4987c1b9f966ae398d70e835842c976054d41584409251f17357b2cffffe8df5

Sharing

Copy URL Twitter E-mail

General

Target

4987c1b9f966ae398d70e835842c976054d41584409251f17357b2cffffe8df5
Size

3.5MB
MD5

0fb2477c673fcb99c9c21ae742a7b727
SHA1

02cad838008fab9e4220e0e971d5239ed316c0f9
SHA256

4987c1b9f966ae398d70e835842c976054d41584409251f17357b2cffffe8df5
SHA512

ceb9bfd974aa47f20b2c5e02b86c020a2ea88f0336c200ded142370f67df29f08d8f88aa7bc61df0586c8a335c69768278fb7b2e0541e538a3605ef01cc696fb
SSDEEP

98304:wCGT6/D9+xfefWzAWu4qz1a9td1fqm043+do5FQDp:BGT4DsxGJPP1EtdYmCeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wow_oolong_exe/Wow_oolong_Launcher.exe

Files

4987c1b9f966ae398d70e835842c976054d41584409251f17357b2cffffe8df5
.zip
wow_oolong_exe/Wow_oolong_Launcher.exe
.exe windows:4 windows x86 arch:x86

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wow_oolong_exe/Wow_oolong_live.exe
.exe windows:4 windows x86 arch:x86

b7fc31b6422013c5f943a1da91692ed3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:71:5b:33:47:bc:57:b2:5c:66:b3:42:02:f4:a1:a0
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

08/01/2010, 00:00

Not After

05/12/2011, 23:59

Subject

CN=Blizzard Entertainment\, Inc.,OU=TECHNICAL SUPPORT,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

55:5e:ec:ca:99:32:b7:08:2d:b3:d6:7a:59:fe:21:8d:de:24:05:16
Signer

Actual PE Digest

55:5e:ec:ca:99:32:b7:08:2d:b3:d6:7a:59:fe:21:8d:de:24:05:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetTimeZoneInformation
GetConsoleOutputCP
DeleteCriticalSection
OpenFile
DeviceIoControl
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
WriteConsoleA
WaitForMultipleObjectsEx
WriteFileEx
ReadFileEx
GetOverlappedResult
CancelIo
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsAlloc
RtlUnwind
SetStdHandle
GetFileType
SetHandleCount
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
ConvertThreadToFiber
CreateFiberEx
DeleteFiber
GetDateFormatA
GetTimeFormatA
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
GetLocaleInfoA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
HeapSize
Sleep
VirtualQuery
UnmapViewOfFile
GetDriveTypeA
ExitThread
GetFullPathNameA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
VirtualProtect
LocalFree
FlushInstructionCache
GetQueuedCompletionStatus
CreateIoCompletionPort
GetCommandLineW
GlobalMemoryStatusEx
GetPriorityClass
SetPriorityClass
IsBadWritePtr
OpenThread
SuspendThread
GetThreadContext
Thread32First
Thread32Next
lstrcpynA
IsBadReadPtr
MulDiv
SwitchToFiber
GetSystemInfo
SetEvent
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GlobalMemoryStatus
ResumeThread
TerminateThread
SetThreadPriority
GetThreadPriority
GetProcessAffinityMask
SignalObjectAndWait
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
SizeofResource
LockResource
LoadResource
FindResourceExA
QueryPerformanceFrequency
Module32First
Module32Next
GetDiskFreeSpaceA
ReadFile
CreateThread
GetFileAttributesExA
GetFileSize
GetFileAttributesA
MoveFileA
DeleteFileA
CreateEventA
OpenEventA
GetComputerNameA
GetTempPathA
CreateToolhelp32Snapshot
SetThreadAffinityMask
WaitForSingleObjectEx
CreateProcessA
DuplicateHandle
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceExA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
SetEndOfFile
SetFileAttributesA
SetFileTime
ResetEvent
WaitForMultipleObjects
SetProcessAffinityMask
GetLocalTime
FormatMessageA
GetExitCodeProcess
GetVersion
OutputDebugStringA
CreateMutexA
ReleaseMutex

opengl32

glGenTextures
glEnable
glTexParameteri
glReadPixels
wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext
glBindTexture
glTexImage2D
glDeleteTextures
glDisable
glGetError
glGetIntegerv
glGetString
glCopyTexSubImage2D
glCopyTexImage2D
wglGetCurrentDC
glCullFace
glBlendFunc
glMatrixMode
glPolygonOffset
wglGetCurrentContext
glColorPointer
glTexCoordPointer
glScissor
glClipPlane
glPolygonMode
glViewport
glDepthRange
glDepthMask
glColorMask
glTexGeni
glNormalPointer
glVertexPointer
glLightf
glLightfv
glLightModelfv
glColor4fv
glMaterialfv
glLoadIdentity
glLoadMatrixf
glFogf
glFogi
glPixelStorei
glColorMaterial
glLightModeli
glTexGenfv
glPointSize
glFrontFace
glDepthFunc
glFogfv
glAlphaFunc
glMaterialf
glTexSubImage2D
glClear
glClearColor
wglSwapLayerBuffers
glFinish
glDrawArrays
glDrawElements
glLineWidth
glTexEnviv
glHint
glTexEnvi
glTexEnvf
glTexEnvfv
glEnableClientState
glDisableClientState
glGetFloatv

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imm32

ImmGetConversionStatus
ImmGetContext
ImmGetCompositionStringA
ImmAssociateContext
ImmSetConversionStatus
ImmAssociateContextEx
ImmNotifyIME
ImmGetCandidateListA
ImmReleaseContext

wininet

InternetReadFileExA
InternetCloseHandle
HttpQueryInfoA
InternetSetOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetSetCookieA
HttpOpenRequestA
InternetCrackUrlA
InternetSetStatusCallback
InternetSetStatusCallbackA

ws2_32

WSACancelAsyncRequest
WSAAsyncGetHostByName
WSACleanup
accept
select
WSAGetLastError
WSAStartup
setsockopt
getsockopt
socket
closesocket
__WSAFDIsSet
connect
listen
bind
htons
htonl
gethostbyname
ntohs
getsockname
recv
getpeername
send
inet_addr
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
sendto
recvfrom
inet_ntoa
ioctlsocket

dinput8

DirectInput8Create

user32

GetParent
CloseClipboard
OpenClipboard
SetCapture
GetForegroundWindow
MessageBeep
GetKeyState
FillRect
IsDialogMessageA
TranslateAcceleratorA
GetKeyboardLayout
EmptyClipboard
SendInput
SystemParametersInfoA
GetAsyncKeyState
ClientToScreen
InvertRect
VkKeyScanA
DrawTextExA
CharLowerBuffA
GetDesktopWindow
GetActiveWindow
PostMessageA
IsIconic
IsZoomed
PostQuitMessage
SetFocus
KillTimer
SetTimer
WaitForInputIdle
MapVirtualKeyA
LoadBitmapA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
IsWindow
IsWindowVisible
MessageBoxA
LoadStringA
SetCursor
GetCursorPos
ScreenToClient
GetClientRect
LoadImageA
LoadCursorA
MapWindowPoints
BeginPaint
EndPaint
AdjustWindowRectEx
GetSystemMetrics
ShowWindow
ChangeDisplaySettingsExA
SetWindowPos
GetWindowRect
ClipCursor
GetWindowPlacement
SendMessageA
MoveWindow
SetClipboardData
ReleaseCapture
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetDC
ReleaseDC
DestroyWindow
UnregisterClassA
EnumDisplaySettingsA
EnumDisplayDevicesA
MonitorFromPoint
GetMonitorInfoA
MsgWaitForMultipleObjects

gdi32

ChoosePixelFormat
CreateBitmap
TranslateCharsetInfo
GetStockObject
SelectObject
DeleteObject
SetBkColor
GetDeviceGammaRamp
CreateSolidBrush
SetBkMode
GetPixelFormat
SetDeviceGammaRamp
DescribePixelFormat
SetTextColor
SetPixelFormat
DeleteDC
StretchBlt
BitBlt
CreateCompatibleDC
OffsetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
CreateRectRgn
Rectangle
CreateFontIndirectA
GetObjectA
SetMapMode
GdiFlush
CreateDIBSection

advapi32

CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegEnumKeyA
CryptGenRandom
CryptAcquireContextA
RegOpenKeyA

shell32

FindExecutableA
ShellExecuteA

divxdecoder

SetOutputFormat
DivxDecode
UnInitializeDivxDecoder
InitializeDivxDecoder

winmm

waveOutPrepareHeader
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutOpen
waveOutClose
waveOutGetDevCapsA
timeKillEvent
timeSetEvent
mciSendCommandA
timeGetTime

msacm32

acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmFormatSuggest
acmStreamOpen

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

hid

HidD_GetSerialNumberString
HidD_GetHidGuid
HidD_SetFeature
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetCaps
HidD_GetProductString
HidD_FreePreparsedData

ole32

PropVariantClear
CoCreateInstance
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoInitialize

Exports

Exports

AssertAndCrash

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 858KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 483KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.code Size: 14KB - Virtual size: 14KB

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 183KB - Virtual size: 182KB

b7fc31b6422013c5f943a1da91692ed3

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7b:71:5b:33:47:bc:57:b2:5c:66:b3:42:02:f4:a1:a0Certificate

Extended Key Usages

55:5e:ec:ca:99:32:b7:08:2d:b3:d6:7a:59:fe:21:8d:de:24:05:16Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

opengl32

version

imm32

wininet

ws2_32

dinput8

user32

gdi32

advapi32

shell32

divxdecoder

winmm

msacm32

setupapi

hid

ole32

Exports

Exports

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.rdata Size: 858KB - Virtual size: 857KB

.data Size: 483KB - Virtual size: 3.1MB

.zdata Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 167KB - Virtual size: 166KB

.code
Size: 14KB - Virtual size: 14KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 183KB - Virtual size: 182KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7b:71:5b:33:47:bc:57:b2:5c:66:b3:42:02:f4:a1:a0
Certificate

55:5e:ec:ca:99:32:b7:08:2d:b3:d6:7a:59:fe:21:8d:de:24:05:16
Signer

.text
Size: 5.9MB - Virtual size: 5.9MB

.rdata
Size: 858KB - Virtual size: 857KB

.data
Size: 483KB - Virtual size: 3.1MB

.zdata
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 167KB - Virtual size: 166KB