File-Papers[.]Please[.]v1[.]4[.]11[.]124_469577[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

File-Papers.Please.v1.4.11.124_469577.exe
Size

3.7MB
MD5

93ea2aca049506eab7c868e064617314
SHA1

1307090e42afc3cb0938185e47adde66b4abc34e
SHA256

591a68ab752c9eca83f63d280a352f306cee350475b696cee4652f61b2a51c85
SHA512

d14eaa86654921f8a5d2796a3a97d32f945d10c4b7594c0b8f282aa87cefee0df3560aa8278976242f2b22decadb1a1bfebf7100f6e202f27081665053237fca
SSDEEP

49152:7Cn5+XVupr6Wn/SkmOI5zqKqVIxVOHoPufLOXiH8Z5YAvZ7cAIIxosdNvF:7ZYDI5zpxgHoyLOXWA5dvNCQoYNvF

Score

1^/10

Malware Config

Signatures

Files

File-Papers.Please.v1.4.11.124_469577.exe
.exe windows:6 windows x86

24b9e1116ff51e005b4ab97606e9d641

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

28/12/2022, 22:16

Not After

28/12/2023, 22:16

Subject

SERIALNUMBER=1242287,CN=Mack Digital Marking\, LLC,O=Mack Digital Marking\, LLC,L=Louisville,ST=Kentucky,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084b656e7475636b79,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:8a:0f:ca:10:02:bc:5d:39:8e:f5:03:8e:59:8d:a4:10:54:ac:08:89:88:6a:5d:9c:07:80:ca:25:eb:36:7b
Signer

Actual PE Digest

9c:8a:0f:ca:10:02:bc:5d:39:8e:f5:03:8e:59:8d:a4:10:54:ac:08:89:88:6a:5d:9c:07:80:ca:25:eb:36:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

comctl32

ImageList_DragLeave
FlatSB_SetScrollProp
ImageList_DrawIndirect
ImageList_Read
ImageList_DragEnter
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
ImageList_Remove
ImageList_SetIconSize
ImageList_GetDragImage
ImageList_DragShowNolock
FlatSB_GetScrollInfo
ImageList_Add
ImageList_Write
ImageList_BeginDrag
ImageList_Destroy
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Create
ImageList_GetImageCount
ImageList_Draw
ImageList_DragMove
ImageList_SetImageCount
ImageList_GetIcon
_TrackMouseEvent
InitializeFlatSB
FlatSB_SetScrollPos

shell32

ShellExecuteW
ShellExecuteExW
SHAppBarMessage
SHGetFolderPathW
Shell_NotifyIconW

user32

CreateWindowExW
GetDesktopWindow
MonitorFromWindow
GetMenuItemID
ShowOwnedPopups
SetScrollInfo
PeekMessageW
EnumDisplayMonitors
IsRectEmpty
ScreenToClient
DestroyIcon
SetForegroundWindow
RegisterWindowMessageW
UnregisterClassW
GetWindowRect
GetMenuItemInfoW
DestroyCursor
LoadBitmapW
CallWindowProcW
LoadIconW
CreateIcon
GetKeyboardLayout
GetPropW
IsClipboardFormatAvailable
DrawFrameControl
GetUpdateRect
EnableMenuItem
GetDC
CharUpperBuffW
ReleaseCapture
UnhookWindowsHookEx
SetScrollRange
LoadStringW
SendMessageW
GetClassInfoExW
RemoveMenu
PtInRect
GetSysColorBrush
IsDialogMessageA
SetClassLongW
SetPropW
SetTimer
GetForegroundWindow
GetCursor
DefFrameProcW
GetComboBoxInfo
CallNextHookEx
InsertMenuItemW
EnumClipboardFormats
DestroyWindow
RegisterClassW
EndPaint
WaitMessage
MapWindowPoints
GetMenuStringW
SetWindowLongW
ShowCaret
SetCursor
GetWindowTextW
GetDlgCtrlID
GetKeyboardLayoutNameW
TranslateMessage
CreatePopupMenu
FrameRect
GetMonitorInfoW
GetMenuItemCount
GetWindowThreadProcessId
TranslateMDISysAccel
OffsetRect
GetCursorPos
OpenClipboard
CreateIconIndirect
GetSubMenu
AdjustWindowRectEx
IsIconic
DrawTextExW
PeekMessageA
IsDialogMessageW
DefWindowProcW
DestroyMenu
EnableScrollBar
InsertMenuW
MsgWaitForMultipleObjectsEx
IsChild
CloseClipboard
InvalidateRect
PostQuitMessage
GetMessageExtraInfo
GetActiveWindow
ClientToScreen
CharLowerBuffW
MessageBoxW
GetKeyNameTextW
DefMDIChildProcW
GetKeyboardState
MessageBeep
DrawIcon
ShowWindow
SetCursorPos
SetMenuItemInfoW
EndMenu
GetFocus
RegisterClipboardFormatW
InflateRect
DrawFocusRect
GetClientRect
ValidateRect
FillRect
SystemParametersInfoW
LoadCursorW
EnumChildWindows
DrawTextW
GetWindow
GetMenuState
GetClassNameW
FindWindowW
CheckMenuItem
DrawMenuBar
PostMessageW
IsWindow
GetWindowDC
GetLastActivePopup
SetActiveWindow
HideCaret
IsZoomed
GetScrollInfo
TrackPopupMenu
SetMenu
CopyImage
SendMessageA
GetScrollPos
GetCapture
GetSystemMetrics
MapVirtualKeyW
GetTopWindow
LoadKeyboardLayoutW
UpdateWindow
SetClipboardData
GetIconInfo
SetWindowPlacement
DispatchMessageW
EnableWindow
GetClassLongW
KillTimer
ShowScrollBar
SetRect
WindowFromPoint
CreateMenu
ReleaseDC
GetParent
IsWindowEnabled
GetClipboardData
DrawEdge
SetWindowRgn
DispatchMessageA
CharUpperW
GetKeyState
SetWindowTextW
GetMenu
SetWindowsHookExW
GetDCEx
GetSystemMenu
GetWindowPlacement
GetSysColor
GetKeyboardLayoutList
GetScrollRange
EmptyClipboard
RemovePropW
IsWindowVisible
ScrollWindow
BeginPaint
SetScrollPos
EnumThreadWindows
EnumWindows
GetMessagePos
SetCapture
CharLowerW
DeleteMenu
RedrawWindow
SetFocus
GetMenuItemRect
IsWindowUnicode
ActivateKeyboardLayout
SwitchToThisWindow
GetDlgItem
DrawIconEx
SetWindowPos
MonitorFromPoint
SetParent
FindWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CharNextW
GetClassInfoW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleaut32

GetErrorInfo
SafeArrayCreate
VariantChangeType
SafeArrayPtrOfIndex
SysAllocStringLen
VariantInit
VariantCopy
SysReAllocStringLen
SafeArrayGetUBound
SysFreeString
VariantClear
SafeArrayGetLBound

advapi32

OpenProcessToken
RegCloseKey
GetUserNameW
QueryServiceStatus
RegOpenKeyExW
OpenServiceW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
OpenSCManagerA
RegEnumKeyExW
LookupPrivilegeValueW
RegFlushKey

msvcrt

memset
memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetStatusCallback
WinHttpOpen
WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSetOption

kernel32

GetCurrentProcessId
CreateMutexW
GetThreadLocale
InitializeCriticalSection
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetFileSizeEx
CreateProcessW
GlobalHandle
FreeLibrary
ReadFile
DeleteCriticalSection
GetTimeZoneInformation
TlsSetValue
GetVersion
GetStdHandle
UnhandledExceptionFilter
Sleep
RaiseException
IsValidLocale
GetProcessHeap
GetModuleHandleW
VirtualAlloc
GetCurrentThreadId
SetEndOfFile
WriteFile
WaitForMultipleObjectsEx
EnumCalendarInfoW
LockResource
TerminateThread
LeaveCriticalSection
GetSystemDefaultUILanguage
VirtualQuery
VirtualQueryEx
CreateFileW
GlobalAddAtomW
GetCommandLineW
GetExitCodeThread
GetDiskFreeSpaceW
LoadResource
LoadLibraryExW
ResumeThread
QueryPerformanceCounter
IsDebuggerPresent
SetEvent
LCMapStringW
SizeofResource
SetErrorMode
FindNextFileW
GetStartupInfoW
HeapCreate
SwitchToThread
CreateEventW
GetTickCount
GetDriveTypeW
GetCPInfoExW
MultiByteToWideChar
VerSetConditionMask
FormatMessageW
lstrlenW
WaitForSingleObject
MoveFileW
K32EnumProcessModulesEx
VerifyVersionInfoW
MulDiv
GetThreadPriority
CompareStringW
SuspendThread
FindClose
GetLastError
GlobalUnlock
GlobalSize
GetCPInfo
CreateThread
WideCharToMultiByte
GlobalFindAtomW
SetLastError
LocalFree
ExitProcess
GetUserDefaultUILanguage
VirtualFree
QueryPerformanceFrequency
GetFileAttributesW
GetDateFormatW
EnumResourceNamesW
HeapAlloc
FindFirstFileW
FreeResource
GlobalAlloc
GlobalDeleteAtom
GetFullPathNameW
SetFilePointer
HeapFree
GetProcAddress
FindResourceW
GetLocalTime
CloseHandle
ExitThread
RtlUnwind
ResetEvent
GetLocaleInfoW
CreateDirectoryW
SetThreadPriority
HeapDestroy
GetVersionExW
GlobalFree
DeviceIoControl
FileTimeToSystemTime
GetCurrentProcess
GetCurrentThread
GlobalLock
TlsGetValue
EnterCriticalSection
GetModuleFileNameW
GetACP
LocalAlloc
SetThreadLocale

ole32

CoCreateInstance
OleUninitialize
IsEqualGUID
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoUninitialize
OleInitialize

gdi32

CreateRectRgn
ExtCreateRegion
SetBrushOrgEx
ExtTextOutW
RestoreDC
CreateDIBitmap
GetEnhMetaFileBits
GetStretchBltMode
ExcludeClipRect
Pie
CreatePenIndirect
SetDIBits
CreateHalftonePalette
SetViewportOrgEx
StretchBlt
FrameRgn
PolyBezierTo
SelectObject
SetDCPenColor
GetNearestPaletteIndex
SetROP2
GetWindowOrgEx
CreateRoundRectRgn
GetStockObject
SetWinMetaFileBits
GetDIBColorTable
RealizePalette
GetWinMetaFileBits
GetPixel
UnrealizeObject
LineTo
CreateBitmap
SetBkColor
CombineRgn
SetTextColor
GetCurrentObject
SetBkMode
GetTextMetricsW
GetEnhMetaFileHeader
CreatePalette
GetTextExtentPointW
SetGraphicsMode
Arc
ExtFloodFill
CreateCompatibleDC
RectVisible
GetEnhMetaFilePaletteEntries
SetRectRgn
IntersectClipRect
PolyBezier
RoundRect
Chord
Polygon
GetTextColor
GdiFlush
SetDIBColorTable
CreateFontIndirectW
GetPaletteEntries
MoveToEx
CreateSolidBrush
CreateBrushIndirect
GetBitmapBits
GetViewportOrgEx
GetObjectW
Rectangle
PlayEnhMetaFile
DeleteObject
GetRgnBox
CreateDIBSection
Ellipse
SaveDC
DeleteDC
GetBrushOrgEx
AngleArc
SetWorldTransform
PatBlt
GetTextExtentPoint32W
DeleteEnhMetaFile
Polyline
CopyEnhMetaFileW
GetSystemPaletteEntries
SetWindowOrgEx
GetEnhMetaFileDescriptionW
EnumFontFamiliesExW
GetClipBox
SetStretchBltMode
MaskBlt
ArcTo
BitBlt
SelectPalette
GetDIBits
GetBkMode
CreateCompatibleBitmap
GetDeviceCaps
SetEnhMetaFileBits
GetCurrentPositionEx
SetPixel

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 105KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24b9e1116ff51e005b4ab97606e9d641

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6cCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9c:8a:0f:ca:10:02:bc:5d:39:8e:f5:03:8e:59:8d:a4:10:54:ac:08:89:88:6a:5d:9c:07:80:ca:25:eb:36:7bSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

comctl32

shell32

user32

version

oleaut32

advapi32

msvcrt

winhttp

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 499KB - Virtual size: 499KB

.bss Size: - Virtual size: 105KB

.idata Size: 13KB - Virtual size: 13KB

.didata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 108B

.tls Size: - Virtual size: 88B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 239KB - Virtual size: 238KB

.rsrc Size: 435KB - Virtual size: 435KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

49:ce:c0:5a:d0:28:f4:e8:a4:d7:73:9f:2d:fa:4c:6c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9c:8a:0f:ca:10:02:bc:5d:39:8e:f5:03:8e:59:8d:a4:10:54:ac:08:89:88:6a:5d:9c:07:80:ca:25:eb:36:7b
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 499KB - Virtual size: 499KB

.bss
Size: - Virtual size: 105KB

.idata
Size: 13KB - Virtual size: 13KB

.didata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 108B

.tls
Size: - Virtual size: 88B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 239KB - Virtual size: 238KB

.rsrc
Size: 435KB - Virtual size: 435KB