA
InternetSetOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetSetCookieA
HttpOpenRequestA
InternetCrackUrlA
InternetSetStatusCallback
InternetSetStatusCallbackA

ws2_32

WSACancelAsyncRequest
WSAAsyncGetHostByName
WSACleanup
accept
select
WSAGetLastError
WSAStartup
setsockopt
getsockopt
socket
closesocket
__WSAFDIsSet
connect
listen
bind
htons
htonl
gethostbyname
ntohs
getsockname
recv
getpeername
send
inet_addr
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
sendto
recvfrom
inet_ntoa
ioctlsocket

dinput8

DirectInput8Create

user32

GetParent
CloseClipboard
OpenClipboard
SetCapture
GetForegroundWindow
MessageBeep
GetKeyState
FillRect
IsDialogMessageA
TranslateAcceleratorA
GetKeyboardLayout
EmptyClipboard
SendInput
SystemParametersInfoA
GetAsyncKeyState
ClientToScreen
InvertRect
VkKeyScanA
DrawTextExA
CharLowerBuffA
GetDesktopWindow
GetActiveWindow
PostMessageA
IsIconic
IsZoomed
PostQuitMessage
SetFocus
KillTimer
SetTimer
WaitForInputIdle
MapVirtualKeyA
LoadBitmapA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
IsWindow
IsWindowVisible
MessageBoxA
LoadStringA
SetCursor
GetCursorPos
ScreenToClient
GetClientRect
LoadImageA
LoadCursorA
MapWindowPoints
BeginPaint
EndPaint
AdjustWindowRectEx
GetSystemMetrics
ShowWindow
ChangeDisplaySettingsExA
SetWindowPos
GetWindowRect
ClipCursor
GetWindowPlacement
SendMessageA
MoveWindow
SetClipboardData
ReleaseCapture
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetDC
ReleaseDC
DestroyWindow
UnregisterClassA
EnumDisplaySettingsA
EnumDisplayDevicesA
MonitorFromPoint
GetMonitorInfoA
MsgWaitForMultipleObjects

gdi32

ChoosePixelFormat
CreateBitmap
TranslateCharsetInfo
GetStockObject
SelectObject
DeleteObject
SetBkColor
GetDeviceGammaRamp
CreateSolidBrush
SetBkMode
GetPixelFormat
SetDeviceGammaRamp
DescribePixelFormat
SetTextColor
SetPixelFormat
DeleteDC
StretchBlt
BitBlt
CreateCompatibleDC
OffsetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
CreateRectRgn
Rectangle
CreateFontIndirectA
GetObjectA
SetMapMode
GdiFlush
CreateDIBSection

advapi32

CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegEnumKeyA
CryptGenRandom
CryptAcquireContextA
RegOpenKeyA

shell32

FindExecutableA
ShellExecuteA

divxdecoder

SetOutputFormat
DivxDecode
UnInitializeDivxDecoder
InitializeDivxDecoder

winmm

waveOutPrepareHeader
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutOpen
waveOutClose
waveOutGetDevCapsA
timeKillEvent
timeSetEvent
mciSendCommandA
timeGetTime

msacm32

acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmFormatSuggest
acmStreamOpen

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

hid

HidD_GetSerialNumberString
HidD_GetHidGuid
HidD_SetFeature
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetCaps
HidD_GetProductString
HidD_FreePreparsedData

ole32

PropVariantClear
CoCreateInstance
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoInitialize

Exports

Exports

AssertAndCrash

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 858KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 483KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7fc31b6422013c5f943a1da91692ed3

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7b:71:5b:33:47:bc:57:b2:5c:66:b3:42:02:f4:a1:a0Certificate

Extended Key Usages

06:0a:b3:7b:48:61:32:ed:37:8c:51:cc:d6:35:07:0d:c1:56:5e:0eSigner

Signature Validations

Verification

25/06/2010, 07:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

opengl32

version

imm32

wininet

ws2_32

dinput8

user32

gdi32

advapi32

shell32

divxdecoder

winmm

msacm32

setupapi

hid

ole32

Exports

Exports

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.rdata Size: 858KB - Virtual size: 857KB

.data Size: 483KB - Virtual size: 3.1MB

.zdata Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 167KB - Virtual size: 166KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7b:71:5b:33:47:bc:57:b2:5c:66:b3:42:02:f4:a1:a0
Certificate

06:0a:b3:7b:48:61:32:ed:37:8c:51:cc:d6:35:07:0d:c1:56:5e:0e
Signer

25/06/2010, 07:21
Valid: false

.text
Size: 5.9MB - Virtual size: 5.9MB

.rdata
Size: 858KB - Virtual size: 857KB

.data
Size: 483KB - Virtual size: 3.1MB

.zdata
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 167KB - Virtual size: 166KB