PlantsVsZombies[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PlantsVsZombies.exe
Size

1.8MB
MD5

5bfd7d04b607e990d70b4f52d8a96c73
SHA1

2939016ba084b8a0b76bff63a8d4102ef7062690
SHA256

4284c45370628ca64dd79237f9938c2878992d7ec3b4b06c738d1ca46b26fadc
SHA512

396277375be5e932ec0f5a228f4ac9a618edc415772d9de19c92d4e3138cae2f746bdea8ab4073e1526d2da8aab60b94db3976a2c5383c6245579c1dfcc1c8d8
SSDEEP

24576:pf8hAXlD2FNTPaPhpWTEDl6ufr+4ArTEJe/MTny14rR+6PMBquI+7yNOPAvO:5DAFS2TExeTD/M7U4rQaMvI+7ywPAG

Score

1^/10

Malware Config

Signatures

Files

PlantsVsZombies.exe
.exe windows x86

1830114513f6f597435f788e3b228d52

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup

kernel32

CreateFileA
TerminateProcess
MoveFileExA
GetCurrentThread
MapViewOfFile
CreateEventA
UnmapViewOfFile
LeaveCriticalSection
CreateFileMappingA
CreateThread
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
SetEvent
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
VirtualFree
VirtualAlloc
MoveFileExW
CompareStringA
InterlockedExchange
SetLastError
GetVolumeInformationA
CreateProcessA
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
CreatePipe
GetFileAttributesA
GetConsoleOutputCP
WriteConsoleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
FlushFileBuffers
GetTickCount
SetHandleCount
SetFilePointer
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
GetStringTypeA
LCMapStringA
MoveFileA
DuplicateHandle
GetFileType
SetStdHandle
ExitThread
GetFullPathNameA
GetDriveTypeA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
SetFileAttributesA
GlobalLock
EnumResourceNamesA
OutputDebugStringA
Process32First
CreateMutexA
OpenProcess
Sleep
GetWindowsDirectoryA
FreeLibrary
DeleteFileA
GlobalUnlock
Process32Next
GetExitCodeProcess
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
ResumeThread
CloseHandle
LoadLibraryA
GetLastError
SetThreadPriority
CreateDirectoryA
GetThreadPriority
VirtualQuery
VirtualProtect
GlobalAlloc
CopyFileA
OpenMutexA
OpenFileMappingA
WaitForMultipleObjects
ReleaseMutex
OpenEventA
CreateToolhelp32Snapshot
GetModuleFileNameA
GetCommandLineW
HeapSize
GetVersionExA
FindClose
FindFirstFileA
SetFileTime
FindNextFileA
GetTimeZoneInformation
ReadConsoleInputA
GetConsoleCursorInfo
FreeConsole
SetConsoleTextAttribute
PeekConsoleInputA
GetCurrentThreadId
SetConsoleTitleA
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
AllocConsole
MulDiv
GetStdHandle
SetConsoleCtrlHandler
GetFileTime

user32

WindowFromPoint
CreateCursor
FillRect
DestroyWindow
CreateWindowExA
GetQueueStatus
DestroyCursor
SetFocus
PostThreadMessageA
AdjustWindowRect
GetWindowTextA
GetSystemMetrics
PeekMessageA
IsWindowVisible
ReleaseDC
ShowWindow
SetCaretPos
CreatePopupMenu
LoadCursorA
SetTimer
DestroyCaret
HideCaret
GetClientRect
GetMessageA
GetDesktopWindow
GetForegroundWindow
PostQuitMessage
EnumDisplayMonitors
DispatchMessageA
GetWindowTextLengthA
TrackPopupMenu
SendMessageA
IntersectRect
GetCursor
SetWindowTextA
GetWindowRect
IsIconic
OpenIcon
LoadImageA
ShowCaret
GetWindowThreadProcessId
MessageBoxA
GetCursorPos
RegisterClassA
AppendMenuA
ClientToScreen
RegisterWindowMessageA
CreateCaret
CloseClipboard
GetDC
OpenClipboard
IsWindow
GetWindowPlacement
PostMessageA
MoveWindow
SetForegroundWindow
TranslateMessage
GetClassNameA
DefWindowProcA
EnumWindows
BringWindowToTop
UnregisterClassA
GetSystemMenu
FlashWindowEx
GetParent
GetFocus
DeleteMenu
DrawMenuBar
SetCursor
ReleaseCapture
SetCapture
EndPaint
BeginPaint
SetClipboardData
ScreenToClient

gdi32

SetTextColor
SelectClipRgn
SetBkMode
StretchBlt
GdiFlush
GetStockObject
GetDeviceCaps
SetDIBitsToDevice
GetTextMetricsA
IntersectClipRect
GetObjectA
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleDC
BitBlt
GetCharABCWidthsA
CreateFontA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA

winmm

timeBeginPeriod
PlaySoundA
timeEndPeriod
timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1830114513f6f597435f788e3b228d52

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 292KB - Virtual size: 289KB

.data Size: 56KB - Virtual size: 425KB

.rsrc Size: 220KB - Virtual size: 216KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 292KB - Virtual size: 289KB

.data
Size: 56KB - Virtual size: 425KB

.rsrc
Size: 220KB - Virtual size: 216KB