2ff1de08b3b18a31d3a463402cf39ad3

Sharing

Copy URL Twitter E-mail

General

Target

2ff1de08b3b18a31d3a463402cf39ad3
Size

747KB
MD5

2ff1de08b3b18a31d3a463402cf39ad3
SHA1

ff397c6ab6b617b4a706be954d83415e89c5a408
SHA256

34c0db1ef4ccb847e5a7dfeba75fc1165d22a3ba56d179f6284cca278b26c7dc
SHA512

abb22ce0aae2f88b8735a8a95d99657be1f2aeed4d1090b7d1ecc5cfc069c8ad7a058e710bb3b16732faf7deb865a8cbf4ee01a717fbaf1b56cc75f18e8ab971
SSDEEP

12288:7WWv9dDWT4QRRFG1beh2WYZm1wjLqJWO6wocpTKdLw/RA/Q/9/PF8:td6T4QRRFsbDGwjmAkdKFgC/i18

Score

1^/10

Malware Config

Signatures

Files

2ff1de08b3b18a31d3a463402cf39ad3
.exe windows:5 windows x86 arch:x86

fdfafcb2f8fe92b7b6d284d754a3da44

Code Sign

6b:23:4c:f0:a4:ea:7b:5c:1f:69:8f:66:4d:39:8e:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2008, 00:00

Not After

07/05/2009, 23:59

Subject

CN=Gamevance LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Gamevance LLC,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA
StrChrA
StrNCatA
wnsprintfA
StrStrIA
StrStrA

rpcrt4

UuidCreate
UuidToStringA

kernel32

GetLocalTime
GetVersionExA
GetTickCount
GetCurrentProcessId
CreateThread
GetTempPathA
MoveFileExA
SetFilePointer
MultiByteToWideChar
GetShortPathNameA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlUnwind
IsDebuggerPresent
lstrcpyA
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetStdHandle
GetModuleHandleW
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
CreateMutexA
GetModuleFileNameA
LocalAlloc
GetLastError
ReadFile
VirtualQuery
Sleep
lstrcmpA
GetFileSize
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateDirectoryA
DeleteFileA
LoadLibraryA
GetProcAddress
lstrcatA
GetWindowsDirectoryA
GetCurrentProcess
FreeLibrary
lstrcpynA
lstrlenA
CloseHandle
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
CreateFileA
RaiseException
UnhandledExceptionFilter
DeleteCriticalSection
VirtualFree
HeapCreate
GetStartupInfoA
GetCommandLineA

user32

IsDlgButtonChecked
CheckRadioButton
EnableWindow
FillRect
GetDC
ReleaseDC
GetDlgItem
SetWindowTextA
EndPaint
LoadBitmapA
GetParent
IsWindowEnabled
BeginPaint
GetWindowTextA
SetWindowLongA
GetWindowTextLengthA
PostMessageA
UpdateWindow
DestroyWindow
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadIconA
GetClientRect
SendMessageA
TranslateMessage
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
MessageBoxA
FindWindowA
RedrawWindow
DrawTextA
ExitWindowsEx
wsprintfA
SetCursor
InvalidateRect

gdi32

CreateDIBitmap
GetStockObject
SetBkColor
CreateSolidBrush
BitBlt
SetTextColor
DeleteDC
CreateFontA
DeleteObject
SelectObject
CreateCompatibleDC
GetTextExtentPointA
GetObjectA
TextOutA
SetBkMode

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
LookupPrivilegeValueA
SetFileSecurityA
GetSecurityDescriptorSacl
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCreateKeyA
RegQueryValueExA
OpenProcessToken
RegCloseKey
RegOpenKeyA

shell32

SHGetFolderPathA
ShellExecuteA

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdfafcb2f8fe92b7b6d284d754a3da44

Code Sign

6b:23:4c:f0:a4:ea:7b:5c:1f:69:8f:66:4d:39:8e:b5Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 634KB - Virtual size: 634KB

.reloc Size: 9KB - Virtual size: 9KB

6b:23:4c:f0:a4:ea:7b:5c:1f:69:8f:66:4d:39:8e:b5
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 634KB - Virtual size: 634KB

.reloc
Size: 9KB - Virtual size: 9KB