SonicGenerations[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SonicGenerations.exe
Size

23.2MB
MD5

fe5ea2725ee7fc51c35263d4e7c41721
SHA1

d5fdc8a547b4e0930d9423a88692118b7d43350f
SHA256

216658412ed025b19a9ad8b3852bf4ff4cc6b6207237f6560dad44a8e8c1e036
SHA512

4cf8da59a8c2fa2ac5c1d2788ba203ebaafe22a007b45209b3adf564d492000ac6e833ed09ec7ebf38f894e12192036ad244ebd3f451a413c6c722482774b1ab
SSDEEP

196608:IPdOeAz/eJnCe0bwQ33OxIMjJFOMsAyRWGtRtJjMsiZ1TlrqESbnB4G8FrpSbvrh:IlOR/eJnCBbtONNslhJjLCubnxIk

Score

1^/10

Malware Config

Signatures

Files

SonicGenerations.exe
.exe windows x86

4d2d03b0f6ed0064d695bad3aac840f6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:7c:99:2b:1c:fe:b7:ae:ff:5a:cf:48:1e:93:3e:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

05/08/2012, 23:59

Subject

CN=Sega Europe Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sega Europe Limited,L=Brentford,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:84:4e:48:db:66:03:23:76:cf:f0:f1:28:a2:64:54:0c:85:21:78
Signer

Actual PE Digest

ed:84:4e:48:db:66:03:23:76:cf:f0:f1:28:a2:64:54:0c:85:21:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXGetDeclVertexSize
D3DXCheckVolumeTextureRequirements
D3DXGetDeclLength
D3DXFillCubeTexture
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory
D3DXVec3Normalize
D3DXFilterTexture
D3DXFillVolumeTexture
D3DXCreateVolumeTexture
D3DXSaveSurfaceToFileA
D3DXCreateCubeTexture
D3DXFillTexture

dsound

ord11

imagehlp

MakeSureDirectoryPathExists

winmm

timeGetTime
timeSetEvent
timeKillEvent

wininet

InternetGetConnectedState

kernel32

GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
TlsGetValue
SetThreadIdealProcessor
GetCurrentThread
SetThreadPriority
GetSystemInfo
GetVersion
Sleep
QueryPerformanceCounter
FindResourceExA
LoadResource
LockResource
FreeResource
ReleaseMutex
CreateMutexA
GetLastError
DeleteFileA
CreateEventA
ReadFileEx
GetOverlappedResult
CloseHandle
ReadFile
CreateFileA
SetEvent
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
RaiseException
ResumeThread
WaitForSingleObject
GetExitCodeThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
TlsAlloc
TlsFree
TlsSetValue
InterlockedCompareExchange
ResetEvent
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
HeapSetInformation
HeapCreate
GetProcessHeap
CreateProcessA
EnumSystemLocalesA
WriteConsoleW
QueryPerformanceFrequency
CreateEventW
GetCurrentDirectoryA
InterlockedExchange
InterlockedPushEntrySList
InterlockedFlushSList
InterlockedExchangeAdd
InterlockedPopEntrySList
InitializeSListHead
GetFileSize
SuspendThread
SetFilePointer
WriteFile
SetEndOfFile
SetFileTime
FlushFileBuffers
MoveFileA
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetThreadPriority
GetCurrentThreadId
CreateDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
CreateThread
CreateFileW
GetStdHandle
GetCurrentDirectoryW
GetVersionExA
IsDBCSLeadByteEx
IsValidCodePage
SetProcessAffinityMask
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
RtlUnwind
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetCPInfo
LCMapStringA
IsValidLocale
LCMapStringW
GetStringTypeA
VirtualQuery
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleA
HeapAlloc
SetStdHandle
GetStringTypeW
SetLastError
HeapSize
HeapFree
GetExitCodeProcess
SetEnvironmentVariableA
CreateSemaphoreA
ReleaseSemaphore
GetModuleHandleA
HeapDestroy
CompareStringW
CompareStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP

user32

EnumDisplayDevicesA
SetForegroundWindow
OpenIcon
IsIconic
UnregisterClassW
DefWindowProcA
PostQuitMessage
UpdateWindow
FindWindowA
DestroyWindow
ShowWindow
wvsprintfA
AdjustWindowRect
SetRect
RegisterClassA
LoadCursorA
LoadIconA
MessageBoxW
ShowCursor
ClipCursor
TranslateMessage
PeekMessageA
DispatchMessageA
wsprintfA
EnumDisplaySettingsA
CreateWindowExA

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

steam_api

SteamFriends
SteamUtils
SteamUser
SteamAPI_Init
SteamApps
SteamAPI_RunCallbacks
SteamRemoteStorage
SteamAPI_Shutdown
SteamAPI_IsSteamRunning
SteamUserStats
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallResult

includeapp

?track@InAppTracker@@SAXPBD@Z
?destroy@InAppTracker@@SAXXZ
?track@InAppTracker@@SAXPBD00@Z
?track@InAppTracker@@SAXPBD0H@Z
?track@InAppTracker@@SAXPBD0M@Z
?trackXYZ@InAppTracker@@SAXPBD0AAM11@Z
?init@InAppTracker@@SAHPBD00@Z

shlwapi

PathCanonicalizeA

wsock32

closesocket
socket
WSAGetLastError
recv
send
connect
gethostbyname
bind
listen
gethostname
__WSAFDIsSet
accept
ntohs
inet_addr
setsockopt
WSAStartup
inet_ntoa
select
WSAAsyncSelect
htons
ioctlsocket

xinput1_3

ord3
ord2

d3d9

D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_EndEvent
D3DPERF_GetStatus
Direct3DCreate9
D3DPERF_BeginEvent
D3DPERF_SetOptions

dinput8

DirectInput8Create

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PSFD00
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.1MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d2d03b0f6ed0064d695bad3aac840f6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3c:7c:99:2b:1c:fe:b7:ae:ff:5a:cf:48:1e:93:3e:bbCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

ed:84:4e:48:db:66:03:23:76:cf:f0:f1:28:a2:64:54:0c:85:21:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

dsound

imagehlp

winmm

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

steam_api

includeapp

shlwapi

wsock32

xinput1_3

d3d9

dinput8

shell32

Sections

.text Size: 15.8MB - Virtual size: 15.8MB

PSFD00 Size: 7KB - Virtual size: 7KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 3.1MB - Virtual size: 8.6MB

.tls Size: 512B - Virtual size: 73B

.rsrc Size: 22KB - Virtual size: 22KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3c:7c:99:2b:1c:fe:b7:ae:ff:5a:cf:48:1e:93:3e:bb
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

ed:84:4e:48:db:66:03:23:76:cf:f0:f1:28:a2:64:54:0c:85:21:78
Signer

.text
Size: 15.8MB - Virtual size: 15.8MB

PSFD00
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 3.1MB - Virtual size: 8.6MB

.tls
Size: 512B - Virtual size: 73B

.rsrc
Size: 22KB - Virtual size: 22KB