iw6mp64_ship[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

iw6mp64_ship.exe
Size

38.1MB
MD5

54c7657a5b3635d23b07dcf349b64222
SHA1

2992088ec29c311047d143dc01e2719ad25f2823
SHA256

5a6a109ba846d83639cd7a146c46d936d4661c64ce9ef0c8a400e95458b31518
SHA512

0c2815aecc8cc546329755c1eb13c0e53101ef224f5668b57caf6987ea424c3b506a6b71c49a1fa78eaac8324c686e4a117a042fe866faa9045ab3a375491fa9
SSDEEP

786432:d+jrb37a+v7J6svyLbHrO5viNWQlSUIVX:dUnuA7fvy65iNWQlSJ

Score

1^/10

Malware Config

Signatures

Files

iw6mp64_ship.exe
.exe windows x64

9a8d5d89bc4b057a4a5d1954e5124ad2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:58:90:8c:b2:0a:61:71:57:7b:81:6b:46:f4:42:d2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-01-2018 00:00

Not After

27-01-2020 12:00

Subject

CN=Activision Publishing Inc,OU=Activision Publishing Inc,O=Activision Publishing Inc,L=SANTA MONICA,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:f9:83:8d:b5:13:09:e1:6c:c0:e0:be:e1:6b:d5:bf:99:06:be:81:0b:ff:0c:a1:cb:3e:c2:f5:5c:bb:bd:4a
Signer

Actual PE Digest

d3:f9:83:8d:b5:13:09:e1:6c:c0:e0:be:e1:6b:d5:bf:99:06:be:81:0b:ff:0c:a1:cb:3e:c2:f5:5c:bb:bd:4a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Activision Publishing Inc,OU=Activision Publishing Inc,O=Activision Publishing Inc,L=SANTA MONICA,ST=CALIFORNIA,C=US

25-04-2018 23:30
Valid: true

Chain 1

CN=Activision Publishing Inc,OU=Activision Publishing Inc,O=Activision Publishing Inc,L=SANTA MONICA,ST=CALIFORNIA,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

amd_ags64

agsDeInit
agsCrossfireGetGPUCount
agsInit

winmm

waveInGetNumDevs
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
timeBeginPeriod
timeEndPeriod
mixerGetLineInfoA
mixerClose
mixerOpen
mixerGetDevCapsA
timeGetTime
mixerGetNumDevs

steam_api64

SteamApps
SteamNetworking
SteamRemoteStorage
SteamAPI_RunCallbacks
SteamAPI_RegisterCallback
SteamUser
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamGameServer_Init
SteamGameServer
SteamGameServer_Shutdown
SteamGameServer_RunCallbacks
SteamUtils
SteamUserStats
SteamMatchmaking
SteamAPI_RestartAppIfNecessary
SteamAPI_GetSteamInstallPath
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_Init
SteamFriends

bink2w64

BinkWait
BinkNextFrame
BinkDoFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkOpen
BinkGetError
BinkSetError
BinkSetMemory
BinkOpenXAudio2
BinkSetSoundSystem
BinkSetIOSize
BinkSetSoundTrack
BinkGetRealtime
BinkControlBackgroundIO
BinkSetSpeakerVolumes
BinkGetKeyFrame
BinkGoto
BinkPause
BinkClose

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory

dsound

ord6
ord11

powrprof

CallNtPowerInformation

ws2_32

sendto
recvfrom
connect
gethostbyname
inet_addr
WSAGetLastError
WSAStartup
socket
gethostname
setsockopt
send
select
recv
ntohl
htons
ioctlsocket
closesocket
bind
__WSAFDIsSet
inet_ntoa
WSASetLastError
getsockopt
getsockname
WSACleanup
shutdown
ntohs

xinput1_3

ord4
ord3
ord2

kernel32

GetExitCodeThread
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
CreateFileW
WriteConsoleW
GetFileAttributesExW
LoadLibraryW
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetDriveTypeW
FindFirstFileExW
CreateDirectoryW
GetTimeZoneInformation
MoveFileExW
DeleteFileW
CreatePipe
GetExitCodeProcess
TerminateThread
ExpandEnvironmentStringsA
GetVersion
RtlPcToFileHeader
GetCommandLineA
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
LoadLibraryExW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetVersionExW
FlushConsoleInputBuffer
GetStdHandle
GetProcessHeap
SetLastError
GetCPInfo
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetCurrentThread
GetThreadContext
SetThreadContext
FreeLibrary
GetProcAddress
LoadLibraryA
CreateSemaphoreA
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemInfo
ReadFileEx
CloseHandle
GetLastError
SleepEx
DuplicateHandle
RaiseException
SetEvent
ResetEvent
CreateEventA
GetCurrentProcess
CreateThread
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
SetPriorityClass
GetProcessAffinityMask
SetThreadAffinityMask
CreateEventExA
WaitForMultipleObjects
GetFileAttributesA
VirtualAlloc
VirtualFree
CreateMutexA
CreateFileA
GetCurrentDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
GlobalMemoryStatus
SetProcessAffinityMask
DeleteFileA
ReadFile
WriteFile
SetErrorMode
GetCurrentProcessId
OpenProcess
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageA
GetLocaleInfoA
GetUserDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
MulDiv
SetThreadExecutionState
GlobalMemoryStatusEx
LocalFree
HeapReAlloc
RtlLookupFunctionEntry
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FindFirstFileExA
FindClose
WideCharToMultiByte
GetSystemTimeAsFileTime
RtlUnwindEx
GetTempPathA
CreateProcessA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetTickCount
PeekNamedPipe
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetACP
GetOEMCP
ReleaseSemaphore
FileTimeToLocalFileTime
GetFileInformationByHandle
ExitThread
ReadConsoleInputA
SetConsoleMode
SetDllDirectoryA
GetFileType
VirtualQuery
VirtualProtect

user32

LoadImageA
SendMessageW
CallWindowProcA
CloseWindow
SetWindowTextA
SetWindowLongPtrA
RegisterWindowMessageA
MoveWindow
GetWindowPlacement
GetFocus
GetAsyncKeyState
MapVirtualKeyA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SystemParametersInfoA
MonitorFromWindow
GetMonitorInfoA
AdjustWindowRect
AdjustWindowRectEx
SetWindowPos
EnumDisplayDevicesA
MonitorFromPoint
EnumDisplayMonitors
MessageBoxW
LoadIconA
LoadCursorA
MessageBoxA
GetActiveWindow
RegisterClassA
CloseClipboard
OpenClipboard
ShowWindow
RegisterClassExA
IsWindow
UpdateWindow
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
DestroyWindow
EnumDisplaySettingsExA
CreateWindowExA
ScreenToClient
GetCursorPos
SetCursorPos
ShowCursor
GetForegroundWindow
SetFocus
PostMessageA
GetSystemMetrics
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
PostQuitMessage
ClientToScreen
ClipCursor
GetWindowRect
GetClientRect
DefWindowProcA
GetClipboardData
GetUserObjectInformationW
GetProcessWindowStation
SendMessageA

gdi32

GetObjectW
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateDCW
CreateSolidBrush
GetDeviceCaps
CreateFontA
CreateCompatibleBitmap
SetDeviceGammaRamp

advapi32

RegisterEventSourceW
RegQueryValueExA
CryptAcquireContextA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
ReportEventW
DeregisterEventSource
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree

psapi

EnumProcessModulesEx
GetModuleBaseNameA

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 142.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26.3MB - Virtual size: 26.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a8d5d89bc4b057a4a5d1954e5124ad2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:58:90:8c:b2:0a:61:71:57:7b:81:6b:46:f4:42:d2Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

d3:f9:83:8d:b5:13:09:e1:6c:c0:e0:be:e1:6b:d5:bf:99:06:be:81:0b:ff:0c:a1:cb:3e:c2:f5:5c:bb:bd:4aSigner

Signature Validations

Verification

25-04-2018 23:30 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

amd_ags64

winmm

steam_api64

bink2w64

d3d11

dxgi

dsound

powrprof

ws2_32

xinput1_3

kernel32

user32

gdi32

advapi32

shell32

ole32

psapi

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.interpr Size: 48KB - Virtual size: 48KB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 266KB - Virtual size: 142.5MB

.pdata Size: 409KB - Virtual size: 409KB

.tls Size: 512B - Virtual size: 512B

_RDATA Size: 3KB - Virtual size: 3KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 26.3MB - Virtual size: 26.3MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:58:90:8c:b2:0a:61:71:57:7b:81:6b:46:f4:42:d2
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

d3:f9:83:8d:b5:13:09:e1:6c:c0:e0:be:e1:6b:d5:bf:99:06:be:81:0b:ff:0c:a1:cb:3e:c2:f5:5c:bb:bd:4a
Signer

25-04-2018 23:30
Valid: true

.text
Size: 8.1MB - Virtual size: 8.1MB

.interpr
Size: 48KB - Virtual size: 48KB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 266KB - Virtual size: 142.5MB

.pdata
Size: 409KB - Virtual size: 409KB

.tls
Size: 512B - Virtual size: 512B

_RDATA
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 26.3MB - Virtual size: 26.3MB