File-Rain[.]World[.]v1[.]9[.]07b[.]Incl[.]ALL[.]DLC_880284[.]exe

Resubmissions

27-08-2023 04:22

230827-ezd2zshc5w 4

27-08-2023 04:16

230827-evvh6shc3x 4

Sharing

Copy URL

Twitter E-mail

General

Target

File-Rain.World.v1.9.07b.Incl.ALL.DLC_880284.exe
Size

3.2MB
MD5

1d84356a6befc630a059cd2327cb9d78
SHA1

8a7587a07f4e31ad96a06be9fc966be40af84a71
SHA256

2f1eb26d58db86584b245c257f5c737c917d4d0eee7537e6906ebc77c603e224
SHA512

4097dd05813d604e5d324e599308013aa16fba211b06fdf96892e2c98bc2f3103c05f403db4ffff57a7aed39376207dbe8a8f736f550a60d9d35626904b991e7
SSDEEP

49152:XveUAA5Bneq5lWTg4PEMrQ6Oir7ST16uZsr3te5jBwpqnKgTwSaPcdij:XvrWTwME7qhGjBwj/Pcdm

Score

1^/10

Malware Config

Signatures

Files

File-Rain.World.v1.9.07b.Incl.ALL.DLC_880284.exe
.exe windows x86

9da7a9d7bf160f6c80da1c048d73d373

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 15:43

Not After

07-11-2030 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 19:19

Not After

29-12-2040 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

28-12-2022 22:16

Not After

28-12-2023 22:16

Subject

SERIALNUMBER=1242287,CN=Mack Digital Marking\, LLC,O=Mack Digital Marking\, LLC,L=Louisville,ST=Kentucky,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084b656e7475636b79,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:ec:e1:b9:7b:63:ef:3a:4b:73:84:f4:c0:b2:8e:11:ca:13:7b:d0:54:55:b3:7a:5d:a3:8e:ca:d5:ae:e7:89
Signer

Actual PE Digest

4c:ec:e1:b9:7b:63:ef:3a:4b:73:84:f4:c0:b2:8e:11:ca:13:7b:d0:54:55:b3:7a:5d:a3:8e:ca:d5:ae:e7:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

timeGetTime

comctl32

ImageList_Create
FlatSB_SetScrollInfo
ImageList_DragShowNolock
ImageList_GetBkColor
ImageList_Write
ImageList_Destroy
ImageList_SetImageCount
FlatSB_SetScrollProp
ImageList_SetIconSize
ImageList_DragLeave
ImageList_GetDragImage
ImageList_Read
ImageList_GetIcon
_TrackMouseEvent
ImageList_Remove
ImageList_Add
ImageList_Draw
FlatSB_SetScrollPos
ImageList_DrawEx
InitializeFlatSB
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_DragEnter
FlatSB_GetScrollPos
ImageList_DragMove
FlatSB_GetScrollInfo

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

user32

GetWindowDC
GetDC
GetKeyboardLayout
SetMenuItemInfoW
DeleteMenu
FrameRect
GetKeyboardLayoutList
EnumThreadWindows
SendMessageA
GetClassNameW
SetWindowPlacement
DrawTextExW
ScrollWindow
MonitorFromPoint
EnumWindows
CharUpperBuffW
SetMenu
ReleaseDC
InvalidateRect
GetTopWindow
GetWindowThreadProcessId
PeekMessageA
MonitorFromWindow
SetScrollRange
ReleaseCapture
EnableWindow
MapVirtualKeyW
GetMenuItemInfoW
EnableScrollBar
GetSystemMetrics
GetWindow
ShowScrollBar
SetWindowRgn
SetParent
IsWindowUnicode
GetMenuState
GetClassLongW
CreateIconIndirect
GetSysColorBrush
GetMenu
LoadKeyboardLayoutW
EndPaint
CopyImage
RemoveMenu
GetPropW
GetCapture
DrawMenuBar
GetWindowTextW
LoadBitmapW
GetScrollInfo
SetCursorPos
ClientToScreen
TranslateMDISysAccel
FindWindowW
GetWindowLongW
DestroyWindow
WindowFromPoint
PostQuitMessage
GetClientRect
GetMessagePos
GetDCEx
GetWindowPlacement
DestroyIcon
TranslateMessage
GetForegroundWindow
SetScrollInfo
EnumChildWindows
DrawFrameControl
RegisterClipboardFormatW
PeekMessageW
CallWindowProcW
InsertMenuW
InsertMenuItemW
GetKeyboardLayoutNameW
SystemParametersInfoW
DestroyCursor
KillTimer
DispatchMessageA
GetDesktopWindow
SetScrollPos
GetIconInfo
EnableMenuItem
EnumDisplayMonitors
GetActiveWindow
IsWindowEnabled
CreateIcon
SetClassLongW
UnregisterClassW
DestroyMenu
GetClipboardData
HideCaret
ShowCaret
MsgWaitForMultipleObjects
SetFocus
RedrawWindow
SetCursor
SetRect
GetScrollRange
UnhookWindowsHookEx
GetMenuItemCount
MapWindowPoints
GetSysColor
IsChild
AdjustWindowRectEx
ActivateKeyboardLayout
CallNextHookEx
MsgWaitForMultipleObjectsEx
GetMonitorInfoW
CreateMenu
IsWindowVisible
PostMessageW
MessageBeep
IsIconic
MessageBoxW
LoadCursorW
DefFrameProcW
GetKeyNameTextW
GetSystemMenu
WaitMessage
BeginPaint
LoadStringW
GetScrollPos
GetParent
DrawEdge
SetCapture
GetCursorPos
GetKeyboardState
SetWindowTextW
UpdateWindow
GetFocus
DispatchMessageW
CreateWindowExW
IsDialogMessageW
DrawIconEx
IsClipboardFormatAvailable
LoadIconW
ShowWindow
SetTimer
GetLastActivePopup
SwitchToThisWindow
SetActiveWindow
CharLowerW
TrackPopupMenu
GetClassInfoW
EnumClipboardFormats
CharUpperW
GetDlgCtrlID
EndMenu
GetSubMenu
SetPropW
DrawIcon
ScreenToClient
IsWindow
SetForegroundWindow
CreatePopupMenu
GetMenuStringW
SetWindowPos
FillRect
DefMDIChildProcW
SendMessageW
CharNextW
FindWindowExW
GetCursor
GetWindowRect
DrawTextW
IsZoomed
CheckMenuItem
SetWindowsHookExW
SetWindowLongW
RegisterClassW
CharLowerBuffW
GetMenuItemID
IsDialogMessageA
GetMessageExtraInfo
DefWindowProcW
GetKeyState
DrawFocusRect
ShowOwnedPopups
RemovePropW
RegisterWindowMessageW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleaut32

SafeArrayPtrOfIndex
SafeArrayCreate
VariantClear
VariantChangeType
VariantCopy
SysFreeString
SafeArrayGetLBound
VariantInit
GetErrorInfo
SysReAllocStringLen
SysAllocStringLen
SafeArrayGetUBound

advapi32

OpenServiceW
RegQueryValueExW
GetUserNameW
RegFlushKey
OpenProcessToken
RegCloseKey
LookupPrivilegeValueW
OpenSCManagerW
QueryServiceStatus
RegOpenKeyExW
AdjustTokenPrivileges

netapi32

NetApiBufferFree
NetWkstaGetInfo

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpWriteData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryAuthSchemes
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpConnect

kernel32

WaitForMultipleObjectsEx
GetLocaleInfoW
SetLastError
GetFileAttributesW
IsDebuggerPresent
VerifyVersionInfoW
MulDiv
GetLocalTime
VirtualFree
GlobalFree
CreateThread
VirtualProtect
LocalAlloc
DeleteCriticalSection
FileTimeToSystemTime
GetExitCodeThread
GetVersionExW
lstrlenW
SetEvent
GetModuleFileNameW
GetSystemInfo
GlobalFindAtomW
GlobalHandle
Sleep
GetCurrentProcess
WideCharToMultiByte
ReadFile
GetSystemDefaultUILanguage
GlobalAlloc
FreeResource
GetUserDefaultUILanguage
GlobalAddAtomW
GetCommandLineW
GetTickCount
UnhandledExceptionFilter
HeapDestroy
GetCurrentThread
GetVersion
RaiseException
WaitForSingleObject
VerSetConditionMask
GlobalUnlock
SetFilePointer
SetErrorMode
FormatMessageW
GetCPInfoExW
FindClose
GetCurrentThreadId
QueryPerformanceFrequency
ExitThread
QueryPerformanceCounter
SwitchToThread
CreateFileW
CloseHandle
CreateMutexW
CreateDirectoryW
FindFirstFileW
LoadLibraryExW
GetEnvironmentVariableW
HeapFree
TlsSetValue
FreeLibrary
GlobalLock
DeviceIoControl
MultiByteToWideChar
GetFileSize
SetThreadPriority
WriteFile
GetDateFormatW
HeapCreate
GetCPInfo
InitializeCriticalSection
GetStdHandle
GetTimeZoneInformation
GetDiskFreeSpaceW
LCMapStringW
GetACP
GetThreadLocale
TlsGetValue
GlobalSize
FindNextFileW
SetThreadLocale
LockResource
GetCurrentProcessId
GetTempPathW
GetComputerNameW
LoadResource
GetLastError
LocalFree
TerminateThread
VirtualQuery
EnumResourceNamesW
RtlUnwind
CreateEventW
EnumCalendarInfoW
LoadLibraryW
VirtualAlloc
IsValidLocale
LoadLibraryA
GetThreadPriority
GetDriveTypeW
CompareStringW
SizeofResource
VirtualQueryEx
HeapAlloc
FindResourceW
ResumeThread
SuspendThread
GetProcAddress
ResetEvent
GetFullPathNameW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
GetStartupInfoW
MoveFileW
SetEndOfFile
GlobalDeleteAtom

ole32

CoTaskMemAlloc
OleUninitialize
CoInitialize
CoUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
IsEqualGUID

gdi32

PolyBezierTo
GetWinMetaFileBits
GetSystemPaletteEntries
MoveToEx
PlayEnhMetaFile
GetTextMetricsW
SetRectRgn
GetPaletteEntries
AngleArc
GetObjectW
SetDIBColorTable
DeleteDC
CreateFontIndirectW
GetNearestPaletteIndex
StretchBlt
SaveDC
GetEnhMetaFilePaletteEntries
IntersectClipRect
Chord
SetEnhMetaFileBits
PolyBezier
CreateBitmap
ExtFloodFill
SetPixel
GetTextExtentPoint32W
LineTo
UnrealizeObject
SetBrushOrgEx
CreateHalftonePalette
SetViewportOrgEx
FrameRgn
GetStockObject
SetWinMetaFileBits
Rectangle
CreateBrushIndirect
RoundRect
GetWindowOrgEx
DeleteObject
CreateCompatibleDC
GetDeviceCaps
Ellipse
CopyEnhMetaFileW
GetRgnBox
GetTextExtentPointW
CreateCompatibleBitmap
Pie
ExtTextOutW
PatBlt
CreateDIBSection
RestoreDC
GetClipBox
GetDIBits
SetTextColor
DeleteEnhMetaFile
SelectObject
GetEnhMetaFileDescriptionW
RectVisible
GetDIBColorTable
SetWindowOrgEx
ExcludeClipRect
SetStretchBltMode
SetBkMode
CreateDIBitmap
Arc
SetROP2
EnumFontFamiliesExW
GetBitmapBits
GetStretchBltMode
GetBrushOrgEx
SelectPalette
CreatePalette
SetBkColor
Polyline
SetDIBits
CreateSolidBrush
Polygon
MaskBlt
GetEnhMetaFileHeader
BitBlt
GetPixel
GdiFlush
ArcTo
GetEnhMetaFileBits
GetCurrentPositionEx
CreatePenIndirect
RealizePalette
CreateRectRgn

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9da7a9d7bf160f6c80da1c048d73d373

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6cCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4c:ec:e1:b9:7b:63:ef:3a:4b:73:84:f4:c0:b2:8e:11:ca:13:7b:d0:54:55:b3:7a:5d:a3:8e:ca:d5:ae:e7:89Signer

Headers

File Characteristics

Imports

winmm

comctl32

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

winhttp

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 133KB - Virtual size: 132KB

.bss Size: - Virtual size: 27KB

.idata Size: 12KB - Virtual size: 12KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 149B

.tls Size: - Virtual size: 88B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 271KB - Virtual size: 271KB

.rsrc Size: 132KB - Virtual size: 132KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4c:ec:e1:b9:7b:63:ef:3a:4b:73:84:f4:c0:b2:8e:11:ca:13:7b:d0:54:55:b3:7a:5d:a3:8e:ca:d5:ae:e7:89
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 133KB - Virtual size: 132KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 12KB - Virtual size: 12KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 149B

.tls
Size: - Virtual size: 88B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 271KB - Virtual size: 271KB

.rsrc
Size: 132KB - Virtual size: 132KB