PlantsVsZombies[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PlantsVsZombies.exe
Size

2.9MB
MD5

3ab63ba6916c4c1b657f7858a85dbef3
SHA1

15732d1ecff8a809cb4bde5e720e9bc9dcf26125
SHA256

dc4f9eed76954da0bdcd6f45d137170052fa6c173e3afb9d5835c71c9d8d382d
SHA512

5619ace8bec3847bac4735f729b53e21022b789a6f7989f839dbc493f6180865b62acd5812b59b6dadcb3fec5a42cff78b3e6388ed8594eaffabc10d0a24f4e2
SSDEEP

49152:TRdzMNOsx3R+ijGgz4MRwZ5v0SmaeeDRgh2xOfpDyYJNo/xQAMS3hx96S7ks0PAg:L0f6ijFUxfeeD2hnYLMSf0Ig

Score

1^/10

Malware Config

Signatures

Files

PlantsVsZombies.exe
.exe windows x86

79e57618046f0692b4b4a6ce785b216a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetModuleFileNameA
GetModuleHandleA
WinExec
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CreateFileW
GetLocaleInfoW
WriteConsoleW
LoadLibraryA
FreeLibrary
GetProcAddress
InterlockedDecrement
GetLastError
CloseHandle
FindNextFileA
Sleep
SetThreadPriority
GlobalFree
GetCurrentThread
GlobalLock
WaitForSingleObject
FindClose
GlobalUnlock
CreateMutexA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
GetVersionExA
FindFirstFileA
EnterCriticalSection
GetCommandLineA
MultiByteToWideChar
DeleteFileA
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
CreateFileA
MulDiv
SetUnhandledExceptionFilter
GetCurrentProcess
OpenFileMappingA
IsBadWritePtr
UnmapViewOfFile
DeleteCriticalSection
CreateThread
GetThreadPriority
VirtualQuery
SetErrorMode
InitializeCriticalSection
InterlockedIncrement
GetCurrentDirectoryW
LoadLibraryW
GetWindowsDirectoryA
SetEvent
CreateEventA
LockResource
SizeofResource
LoadResource
GetFileSize
FindResourceA
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitThread
ResumeThread
GetDriveTypeA
GetFullPathNameA
CreateDirectoryA
HeapReAlloc
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
HeapSize
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
GetCurrentDirectoryA
SetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RemoveDirectoryA

user32

ShowCaret
CloseClipboard
TranslateMessage
DialogBoxIndirectParamA
RegisterWindowMessageA
DefWindowProcA
AdjustWindowRect
ShowWindow
EndDialog
GetDC
IsWindowEnabled
GetClipboardData
SetClipboardData
DispatchMessageA
EnumDisplaySettingsA
SetForegroundWindow
GetWindowTextA
IsIconic
GetWindowLongA
GetDlgItem
SetFocus
ChangeDisplaySettingsA
GetClientRect
GetWindowPlacement
SetWindowTextA
GetWindowRect
ScreenToClient
GetCursorPos
PostMessageA
EmptyClipboard
SetTimer
DestroyWindow
SetCaretPos
ReleaseDC
GetSystemMetrics
PeekMessageA
InvalidateRect
DefWindowProcW
CreateWindowExA
LoadIconA
CreateCursor
ReleaseCapture
WindowFromPoint
ClientToScreen
MoveWindow
EnumWindows
SystemParametersInfoA
MessageBoxW
SetWindowLongA
BeginPaint
EndPaint
OpenClipboard
RegisterClassA
DestroyCursor
SetCapture
SetActiveWindow
AdjustWindowRectEx
OffsetRect
GetWindowInfo
FillRect
DrawTextExA
GetSysColorBrush
DrawTextA
GetMessageA
IsDialogMessageA
GetFocus
GetSysColor
CreateWindowExW
GetDesktopWindow
IsWindow
PostThreadMessageA
HideCaret
CreateCaret
DestroyCaret
IsWindowVisible
SetCursor
MessageBoxA
SendMessageA
LoadCursorA
GetActiveWindow

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetOpenA

winmm

timeGetTime
timeBeginPeriod
mixerGetLineControlsA
mixerOpen
mixerGetControlDetailsA
mixerSetControlDetails
timeEndPeriod
PlaySoundA
mixerGetDevCapsA
mixerGetLineInfoA
mixerClose

wsock32

inet_ntoa
recv
WSACleanup
select
htons
WSAGetLastError
socket
gethostbyname
ioctlsocket
closesocket
send
WSAStartup
__WSAFDIsSet
connect

gdi32

CreateCompatibleDC
GetObjectA
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
DeleteObject
IntersectClipRect
CreateSolidBrush
TextOutA
SetBkMode
SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
GetDeviceCaps
CreateFontIndirectA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e57618046f0692b4b4a6ce785b216a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

wininet

winmm

wsock32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 56KB - Virtual size: 787KB

.rsrc Size: 216KB - Virtual size: 215KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 56KB - Virtual size: 787KB

.rsrc
Size: 216KB - Virtual size: 215KB