4db09621a1c607839a89a44f47e19814[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4db09621a1c607839a89a44f47e19814.bin
Size

10.0MB
MD5

4db09621a1c607839a89a44f47e19814
SHA1

8298f9f6e4b37a4e3e668ae01ef0e0646f4df044
SHA256

e191b1155fa1c731fad7c1c3c46d0c06e70f8b63947435ba9f2aa752cae56102
SHA512

c9bdc550cf9baae192f709bdecc7cb4b24e29c1a9ea127eee5bc41ce8f96624b89554d91821f2dab590286ceecf09d07b2d18420c99d831338585e00e5dd7cfc
SSDEEP

98304:h279y8bgup7cI0GhHx7TfotSH0M0g4DeXIcRTKLXv48RrIF3wcVbowZO7fJtiWE:Bup7c/0R7TgtSRIcAXfM3wcVboweXiZ

Score

1^/10

Malware Config

Signatures

Files

4db09621a1c607839a89a44f47e19814.bin
.exe windows:5 windows x86 arch:x86

6d148331316119f408180264db1821b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:f5:74:30:25:e2:c2:20:2a:6b:bd:0a:f8:e5:70:fc
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

30/09/2011, 00:00

Not After

04/12/2013, 23:59

Subject

CN=Blizzard Entertainment\, Inc.,OU=TECHNICAL SUPPORT,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:4f:98:56:86:98:31:18:03:ad:0c:af:be:fd:0a:7d:cc:10:d1:4d
Signer

Actual PE Digest

47:4f:98:56:86:98:31:18:03:ad:0c:af:be:fd:0a:7d:cc:10:d1:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointer
OpenFile
OpenFileMappingA
OpenEventA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
HeapSize
HeapAlloc
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteConsoleW
VirtualFree
HeapCreate
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
ExitThread
GetFullPathNameW
WaitForMultipleObjectsEx
WriteFileEx
ReadFileEx
CancelIo
GetQueuedCompletionStatus
CreateIoCompletionPort
GlobalAlloc
GlobalFree
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA
MulDiv
CompareStringW
SetEnvironmentVariableA
HeapFree
GetDiskFreeSpaceA
GlobalLock
GlobalUnlock
VirtualProtect
FlushInstructionCache
LocalFree
GetPriorityClass
SetPriorityClass
GetProcessAffinityMask
GetUserDefaultLangID
GetWindowsDirectoryA
GetCommandLineW
GetVersionExA
SetFileTime
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
GetShortPathNameW
GetDiskFreeSpaceExW
FindNextFileW
WaitForSingleObjectEx
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetTempPathA
DeleteFileA
DeleteFileW
GetVolumeInformationW
MoveFileW
SetCurrentDirectoryW
GetCompressedFileSizeW
GetFileAttributesExW
GetDiskFreeSpaceW
Process32Next
Process32First
GetCurrentDirectoryW
FindFirstFileW
QueryPerformanceFrequency
SetThreadAffinityMask
GetComputerNameW
GetModuleHandleA
GetProcAddress
FindResourceExW
LoadResource
LockResource
SizeofResource
SystemTimeToFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
GetTickCount
GetModuleHandleW
GetProcessHeap
InitializeCriticalSection
GetFileAttributesW
CreateDirectoryW
GetExitCodeProcess
GetVersion
FormatMessageA
CreateFileW
GetModuleFileNameW
FormatMessageW
GetLocalTime
FindClose
FindFirstFileA
OutputDebugStringA
ReadFile
GetFileSize
GetThreadPriority
SetThreadPriority
SetProcessAffinityMask
RaiseException
WaitForSingleObject
CreateThread
ResumeThread
DuplicateHandle
CreateProcessW
GetSystemInfo
CreateEventA
ResetEvent
SetEvent
WaitForMultipleObjects
ReleaseSemaphore
CreateMutexA
ReleaseMutex
CreateSemaphoreA
CreateDirectoryA
LoadLibraryW
IsBadReadPtr
GetComputerNameA
VirtualQuery
lstrcpynA
GlobalMemoryStatusEx
Thread32Next
Thread32First
CreateToolhelp32Snapshot
IsBadWritePtr
GetThreadContext
SuspendThread
OpenThread
Module32Next
Module32First
GetSystemDirectoryA
CreateEventW
GetOverlappedResult
GetVersionExW
DeviceIoControl
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
GlobalMemoryStatus
TerminateThread
FileTimeToLocalFileTime

user32

SetClassLongA
CreateIconIndirect
ReleaseDC
GetDC
EnumDisplayDevicesA
EnumDisplaySettingsA
EndPaint
BeginPaint
SetWindowLongA
GetWindowLongA
RegisterClassExA
LoadImageA
CreateWindowExA
AdjustWindowRectEx
EnumDisplayMonitors
ClipCursor
GetWindowRect
ScreenToClient
GetCursorPos
SetWindowPos
ChangeDisplaySettingsExA
ShowCursor
MapWindowPoints
SetCursorPos
MapVirtualKeyA
VkKeyScanA
ClientToScreen
GetAsyncKeyState
CallNextHookEx
SetWindowsHookExA
SystemParametersInfoA
UnhookWindowsHookEx
SendInput
SetCapture
ReleaseCapture
MoveWindow
SendMessageA
GetWindowPlacement
SetFocus
IsZoomed
IsIconic
GetPropA
PostMessageA
GetParent
CloseClipboard
GetClipboardData
OpenClipboard
SetCursor
DefWindowProcA
GetForegroundWindow
MessageBeep
MessageBoxW
GetKeyState
FillRect
IsDialogMessageA
TranslateAcceleratorA
GetKeyboardLayout
SetClipboardData
EmptyClipboard
GetClientRect
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
WaitForInputIdle
wsprintfA
IsWindow
IsWindowVisible
MessageBoxA
LoadStringA
SendMessageW
LoadImageW
GetSystemMetrics
SetWindowLongW
PostQuitMessage
ShowWindow
SetWindowTextW
LoadStringW
GetDlgItem
CreateDialogParamW
GetDesktopWindow
GetMessageW
PeekMessageW
IsDialogMessageW
DestroyIcon
DestroyWindow
DrawTextExW
InvertRect
DrawTextExA
LoadBitmapA
CharLowerBuffA
UnregisterClassA
GetMonitorInfoA
SetTimer
KillTimer
GetActiveWindow

opengl32

glGetFloatv
glGetError
glTexGenfv
glLineWidth
glPointSize
glFrontFace
glDepthFunc
glFogfv
glGetIntegerv
glDisable
glDeleteTextures
glTexImage2D
glBindTexture
glGenTextures
glEnable
glTexParameteri
glReadPixels
wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext
wglGetCurrentContext
glCopyTexSubImage2D
glCopyTexImage2D
glGetString
wglGetCurrentDC
glCullFace
glBlendFunc
glMatrixMode
glPolygonOffset
glDisableClientState
glEnableClientState
glTexEnvfv
glTexEnvf
glTexEnvi
glTexGeni
glColorMask
glDepthMask
glDepthRange
glViewport
glPolygonMode
glClipPlane
glScissor
glTexCoordPointer
glColorPointer
glNormalPointer
glVertexPointer
glLightf
glLightfv
glLightModelfv
glMaterialfv
glColor4fv
glLoadMatrixf
glLoadIdentity
glFogf
glHint
glTexEnviv
glDrawElements
glDrawArrays
glFinish
wglSwapLayerBuffers
glClearColor
glClear
glTexSubImage2D
glMaterialf
glFogi
glPixelStorei
glColorMaterial
glLightModeli
glAlphaFunc

d3d9

D3DPERF_SetOptions

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imm32

ImmNotifyIME
ImmAssociateContextEx
ImmSetConversionStatus
ImmAssociateContext
ImmGetCompositionStringA
ImmGetContext
ImmGetConversionStatus
ImmReleaseContext
ImmGetCandidateListA

wininet

InternetCloseHandle
InternetReadFileExA
HttpQueryInfoA
InternetSetOptionA
InternetConnectA
InternetSetStatusCallbackA
InternetOpenA
HttpSendRequestA
InternetSetCookieW
HttpOpenRequestA
InternetCrackUrlA
InternetSetStatusCallback

ws2_32

getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
select
__WSAFDIsSet
ntohl
WSACancelAsyncRequest
WSAAsyncGetHostByName
sendto
recvfrom
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSASetLastError
WSACleanup
WSAStartup
bind
listen
connect
accept
ioctlsocket
socket
send
getpeername
recv
closesocket
gethostname
setsockopt
getsockname
getsockopt

dinput8

DirectInput8Create

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA

hid

HidD_GetHidGuid
HidD_SetFeature
HidD_GetPreparsedData
HidD_GetAttributes
HidD_GetProductString
HidD_GetSerialNumberString
HidD_FreePreparsedData
HidP_GetCaps

gdi32

TranslateCharsetInfo
ChoosePixelFormat
SetViewportOrgEx
GetPixelFormat
SetDeviceGammaRamp
GetStockObject
SetPixelFormat
GetDeviceGammaRamp
SelectObject
CreateBitmap
DeleteObject
DescribePixelFormat
SelectClipRgn
CreateRectRgn
Rectangle
OffsetViewportOrgEx
CreateFontIndirectA
GetObjectA
SetBkColor
SetTextColor
CreateSolidBrush
CreateDIBSection
SetBkMode
DeleteDC
StretchBlt
BitBlt
CreateCompatibleDC
SetMapMode
GdiFlush

advapi32

GetUserNameA
RegEnumKeyA
RegOpenKeyA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExA
RegCreateKeyExW
RegSetValueExA
RegSetValueExW
RegFlushKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteW
FindExecutableA
ShellExecuteA

winmm

waveOutPrepareHeader
waveInReset
waveInClose
waveInOpen
waveInGetNumDevs
waveOutGetNumDevs
timeGetTime
mciSendCommandA
timeSetEvent
timeKillEvent
waveOutGetDevCapsA
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInStart

msacm32

acmStreamOpen
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize

ole32

CoTaskMemFree
PropVariantClear
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance

Exports

Exports

AssertAndCrash
GetBattlenetAllocator

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 636KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d148331316119f408180264db1821b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7d:f5:74:30:25:e2:c2:20:2a:6b:bd:0a:f8:e5:70:fcCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

47:4f:98:56:86:98:31:18:03:ad:0c:af:be:fd:0a:7d:cc:10:d1:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

opengl32

d3d9

version

imm32

wininet

ws2_32

dinput8

setupapi

hid

gdi32

advapi32

shell32

winmm

msacm32

ole32

Exports

Exports

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 636KB - Virtual size: 3.5MB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 306KB - Virtual size: 305KB

.reloc Size: 487KB - Virtual size: 487KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7d:f5:74:30:25:e2:c2:20:2a:6b:bd:0a:f8:e5:70:fc
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

47:4f:98:56:86:98:31:18:03:ad:0c:af:be:fd:0a:7d:cc:10:d1:4d
Signer

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 636KB - Virtual size: 3.5MB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 306KB - Virtual size: 305KB

.reloc
Size: 487KB - Virtual size: 487KB