AngryBirdsStarWarsII[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AngryBirdsStarWarsII.exe
Size

2.6MB
MD5

91ad5a9b84c3b06c7bfe4fbf68dab202
SHA1

e05df95ea000adf48f823bb794353c04d12cc11c
SHA256

4839b06cd659b7ac2acf82d8f841a6a81dd4ce492bb0df88bfa4acd215583516
SHA512

73d296da23b4c192b85400d5178fedc6d5949c9b66df68617694db13a4f470945a71aa7194a0e56b43a253bddb59aee4719c8cf1d715556412b016eb250cda93
SSDEEP

49152:vtg9qSx66jC73OWpCtX1KaG0TiFKbWEictbe6ytoZdMXRgZTo/8uuOlf1THrGjES:vtg9qU66jCqWpCtXMaG0Ti8gctbe6yto

Score

1^/10

Malware Config

Signatures

Files

AngryBirdsStarWarsII.exe
.exe windows x86

603b167b7af6f1bc69d34d6ffad1b50d

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:a7:4d:b1:67:25:0d
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

26/10/2011, 13:20

Not After

26/10/2014, 13:20

Subject

CN=Rovio Entertainment Ltd.,OU=Technology,O=Rovio Entertainment Ltd.,L=Espoo,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:73:6e:fd:e8:de:e6:35:fe:d7:35:e0:a3:b1:77:61:f0:2f:a6:23
Signer

Actual PE Digest

39:73:6e:fd:e8:de:e6:35:fe:d7:35:e0:a3:b1:77:61:f0:2f:a6:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetFileAttributesExW
MoveFileExW
FlushFileBuffers
LoadLibraryW
ResetEvent
WaitForSingleObjectEx
GetCurrentDirectoryW
OutputDebugStringA
CreateDirectoryW
GetModuleFileNameW
LocalFree
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
ReleaseMutex
CreateMutexW
FormatMessageW
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
GetThreadPriority
MultiByteToWideChar
WideCharToMultiByte
CreateProcessW
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GlobalLock
CreateEventW
GlobalUnlock
SetEvent
GetFileAttributesA
GetVersionExW
SetLastError
FormatMessageA
GetProcAddress
LoadLibraryA
GetVersionExA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
GetTickCount
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
Sleep
ExpandEnvironmentStringsA
GetSystemInfo
InterlockedDecrement
lstrlenW
GetModuleHandleW
MulDiv
GetFileAttributesW
GetLocaleInfoA

user32

SetForegroundWindow
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SetCapture
ClientToScreen
SetCursorPos
ReleaseCapture
LoadIconW
RegisterClassExW
MonitorFromPoint
CreateWindowExW
UnregisterClassW
DefWindowProcW
PostQuitMessage
GetWindowTextA
ShowWindow
AdjustWindowRectEx
ScreenToClient
TrackMouseEvent
DestroyWindow
LoadImageW
SetCursor
SetWindowTextW
GetClientRect
MoveWindow
GetWindowPlacement
MonitorFromWindow
GetMonitorInfoW
SetWindowLongW
SetWindowPos
SetWindowPlacement
ClipCursor
CloseClipboard
GetClipboardData
GetWindowRect
EndDialog
ReleaseDC
DialogBoxIndirectParamW
SystemParametersInfoW
GetDC
MessageBoxW
GetTopWindow
GetDlgItemTextA
SendMessageW
GetDlgItem
SendDlgItemMessageA
GetWindowLongW
OpenClipboard
LoadCursorW
FindWindowW

winhttp

WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

ws2_32

ntohs
getsockname
setsockopt
send
recv
WSAGetLastError
WSAStartup
WSACleanup
bind
getsockopt
WSASetLastError
connect
accept
listen
__WSAFDIsSet
select
recvfrom
sendto
ioctlsocket
gethostname
getpeername
closesocket
htons
freeaddrinfo
getaddrinfo
socket

wldap32

ord33
ord22
ord301
ord211
ord27
ord60
ord50
ord41
ord26
ord30
ord32
ord35
ord79
ord200
ord46
ord143

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
RegCloseKey
CryptCreateHash
RegOpenKeyExW
RegQueryValueExW

dsound

ord11

msvcp100

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Stolx
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xfunc@tr1@std@@YAXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
_FInf
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_BADOFF@std@@3_JB
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

msvcr100

malloc
_errno
_get_osfhandle
_fileno
ferror
__RTDynamicCast
_wfopen
strerror
fclose
fflush
strrchr
strchr
fseek
fread
ftell
fopen
_ftelli64
_fseeki64
strftime
clock
frexp
ldexp
_CIacos
_CIasin
_CIatan
_CIcosh
_CIexp
_CIlog
_CIlog10
_CIsinh
_CItan
_CItanh
modf
srand
_HUGE
tolower
toupper
isxdigit
isalnum
isupper
isspace
ispunct
isdigit
iscntrl
isalpha
islower
strpbrk
strncpy
fputs
memchr
strtoul
feof
ungetc
freopen
getc
realloc
fprintf
strstr
exit
localeconv
strtod
strncat
strcspn
strcoll
calloc
__sys_nerr
sscanf
strtol
_strtoi64
strncmp
fgets
qsort
fputc
_beginthreadex
_fstat64
_lseeki64
atoi
getenv
_stat64
_strdup
isprint
isgraph
memcpy_s
atof
??0exception@std@@QAE@XZ
_close
_open
?terminate@@YAXXZ
_vsnprintf_s
_vscprintf
_snprintf
_ftime64_s
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_stricmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
_localtime64_s
_gmtime64_s
ceil
rand
sprintf
??_V@YAXPAX@Z
free
_mkdir
_time64
_mktime64
_localtime64
_gmtime64
_difftime64
_CIatan2
printf
_CIsqrt
_CIsin
_CIpow
_CIfmod
floor
_CIcos
memset
_purecall
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
memmove
memcpy
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
__iob_func
_write
_read
_strnicmp
_lseek
vswprintf_s
_chdir
__argv
__argc
abort
fwrite

gdiplus

GdipDeleteFont
GdipCloneImage
GdipCloneBrush
GdipGetFontHeight
GdipGetFontStyle
GdipCreateFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipIsStyleAvailable
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipCreateSolidFill
GdiplusStartup
GdipBitmapLockBits
GdipFree
GdipAlloc
GdipDeleteBrush
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipNewInstalledFontCollection
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDisposeImage
GdipGetFamilyName
GdipCreateBitmapFromScan0

iphlpapi

GetAdaptersInfo

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

shell32

SHGetFolderPathAndSubDirW
DragFinish
DragQueryPoint
DragQueryFileW
DragAcceptFiles
ShellExecuteExW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
VariantChangeType
SysAllocString
VariantClear
VariantInit

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

xinput1_3

ord2

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

603b167b7af6f1bc69d34d6ffad1b50d

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

07:a7:4d:b1:67:25:0dCertificate

Extended Key Usages

Key Usages

39:73:6e:fd:e8:de:e6:35:fe:d7:35:e0:a3:b1:77:61:f0:2f:a6:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winhttp

ws2_32

wldap32

advapi32

dsound

msvcp100

msvcr100

gdiplus

iphlpapi

gdi32

shell32

ole32

oleaut32

winmm

rpcrt4

xinput1_3

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 307KB - Virtual size: 306KB

.data Size: 68KB - Virtual size: 166KB

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 207KB - Virtual size: 207KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

03:01
Certificate

07:a7:4d:b1:67:25:0d
Certificate

39:73:6e:fd:e8:de:e6:35:fe:d7:35:e0:a3:b1:77:61:f0:2f:a6:23
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 307KB - Virtual size: 306KB

.data
Size: 68KB - Virtual size: 166KB

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 207KB - Virtual size: 207KB