PlantsVsZombies[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

PlantsVsZombies.exe
Size

1.8MB
MD5

3c8876147c84735ca540dda5be3c6451
SHA1

bf5c51304b1bade29ba4988cc96bf9c35780793c
SHA256

9397ca2dc3a4560eba5f87aef40fd800786ba0312716729ccbdbda185abee27d
SHA512

beb3b63d4ddae9e4a385da2ae9ed670b84ac9c8383c0649fcac31545dbbe4deab2ddb389a2c616bc9522b344e3a97ecb4775bc6858cc0d5b39497a8651602906
SSDEEP

24576:cf8hAXlD2FNTPaPhpWTEDl6ufr+4ArTEJe/MTny14rR+6PMBquI+7yN2PAvp:WDAFS2TExeTD/M7U4rQaMvI+7yQPAR

Score

1^/10

Malware Config

Signatures

Files

PlantsVsZombies.exe
.exe windows x86

1830114513f6f597435f788e3b228d52

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01-09-2006 00:00

Not After

21-09-2009 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup

kernel32

CreateFileA
TerminateProcess
MoveFileExA
GetCurrentThread
MapViewOfFile
CreateEventA
UnmapViewOfFile
LeaveCriticalSection
CreateFileMappingA
CreateThread
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
SetEvent
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
VirtualFree
VirtualAlloc
MoveFileExW
CompareStringA
InterlockedExchange
SetLastError
GetVolumeInformationA
CreateProcessA
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
CreatePipe
GetFileAttributesA
GetConsoleOutputCP
WriteConsoleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
FlushFileBuffers
GetTickCount
SetHandleCount
SetFilePointer
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
GetStringTypeA
LCMapStringA
MoveFileA
DuplicateHandle
GetFileType
SetStdHandle
ExitThread
GetFullPathNameA
GetDriveTypeA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
SetFileAttributesA
GlobalLock
EnumResourceNamesA
OutputDebugStringA
Process32First
CreateMutexA
OpenProcess
Sleep
GetWindowsDirectoryA
FreeLibrary
DeleteFileA
GlobalUnlock
Process32Next
GetExitCodeProcess
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
ResumeThread
CloseHandle
LoadLibraryA
GetLastError
SetThreadPriority
CreateDirectoryA
GetThreadPriority
VirtualQuery
VirtualProtect
GlobalAlloc
CopyFileA
OpenMutexA
OpenFileMappingA
WaitForMultipleObjects
ReleaseMutex
OpenEventA
CreateToolhelp32Snapshot
GetModuleFileNameA
GetCommandLineW
HeapSize
GetVersionExA
FindClose
FindFirstFileA
SetFileTime
FindNextFileA
GetTimeZoneInformation
ReadConsoleInputA
GetConsoleCursorInfo
FreeConsole
SetConsoleTextAttribute
PeekConsoleInputA
GetCurrentThreadId
SetConsoleTitleA
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
AllocConsole
MulDiv
GetStdHandle
SetConsoleCtrlHandler
GetFileTime

user32

WindowFromPoint
CreateCursor
FillRect
DestroyWindow
CreateWindowExA
GetQueueStatus
DestroyCursor
SetFocus
PostThreadMessageA
AdjustWindowRect
GetWindowTextA
GetSystemMetrics
PeekMessageA
IsWindowVisible
ReleaseDC
ShowWindow
SetCaretPos
CreatePopupMenu
LoadCursorA
SetTimer
DestroyCaret
HideCaret
GetClientRect
GetMessageA
GetDesktopWindow
GetForegroundWindow
PostQuitMessage
EnumDisplayMonitors
DispatchMessageA
GetWindowTextLengthA
TrackPopupMenu
SendMessageA
IntersectRect
GetCursor
SetWindowTextA
GetWindowRect
IsIconic
OpenIcon
LoadImageA
ShowCaret
GetWindowThreadProcessId
MessageBoxA
GetCursorPos
RegisterClassA
AppendMenuA
ClientToScreen
RegisterWindowMessageA
CreateCaret
CloseClipboard
GetDC
OpenClipboard
IsWindow
GetWindowPlacement
PostMessageA
MoveWindow
SetForegroundWindow
TranslateMessage
GetClassNameA
DefWindowProcA
EnumWindows
BringWindowToTop
UnregisterClassA
GetSystemMenu
FlashWindowEx
GetParent
GetFocus
DeleteMenu
DrawMenuBar
SetCursor
ReleaseCapture
SetCapture
EndPaint
BeginPaint
SetClipboardData
ScreenToClient

gdi32

SetTextColor
SelectClipRgn
SetBkMode
StretchBlt
GdiFlush
GetStockObject
GetDeviceCaps
SetDIBitsToDevice
GetTextMetricsA
IntersectClipRect
GetObjectA
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleDC
BitBlt
GetCharABCWidthsA
CreateFontA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA

winmm

timeBeginPeriod
PlaySoundA
timeEndPeriod
timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1830114513f6f597435f788e3b228d52

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 292KB - Virtual size: 289KB

.data Size: 56KB - Virtual size: 425KB

.rsrc Size: 220KB - Virtual size: 216KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 292KB - Virtual size: 289KB

.data
Size: 56KB - Virtual size: 425KB

.rsrc
Size: 220KB - Virtual size: 216KB