BWASetup-en[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BWASetup-en.exe
Size

19.8MB
MD5

faf2a655e81558739f00b45b5547ece0
SHA1

a3b09852818ac1377da4e134d8034047e87d45e7
SHA256

27c93c0aff512f674f4893076d10fcd07b28db5387b68a4d5971c518605a95e1
SHA512

0837e136ad87bd24ba38b3039fbe6561c5f0c9115d05def4b4fc9760f8a758c2833c21337e88f3c93b7441993eb5e2cf6ce0219b68b45d583965b5c1f7b217e7
SSDEEP

393216:5QC4sW9/os4iGN1gQBGE2hIqc8a05HI4H0Vy8ryOgNibH+6EW:e9j4iGN1goGEG4hYI4H+yEbe6

Score

1^/10

Malware Config

Signatures

Files

BWASetup-en.exe
.exe windows x86

8d9abeb48c63383c5e688c3edf84514e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

LoadLibraryA
GetDiskFreeSpaceA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
LocalFree
DeleteFileA
InterlockedDecrement
FindFirstFileW
LoadLibraryExW
FindClose
FindNextFileW
ExpandEnvironmentStringsW
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CloseHandle
ResetEvent
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileAttributesA
GetOEMCP
GetACP
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetHandleCount
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetFileType
VirtualAlloc
CopyFileA
GetProcAddress
GetLastError
MultiByteToWideChar
MulDiv
GetExitCodeProcess
CreateEventA
Sleep
GetWindowsDirectoryA
SetEvent
WaitForSingleObject
FreeLibrary
GetSystemDirectoryA
WideCharToMultiByte
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFileAttributesA
SetFileTime
CreateFileA
DosDateTimeToFileTime
SetEnvironmentVariableA
lstrlenA
CreateDirectoryA
FlushFileBuffers
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
RemoveDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
HeapReAlloc
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
ExitProcess
FindFirstFileA
FindNextFileA
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
ExitThread
ResumeThread
CreateThread

user32

SetWindowPos
EndDeferWindowPos
LoadStringW
EndPaint
SetTimer
SendDlgItemMessageA
FillRect
KillTimer
DrawTextA
DrawIconEx
DialogBoxParamW
GetClientRect
SendMessageA
BeginPaint
GetDC
DrawFocusRect
GetWindowTextA
DestroyIcon
GetWindowTextW
CreateWindowExA
ReleaseDC
IsWindowUnicode
GetDlgItem
EndDialog
GetDesktopWindow
GetSysColor
GetWindowLongA
EnumChildWindows
GetSysColorBrush
IsDlgButtonChecked
AdjustWindowRectEx
DeferWindowPos
MessageBoxW
BeginDeferWindowPos
GetSystemMetrics
SetWindowTextA
LoadImageA
SendMessageW
MapWindowPoints
EnableWindow
DialogBoxParamA
SetWindowTextW

gdi32

GetTextExtentPoint32W
SetTextColor
DeleteDC
CreateFontA
GetDeviceCaps
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
BitBlt

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExA
SHBrowseForFolderW

ole32

CoUninitialize
StringFromGUID2
CoInitializeSecurity
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d9abeb48c63383c5e688c3edf84514e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 32KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 32KB - Virtual size: 29KB