New-Super-Mario-Bros-Wii_409800[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

New-Super-Mario-Bros-Wii_409800.zip
Size

17.8MB
MD5

00ae105b28405fe12b72af041bc3464e
SHA1

e0c455a8bcc5bee8c578ec594ae13d6f01b80bf5
SHA256

bc7376eb8f9b7ece3f1dd3ea2ec8f7ac13ffc8b00fcf7593d64add1fdafa23d5
SHA512

3a87fe97b44bac50fa4afddce141f895e536a1e8f6445ddad9999e36139381c50915ee8f2d4c3476d36a41ac52787951c264d3956ed18e2f5176a390fe217a19
SSDEEP

393216:MIYgGNaqF3JRefkQDZTgOKCN+eVlYUItaUqGhT1qGlkLrNOutc:JYgAijTbrDwth7qYuNOz

Score

1^/10

Malware Config

Signatures

Files

New-Super-Mario-Bros-Wii_409800.zip
.zip
Install_01025.exe
.exe windows x86

c61f65a7af6939836e7bbe4a515158f8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:64:89:06:e0:ab:ba:e0:0e:c7:4e:e1:37:07:1a:d4
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

16/02/2022, 00:00

Not After

16/02/2023, 23:59

Subject

CN=SYGA Digital s.r.o.,O=SYGA Digital s.r.o.,ST=Trnavský kraj,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:9b:bd:43:18:86:47:6a:30:e6:7a:66:f1:a9:01:36:65:db:78:c4:94:d5:06:7b:6d:31:f7:89:88:b3:cc:46
Signer

Actual PE Digest

99:9b:bd:43:18:86:47:6a:30:e6:7a:66:f1:a9:01:36:65:db:78:c4:94:d5:06:7b:6d:31:f7:89:88:b3:cc:46

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SYGA Digital s.r.o.,O=SYGA Digital s.r.o.,ST=Trnavský kraj,C=SK

22/12/2022, 20:56
Valid: true

Chain 1

CN=SYGA Digital s.r.o.,O=SYGA Digital s.r.o.,ST=Trnavský kraj,C=SK

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
PathFileExistsW

kernel32

AcquireSRWLockExclusive
SetFileAttributesW
GetVersionExA
LeaveCriticalSection
FindFirstFileExW
GetFileSizeEx
lstrlenW
FreeLibrary
ResetEvent
GetSystemDirectoryW
GetModuleHandleW
VirtualFree
GetModuleFileNameW
EnterCriticalSection
FormatMessageW
HeapReAlloc
GetProcessAffinityMask
GetCurrentProcessId
TlsSetValue
GetFileInformationByHandle
GetFileAttributesA
SetFileAttributesA
TlsGetValue
CompareStringW
WaitForSingleObject
VerSetConditionMask
RaiseException
lstrlenA
SetUnhandledExceptionFilter
CreateDirectoryW
VirtualAlloc
GetDateFormatW
SleepEx
WriteConsoleW
SetEvent
GetLastError
GetCommandLineA
VerifyVersionInfoW
EnumSystemLocalesW
TlsAlloc
FindNextFileW
ReleaseSRWLockExclusive
DeleteFileW
GetProcAddress
GetFileType
InitializeCriticalSectionEx
EncodePointer
GetTimeFormatW
IsProcessorFeaturePresent
DeleteFileA
SetEnvironmentVariableW
GetFullPathNameW
HeapAlloc
IsDebuggerPresent
FormatMessageA
GetFileSize
TerminateProcess
GetFileAttributesExW
LoadLibraryW
IsValidLocale
lstrcatA
LCMapStringEx
InitializeSListHead
MoveFileExW
CreateFileW
CreateDirectoryA
GetEnvironmentStringsW
GetDriveTypeW
GetStringTypeW
LoadLibraryA
InitializeCriticalSection
LoadLibraryExW
CreateSemaphoreA
GetTempPathW
GetModuleHandleExW
SetFilePointer
FindClose
ReleaseSemaphore
GetCurrentDirectoryA
LCMapStringW
GetSystemInfo
GetConsoleOutputCP
GetLocaleInfoW
PeekNamedPipe
GetStartupInfoW
GetTimeZoneInformation
UnhandledExceptionFilter
HeapFree
RtlUnwind
TlsFree
CloseHandle
RemoveDirectoryA
GetCommandLineW
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
WaitForMultipleObjects
RemoveDirectoryW
QueryPerformanceFrequency
GetEnvironmentVariableA
GetSystemTimeAsFileTime
AreFileApisANSI
GetStdHandle
InitializeCriticalSectionAndSpinCount
FreeLibraryAndExitThread
LocalFree
WaitForSingleObjectEx
HeapSize
ReadConsoleW
GetProcessHeap
GetCurrentThread
GetTickCount64
SetStdHandle
GetCurrentThreadId
SetFileTime
Sleep
FindFirstFileA
FileTimeToSystemTime
GetTempPathA
CreateEventA
GetUserDefaultLCID
ReadFile
GetModuleHandleA
GlobalMemoryStatus
QueryPerformanceCounter
ExitProcess
SetFilePointerEx
GetConsoleMode
GetCurrentDirectoryW
SetEndOfFile
SetLastError
GetACP
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
lstrcatW
FreeEnvironmentStringsW
WriteFile
DeleteCriticalSection
GetModuleFileNameA
IsValidCodePage
CreateThread
GetOEMCP
CreateFileA
GetSystemWow64DirectoryW
GetCurrentProcess
DecodePointer
GetCPInfo
FindFirstFileW
ExitThread
GetTickCount
FindNextFileA

user32

MessageBoxW
GetWindowLongA
SetWindowTextW
SetWindowTextA
SetWindowLongA
MessageBoxA
LoadIconA
ShowWindow
LoadStringW
LoadStringA
DialogBoxParamA
PostMessageA
CharUpperW
SetTimer
DestroyWindow
SendMessageA
DialogBoxParamW
EndDialog
KillTimer
CharUpperA
GetDlgItem
wsprintfA

shell32

SHGetSpecialFolderPathW

oleaut32

VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptEncrypt
RegCreateKeyExW
CryptCreateHash
CryptImportKey
CryptGetHashParam
RegOpenKeyExW
RegCloseKey
RegSetValueExW
CryptReleaseContext

ole32

CoInitialize
CoUninitialize
CoCreateInstance

crypt32

CertCloseStore
CertOpenStore
CertFindCertificateInStore
PFXImportCertStore
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateContext
CertGetNameStringW
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryW
CertFindExtension

wldap32

ord147
ord133
ord301
ord79
ord142
ord46
ord145
ord219
ord167
ord14
ord216
ord73
ord208
ord41
ord117
ord26
ord27
ord127

ws2_32

recvfrom
sendto
ioctlsocket
gethostname
WSACloseEvent
bind
send
freeaddrinfo
WSAEventSelect
WSAResetEvent
WSAEnumNetworkEvents
WSAIoctl
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
WSACreateEvent
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
getaddrinfo
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c61f65a7af6939836e7bbe4a515158f8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

b8:64:89:06:e0:ab:ba:e0:0e:c7:4e:e1:37:07:1a:d4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

99:9b:bd:43:18:86:47:6a:30:e6:7a:66:f1:a9:01:36:65:db:78:c4:94:d5:06:7b:6d:31:f7:89:88:b3:cc:46Signer

Signature Validations

Verification

22/12/2022, 20:56 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

oleaut32

bcrypt

advapi32

ole32

crypt32

wldap32

ws2_32

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 71KB - Virtual size: 71KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

b8:64:89:06:e0:ab:ba:e0:0e:c7:4e:e1:37:07:1a:d4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

99:9b:bd:43:18:86:47:6a:30:e6:7a:66:f1:a9:01:36:65:db:78:c4:94:d5:06:7b:6d:31:f7:89:88:b3:cc:46
Signer

22/12/2022, 20:56
Valid: true

.text
Size: 6.0MB - Virtual size: 6.0MB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 71KB - Virtual size: 71KB