0608724d2a0434e95dd2a57959e270f6[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

0608724d2a0434e95dd2a57959e270f6.bin
Size

35.2MB
MD5

0608724d2a0434e95dd2a57959e270f6
SHA1

13388d67e8e993b96ef3539da951107f48b9dec2
SHA256

622f089fc95fd5d8946aab221988444ba788ddd5e698441d037007453eac57ba
SHA512

24047ff605af9081a7095c95315e1b4aa700c6293545cca5fb54f7d4069b8d871e9e363e061bf56251318081244b84f37244c04d20f697fc8f62c6f2f0b551a4
SSDEEP

786432:7UoxNUheL73+A5wGob+5Pb7JLNsfJB5VqrNubZm/7spaiiUePlb:7UiLPOA5wxCPJy/OsZm/YpADPlb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MOD ULTRA WIDE ESP/bass.dll
unpack001/MOD ULTRA WIDE ESP/pvz_widescreen.exe

Files

0608724d2a0434e95dd2a57959e270f6.bin
.rar
MOD ULTRA WIDE ESP/INSTRUCCIONES.TXT
MOD ULTRA WIDE ESP/PlantsVsZombies.exe
.exe windows x86

79e57618046f0692b4b4a6ce785b216a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetModuleFileNameA
GetModuleHandleA
WinExec
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CreateFileW
GetLocaleInfoW
WriteConsoleW
LoadLibraryA
FreeLibrary
GetProcAddress
InterlockedDecrement
GetLastError
CloseHandle
FindNextFileA
Sleep
SetThreadPriority
GlobalFree
GetCurrentThread
GlobalLock
WaitForSingleObject
FindClose
GlobalUnlock
CreateMutexA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
GetVersionExA
FindFirstFileA
EnterCriticalSection
GetCommandLineA
MultiByteToWideChar
DeleteFileA
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
CreateFileA
MulDiv
SetUnhandledExceptionFilter
GetCurrentProcess
OpenFileMappingA
IsBadWritePtr
UnmapViewOfFile
DeleteCriticalSection
CreateThread
GetThreadPriority
VirtualQuery
SetErrorMode
InitializeCriticalSection
InterlockedIncrement
GetCurrentDirectoryW
LoadLibraryW
GetWindowsDirectoryA
SetEvent
CreateEventA
LockResource
SizeofResource
LoadResource
GetFileSize
FindResourceA
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitThread
ResumeThread
GetDriveTypeA
GetFullPathNameA
CreateDirectoryA
HeapReAlloc
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
HeapSize
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
GetCurrentDirectoryA
SetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RemoveDirectoryA

user32

ShowCaret
CloseClipboard
TranslateMessage
DialogBoxIndirectParamA
RegisterWindowMessageA
DefWindowProcA
AdjustWindowRect
ShowWindow
EndDialog
GetDC
IsWindowEnabled
GetClipboardData
SetClipboardData
DispatchMessageA
EnumDisplaySettingsA
SetForegroundWindow
GetWindowTextA
IsIconic
GetWindowLongA
GetDlgItem
SetFocus
ChangeDisplaySettingsA
GetClientRect
GetWindowPlacement
SetWindowTextA
GetWindowRect
ScreenToClient
GetCursorPos
PostMessageA
EmptyClipboard
SetTimer
DestroyWindow
SetCaretPos
ReleaseDC
GetSystemMetrics
PeekMessageA
InvalidateRect
DefWindowProcW
CreateWindowExA
LoadIconA
CreateCursor
ReleaseCapture
WindowFromPoint
ClientToScreen
MoveWindow
EnumWindows
SystemParametersInfoA
MessageBoxW
SetWindowLongA
BeginPaint
EndPaint
OpenClipboard
RegisterClassA
DestroyCursor
SetCapture
SetActiveWindow
AdjustWindowRectEx
OffsetRect
GetWindowInfo
FillRect
DrawTextExA
GetSysColorBrush
DrawTextA
GetMessageA
IsDialogMessageA
GetFocus
GetSysColor
CreateWindowExW
GetDesktopWindow
IsWindow
PostThreadMessageA
HideCaret
CreateCaret
DestroyCaret
IsWindowVisible
SetCursor
MessageBoxA
SendMessageA
LoadCursorA
GetActiveWindow

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetOpenA

winmm

timeGetTime
timeBeginPeriod
mixerGetLineControlsA
mixerOpen
mixerGetControlDetailsA
mixerSetControlDetails
timeEndPeriod
PlaySoundA
mixerGetDevCapsA
mixerGetLineInfoA
mixerClose

wsock32

inet_ntoa
recv
WSACleanup
select
htons
WSAGetLastError
socket
gethostbyname
ioctlsocket
closesocket
send
WSAStartup
__WSAFDIsSet
connect

gdi32

CreateCompatibleDC
GetObjectA
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
DeleteObject
IntersectClipRect
CreateSolidBrush
TextOutA
SetBkMode
SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
GetDeviceCaps
CreateFontIndirectA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MOD ULTRA WIDE ESP/bass.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelPreBuf
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetFlags
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetAttribute
BASS_MusicGetName
BASS_MusicGetOrderPosition
BASS_MusicGetOrders
BASS_MusicLoad
BASS_MusicSetAttribute
BASS_Pause
BASS_PluginFree
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetTags
BASS_Update
_

Sections

Size: 85KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MOD ULTRA WIDE ESP/game.esp
MOD ULTRA WIDE ESP/images/pole_night A.png
.png
MOD ULTRA WIDE ESP/images/pole_night.png
.png
MOD ULTRA WIDE ESP/pvz_widescreen.exe
.exe windows x86

e5c840cd7ba56b93228426df9fb6b27d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtResumeProcess

kernel32

TerminateProcess
GetModuleHandleW
CloseHandle
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetModuleFileNameW
GetLastError
GetSystemDirectoryW
GetWindowsDirectoryW
AcquireSRWLockExclusive
GetEnvironmentVariableW
CreateProcessW
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetModuleHandleA
GetProcAddress
GetConsoleMode
WriteFile
GetStdHandle
WriteConsoleW
CompareStringOrdinal
GetFullPathNameW
CreateFileW
InitializeCriticalSection
TryEnterCriticalSection
GetFileAttributesW
GetCurrentProcessId
CreateNamedPipeW
GetCurrentProcess
DuplicateHandle
GetCurrentThreadId
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter

bcrypt

BCryptGenRandom

vcruntime140

__current_exception_context
memmove
memset
memcpy
memcmp
_except_handler4_common
__current_exception

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
__p___argv
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_set_app_type
_initialize_onexit_table
__p___argc
_seh_filter_exe
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e57618046f0692b4b4a6ce785b216a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

wininet

winmm

wsock32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 56KB - Virtual size: 787KB

.rsrc Size: 216KB - Virtual size: 215KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 85KB - Virtual size: 244KB

.rsrc Size: 568B - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: 4KB - Virtual size: 3KB

e5c840cd7ba56b93228426df9fb6b27d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 512B - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 56KB - Virtual size: 787KB

.rsrc
Size: 216KB - Virtual size: 215KB

.rsrc
Size: 568B - Virtual size: 4KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 512B - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB