AmazonGamesSetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AmazonGamesSetup.exe
Size

1.9MB
MD5

30cbb7176e5eff6db09b9ac58e2d0087
SHA1

383b8b1f5517c856df40eee799ab19689e7bbbbd
SHA256

9dbb71cb9c4bcad710768db6493317ccf31702a6023aed8700209667f0fae547
SHA512

0a9d5998b9719511e75eae2bb331905916e4173b927a0c6afbf633cedfd70d8bc7296042f28df6e3c790e93b040d78c39028c4888f4be783dd54f8059bfdeab9
SSDEEP

24576:sDUW1tZ9acyP1u1IvMq6t7ErjjHgTc52fIgR0G42TD6Fy8PwjLXIG:+vby9u1wj6t7ErjjAQQfIgRX61oXIG

Score

1^/10

Malware Config

Signatures

Files

AmazonGamesSetup.exe
.exe windows x86

31a77ed5e329ba19fdb07b4dafa4601f

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:07:5f:d5:68:64:06:4a:b9:a1:98:cc:a0:e3:45:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/12/2021, 00:00

Not After

03/01/2023, 23:59

Subject

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:f6:f2:3b:b4:eb:40:77:27:4d:6b:48:67:9c:bd:a1:a7:81:54:d3:a0:6d:64:88:96:15:f4:60:c7:b1:f3:95
Signer

Actual PE Digest

74:f6:f2:3b:b4:eb:40:77:27:4d:6b:48:67:9c:bd:a1:a7:81:54:d3:a0:6d:64:88:96:15:f4:60:c7:b1:f3:95

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

19/07/2022, 20:28
Valid: true

Chain 1

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=3482342,CN=Amazon.com Services LLC,OU=Amazon Game Studios,O=Amazon.com Services LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameW
SetFileAttributesW
SetThreadPriority
GetCurrentThread
SetFilePointerEx
MoveFileExW
CreateMutexA
GetDynamicTimeZoneInformation
SystemTimeToFileTime
CopyFileW
GetSystemTime
LoadLibraryExA
FreeLibrary
GetTickCount64
QueryPerformanceCounter
GetDiskFreeSpaceExA
LocaleNameToLCID
WideCharToMultiByte
GlobalMemoryStatusEx
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
OutputDebugStringW
HeapDestroy
DecodePointer
GetOverlappedResult
GetCurrentDirectoryW
HeapAlloc
CreateThread
RaiseException
HeapReAlloc
Process32FirstW
QueryPerformanceFrequency
LoadLibraryA
GetDiskFreeSpaceExW
Process32NextW
FormatMessageW
ProcessIdToSessionId
MultiByteToWideChar
CreateEventW
CreateToolhelp32Snapshot
HeapSize
OpenProcess
GetModuleHandleA
ReleaseMutex
GetVersionExW
GetLocaleInfoW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
SetFilePointer
GetUserDefaultUILanguage
GetLocaleInfoEx
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetSystemDefaultUILanguage
GetStdHandle
HeapFree
GetFileSizeEx
ReadFile
CreateDirectoryW
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
CloseHandle
DeleteFileW
GetLastError
Sleep
GetCurrentThreadId
CreateFileW
WaitForSingleObject
WriteFile
GetCurrentProcess
GetExitCodeThread
GetCommandLineW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetLastError
GetThreadTimes
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetNativeSystemInfo
LocalFree
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
AreFileApisANSI
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedPushEntrySList
VirtualAlloc
VirtualProtect
RtlUnwind
ExitThread
GetFileType
WriteConsoleW
GetSystemInfo
VirtualQuery

user32

PostMessageW
ShowWindow
EnumWindows
IsIconic
GetWindowTextW
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
GetWindowThreadProcessId
ReleaseCapture
UpdateWindow
SystemParametersInfoW
PostQuitMessage
DrawIconEx
DrawTextW
UpdateLayeredWindow
SetCapture
LoadCursorW
TranslateMessage
TrackMouseEvent
MessageBoxExW
SetTimer
PeekMessageW
RegisterClassExW
GetSystemMetrics
GetIconInfo
CreateWindowExW
SetWindowPos
GetDC
DefWindowProcW
GetWindowRect
FindWindowW
SetForegroundWindow
InvalidateRect
DispatchMessageW

comdlg32

GetSaveFileNameW

advapi32

AccessCheck
GetSecurityDescriptorOwner
GetFileSecurityW
DuplicateToken
MapGenericMask
GetTokenInformation
RegQueryValueExW
LookupAccountSidW
GetUserNameW
GetLengthSid
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
EqualSid
GetSidSubAuthorityCount
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteA
SHParseDisplayName
SHGetFolderPathW
SHCreateShellItem
CommandLineToArgvW

ole32

CoCreateGuid
CoInitializeEx
StringFromCLSID
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

winhttp

WinHttpOpen
WinHttpConnect
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

UnloadUserProfile

rpcrt4

UuidCreate

msimg32

AlphaBlend

gdi32

GdiFlush
CreateCompatibleDC
DeleteDC
TextOutW
CreateDIBitmap
CreateFontW
StretchBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreatePen
Rectangle
GetObjectW
SetStretchBltMode
DeleteObject
RoundRect
CreateSolidBrush

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31a77ed5e329ba19fdb07b4dafa4601f

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:07:5f:d5:68:64:06:4a:b9:a1:98:cc:a0:e3:45:31Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

74:f6:f2:3b:b4:eb:40:77:27:4d:6b:48:67:9c:bd:a1:a7:81:54:d3:a0:6d:64:88:96:15:f4:60:c7:b1:f3:95Signer

Signature Validations

Verification

19/07/2022, 20:28 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

winhttp

version

userenv

rpcrt4

msimg32

gdi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 152KB - Virtual size: 187KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 80KB - Virtual size: 80KB

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:07:5f:d5:68:64:06:4a:b9:a1:98:cc:a0:e3:45:31
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

74:f6:f2:3b:b4:eb:40:77:27:4d:6b:48:67:9c:bd:a1:a7:81:54:d3:a0:6d:64:88:96:15:f4:60:c7:b1:f3:95
Signer

19/07/2022, 20:28
Valid: true

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 152KB - Virtual size: 187KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 80KB - Virtual size: 80KB