BlackOps3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BlackOps3.exe
Size

136.5MB
MD5

5e5dc58853d7b9a61b9480f890f43d1c
SHA1

efea474cb581304771146de56d64342982e88790
SHA256

03fdbd29d60b1236401609baf4cfb4cb2f33dba3595802453fe3caa02e5daa6b
SHA512

6d405a190623f0b0b570eaceebea043860f7f786d6888e8027a78c3bae486a7196b560eb97322f7090027382722746c793d69af8f81c131f0309adc88689cd6e
SSDEEP

3145728:wU25YOrXwsS8hl6oUe/+UkDJWBBuWYcSOYw:wZ1o8vzLPEQumSi

Score

1^/10

Malware Config

Signatures

Files

BlackOps3.exe
.exe windows:6 windows x64

132fca8c5836e999af930f10f5b969e1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:58:90:8c:b2:0a:61:71:57:7b:81:6b:46:f4:42:d2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2018, 00:00

Not After

27/01/2020, 12:00

Subject

CN=Activision Publishing Inc,OU=Activision Publishing Inc,O=Activision Publishing Inc,L=SANTA MONICA,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:b2:68:84:1a:eb:61:69:01:89:22:3b:41:be:b1:23:c3:c9:12:0f:62:54:de:ba:37:90:e7:f6:f0:77:06:f3
Signer

Actual PE Digest

55:b2:68:84:1a:eb:61:69:01:89:22:3b:41:be:b1:23:c3:c9:12:0f:62:54:de:ba:37:90:e7:f6:f0:77:06:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfplat

MFCreateMediaType
MFCreateSample
MFCreateAlignedMemoryBuffer
MFShutdown
MFStartup

shlwapi

PathRenameExtensionA

kernel32

GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
FindNextFileA
GetFileSize
ReadFileEx
SetFilePointer
SetFilePointerEx
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetProcessAffinityMask
GetLongPathNameA
GetComputerNameA
SleepEx
InitializeCriticalSection
GlobalMemoryStatusEx
RtlCaptureStackBackTrace
SetErrorMode
GetModuleFileNameA
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageA
SetUnhandledExceptionFilter
DeleteCriticalSection
TerminateProcess
LocalAlloc
LocalFree
MulDiv
SetPriorityClass
SetThreadExecutionState
DeleteFileA
GetCurrentDirectoryA
GetComputerNameExA
WriteFile
OutputDebugStringA
FreeLibrary
GetModuleFileNameW
GetVersionExA
LoadLibraryA
GetModuleHandleA
GetSystemTimeAsFileTime
GetLastError
TlsGetValue
GetWindowsDirectoryA
DeviceIoControl
GetTickCount
GetProcAddress
GetModuleHandleW
ExitProcess
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemInfo
ResumeThread
SetEndOfFile
GetFileAttributesExW
WriteConsoleW
EnumSystemLocalesEx
SetThreadPriority
LCMapStringEx
GetUserDefaultLocaleName
CompareStringEx
GetDateFormatEx
GetTimeFormatEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
CreatePipe
GetExitCodeProcess
SetEnvironmentVariableW
SetEnvironmentVariableA
ReadConsoleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapSize
GetProcessHeap
GetOEMCP
IsValidCodePage
GetStartupInfoW
InitOnceExecuteOnce
GetConsoleMode
GetConsoleCP
GetCurrentThreadId
CreateThread
Sleep
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
ReadFile
CreateFileA
VirtualFree
VirtualAlloc
GetCurrentProcessId
CreateSemaphoreA
GetFullPathNameW
GetSystemDirectoryW
CreateProcessA
GetStdHandle
GetCPInfo
GetACP
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
GetFullPathNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExA
GetFileType
CreateProcessW
LoadLibraryExW
SetStdHandle
HeapReAlloc
GetTempPathA
AreFileApisANSI
GetModuleHandleExW
IsProcessorFeaturePresent
RtlPcToFileHeader
HeapAlloc
HeapFree
RtlUnwindEx
RtlLookupFunctionEntry
GetStringTypeW
GetLocaleInfoEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
FindFirstFileExW
GetCurrentDirectoryW
GetDriveTypeW
GetTimeZoneInformation
LoadLibraryW
CreateSemaphoreW
TerminateThread
ReleaseSemaphore
SetHandleInformation
FlushFileBuffers
GetExitCodeThread
GetFileAttributesW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateDirectoryW
VerifyVersionInfoW
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsAlloc
IsValidLocaleName
CreateMutexA
ReleaseMutex
ExpandEnvironmentStringsA
VerifyVersionInfoA
OutputDebugStringW
lstrcmpA
CreateFileW
VerSetConditionMask
SetLastError
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery
VirtualProtect

user32

IsWindow
GetRawInputBuffer
RegisterClassA
SetProcessDPIAware
LoadIconA
DestroyWindow
SetCursor
MapVirtualKeyA
MoveWindow
RegisterWindowMessageA
SetWindowLongPtrA
CloseWindow
CallWindowProcA
PostQuitMessage
LoadImageA
LoadCursorA
ShowWindow
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SendMessageA
MessageBoxA
GetActiveWindow
SetWindowPos
GetSystemMetrics
SetWindowTextA
AdjustWindowRectEx
SetWindowLongA
EnumDisplaySettingsA
EnumDisplayDevicesA
MonitorFromWindow
GetMonitorInfoA
RegisterRawInputDevices
CreateWindowExA
GetClientRect
GetDC
ReleaseDC
GetDesktopWindow
MessageBoxW
PostMessageA
GetWindowTextA
GetWindowLongA
EnumThreadWindows
ChangeDisplaySettingsA
GetWindowRect
SetFocus
GetForegroundWindow
ShowCursor
SetCursorPos
GetCursorPos
GetClipboardData
CloseClipboard
OpenClipboard
RegisterClassExA
DefWindowProcA
ScreenToClient
AdjustWindowRect

gdi32

DeleteDC
SetDeviceGammaRamp
CreateDCA
GetStockObject
CreateFontA
ExtEscape
GetDeviceCaps

advapi32

CryptCreateHash
CryptGetHashParam
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CryptGenRandom
CryptHashData
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash

shell32

ShellExecuteA

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
OleRun

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

dsound

ord11

winmm

mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
mixerOpen
timeEndPeriod
timeGetTime
waveInGetNumDevs
mixerGetNumDevs
mixerGetDevCapsA
timeBeginPeriod

ws2_32

inet_ntop
inet_pton
WSASocketW
inet_ntoa
freeaddrinfo
getaddrinfo
WSAIoctl
getsockopt
getsockname
getpeername
ioctlsocket
htons
inet_addr
recvfrom
sendto
socket
WSAStartup
WSAGetLastError
setsockopt
htonl
__WSAFDIsSet
accept
bind
closesocket
listen
ntohl
recv
select
send
connect
ntohs
gethostbyname
gethostname
WSACleanup
WSASetLastError

wlanapi

WlanEnumInterfaces
WlanFreeMemory
WlanOpenHandle
WlanCloseHandle

iphlpapi

GetAdaptersInfo

steam_api64

SteamAPI_RegisterCallback
SteamAPI_RegisterCallResult
SteamGameServer_Shutdown
SteamGameServer_RunCallbacks
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamInternal_GameServer_Init
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamInternal_CreateInterface
SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_Init
SteamAPI_RestartAppIfNecessary

windowscodecs

WICConvertBitmapSource

xinput9_1_0

XInputSetState
XInputGetState

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

oleaut32

SysAllocString
SysFreeString

hid

HidD_GetProductString
HidD_GetSerialNumberString
HidD_GetManufacturerString
HidD_SetFeature
HidP_GetCaps
HidP_GetButtonCaps
HidP_GetValueCaps
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetFeature

Sections

.text
Size: 47.5MB - Virtual size: 47.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 373.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 79.8MB - Virtual size: 79.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

132fca8c5836e999af930f10f5b969e1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:58:90:8c:b2:0a:61:71:57:7b:81:6b:46:f4:42:d2Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

55:b2:68:84:1a:eb:61:69:01:89:22:3b:41:be:b1:23:c3:c9:12:0f:62:54:de:ba:37:90:e7:f6:f0:77:06:f3Signer

Headers

DLL Characteristics

File Characteristics

Imports

mfplat

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

dxgi

d3d11

dsound

winmm

ws2_32

wlanapi

iphlpapi

steam_api64

windowscodecs

xinput9_1_0

wtsapi32

setupapi

oleaut32

hid

Sections

.text Size: 47.5MB - Virtual size: 47.5MB

.interpr Size: 38KB - Virtual size: 38KB

.rdata Size: 3.3MB - Virtual size: 3.3MB

.data Size: 3.6MB - Virtual size: 373.8MB

.pdata Size: 805KB - Virtual size: 805KB

.tls Size: 1024B - Virtual size: 1024B

_RDATA Size: 13KB - Virtual size: 13KB

.rsrc Size: 371KB - Virtual size: 371KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.idata Size: 13KB - Virtual size: 13KB

.text Size: 79.8MB - Virtual size: 79.8MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:58:90:8c:b2:0a:61:71:57:7b:81:6b:46:f4:42:d2
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

55:b2:68:84:1a:eb:61:69:01:89:22:3b:41:be:b1:23:c3:c9:12:0f:62:54:de:ba:37:90:e7:f6:f0:77:06:f3
Signer

.text
Size: 47.5MB - Virtual size: 47.5MB

.interpr
Size: 38KB - Virtual size: 38KB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 3.6MB - Virtual size: 373.8MB

.pdata
Size: 805KB - Virtual size: 805KB

.tls
Size: 1024B - Virtual size: 1024B

_RDATA
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 371KB - Virtual size: 371KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 13KB - Virtual size: 13KB

.text
Size: 79.8MB - Virtual size: 79.8MB