fallout3fix[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

fallout3fix.rar
Size

7.0MB
MD5

6d7fae5a4683bad25dfcc4bc877ca140
SHA1

c1434ac5f11aa5b734679e6f91ec2868d1585724
SHA256

ede56062466a91fb52b07c447c482a923c0fe5e7b45ff20cd1e4b976a156a332
SHA512

831d08833d1db60b2193250a61acbe8672e46d77709beea505f1076ae0276f7fe5fb3445b7d3cc599aa2e65ae6e3a3eb531e965d5490e201abcdad4e289c2893
SSDEEP

196608:r4R9ogkAfGW6BUxoi/z9cRNuPpf4H+4sCxwKFRK8060UI:rOEB9i/zJgH+4lBFRK80EI

Score

1^/10

Malware Config

Signatures

Files

fallout3fix.rar
.rar
xlive.dll
.dll windows:6 windows x86 arch:x86

8854afe448dbdf00f770abdafb6802ad

Code Sign

61:1d:43:d3:00:00:00:00:00:21
Certificate

Issuer

CN=Microsoft LIVE PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/06/2011, 19:36

Not After

24/09/2012, 19:36

Subject

CN=Microsoft LIVE Gaming for Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:13:36:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:0f:ec:c8:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

23/10/2006, 23:54

Not After

24/10/2018, 00:04

Subject

CN=Microsoft LIVE PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:98:9e:81:48:4f:7d:98:62:52:ce:7f:5d:7a:76:ae:c9:07:e1:04
Signer

Actual PE Digest

ab:98:9e:81:48:4f:7d:98:62:52:ce:7f:5d:7a:76:ae:c9:07:e1:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr90

__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
tolower
_strnicmp
strstr
sprintf_s
_vsnprintf_s
_vsnwprintf_s
rand_s
strncpy
swprintf_s
rand
_itow_s
wcsrchr
_wcsnicmp
_vsnwprintf
strncmp
wcschr
strcpy_s
toupper
towupper
_wcsicmp
_CIsqrt
bsearch
_purecall
wcsnlen
wcsncpy_s
wcsncmp
wcsstr
realloc
free
memmove
floor
wcscpy_s
memcpy
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
wcsncpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_wcslwr_s
modf
_snwprintf_s
_msize
_isnan
_finite
strcat_s
vsprintf_s
_CIexp
_setjmp3
longjmp
towlower
isdigit
iswdigit
_wtol
_vswprintf_c_l
swscanf_s
_errno
strtod
_strtoui64
sscanf_s
strnlen
strtoul
srand
_time64
strchr
vswprintf_s
_vscwprintf
isalnum
wcsncat_s
_wcsupr_s
wcstol
wcscat_s
iswspace
qsort
_CIcos
_CIpow
_CIsin
strtol
_snprintf
_strlwr_s
malloc
_snwscanf_s
atoi
strncpy_s
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_invoke_watson
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
atol
_crt_debugger_hook
wcstod
_stricmp
memcpy_s
memset
_scprintf
_wtoi
_vsnprintf
wcstoul
ceil
isprint
_snprintf_s

kernel32

SetFileTime
VerifyVersionInfoW
GetLocaleInfoW
GetStringTypeW
GlobalUnlock
GlobalLock
FindResourceA
CancelIo
CopyFileW
MulDiv
GetThreadPriority
lstrcmpiA
lstrlenA
PeekNamedPipe
CreateProcessA
GetExitCodeProcess
OpenMutexA
SetLastError
GetLastError
Sleep
GlobalFree
GlobalAlloc
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
QueryPerformanceFrequency
DeleteCriticalSection
WaitForSingleObject
SetEvent
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetCurrentProcessId
QueryPerformanceCounter
SetThreadPriority
CreateThread
CreateEventW
InitializeCriticalSection
InterlockedDecrement
GetTickCount
ResetEvent
WideCharToMultiByte
InterlockedExchange
CreateFileW
FindClose
DeleteFileW
GetTempFileNameW
GetFullPathNameW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
OpenEventW
GetTempPathW
GetFileSize
GetDiskFreeSpaceExW
RemoveDirectoryW
InterlockedCompareExchange
CreateFileA
ReadFile
GetFileSizeEx
GetWindowsDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleA
GetCurrentThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcmpiW
LoadLibraryW
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
SetFilePointer
LocalFree
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceW
TlsFree
LoadLibraryA
GetExitCodeThread
DuplicateHandle
GetVersionExA
TlsAlloc
CreateEventA
GetUserDefaultUILanguage
GetSystemDefaultLCID
LoadLibraryExA
IsDebuggerPresent
InterlockedExchangeAdd
TlsGetValue
PulseEvent
SleepEx
GetModuleFileNameA
CreateProcessW
lstrlenW
WaitForSingleObjectEx
GetCurrentThreadId
QueueUserAPC
OpenThread
MultiByteToWideChar
FileTimeToSystemTime
CompareFileTime
LocalAlloc
LocalSize
FindFirstFileA
FormatMessageW
CreateDirectoryA
ReleaseSemaphore
lstrcmpW
WaitForMultipleObjects
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
CreateSemaphoreA
VerifyVersionInfoA
VerSetConditionMask
GetGeoInfoA
GetUserGeoID
CompareStringA
SetFilePointerEx
GetFileAttributesExW
DeleteFileA
SetEndOfFile
RaiseException
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FindFirstFileExW
GetTimeFormatW
GetDateFormatW
TlsSetValue
SystemTimeToFileTime
GetSystemTime
CreateDirectoryW
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
GetThreadContext
SuspendThread
VirtualProtect
GetSystemInfo
GetVersion
GetTimeZoneInformation
CopyFileA

advapi32

CopySid
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGenRandom
LsaNtStatusToWinError
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameA
GetSecurityInfo
GetExplicitEntriesFromAclA
IsValidSid
EqualSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
UnregisterTraceGuids
RegisterTraceGuidsA
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
OpenThreadToken
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptAcquireContextA
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
CryptReleaseContext

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CoInitializeEx

secur32

GetUserNameExA

shell32

ShellExecuteExW
ord165
SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ShellExecuteA

user32

IsWindow
UnregisterDeviceNotification
GetClipboardData
OpenClipboard
GetSystemMetrics
DefWindowProcW
SendMessageA
GetKeyboardLayout
GetKeyboardLayoutList
PostMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
SetCapture
IsClipboardFormatAvailable
SendInput
GetAsyncKeyState
IsChild
GetForegroundWindow
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
GetKeyState
ReleaseCapture
RegisterWindowMessageA
SetCursor
GetDesktopWindow
GetWindowThreadProcessId
ShowWindow
SetForegroundWindow
GetWindowLongA
CallWindowProcA
GetIconInfo
GetDC
ReleaseDC
GetCursorPos
GetClientRect
RegisterDeviceNotificationA
LoadCursorA

xinput1_3

ord8
ord7

iphlpapi

GetIfEntry
GetNetworkParams
GetAdaptersAddresses
GetAdaptersInfo

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SysAllocString
SysStringLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit
SysFreeString

shlwapi

PathFindNextComponentW
PathIsPrefixW
SHGetValueW
PathIsRelativeW
PathRemoveFileSpecW
PathAddBackslashW
SHSetValueW
PathRemoveBackslashW
UrlGetPartW
PathFileExistsW
StrCmpNIA
PathStripToRootW
StrTrimW
PathStripPathW
SHGetValueA
PathIsDirectoryEmptyW
StrStrW
SHSetValueA
SHRegGetValueW
SHDeleteKeyW

ws2_32

__WSAFDIsSet
select
ntohs
htonl
ntohl
htons
inet_addr
ioctlsocket
shutdown
connect
WSASendTo
WSASend
WSARecv
inet_ntoa
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSALookupServiceBeginA
WSALookupServiceNextA
WSALookupServiceEnd
WSAStartup
getsockname
WSACleanup
socket
WSACreateEvent
sendto
WSAWaitForMultipleEvents
WSACloseEvent
bind
WSAEventSelect
WSASocketA
setsockopt
closesocket
WSAGetOverlappedResult

dsound

ord9
ord3
ord11

crypt32

CryptProtectData
CertVerifyCertificateChainPolicy
CryptUnprotectData

wintrust

CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData
WinVerifyTrustEx
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext

msvcp90

?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8854afe448dbdf00f770abdafb6802ad

Code Sign

61:1d:43:d3:00:00:00:00:00:21Certificate

Extended Key Usages

Key Usages

61:05:13:36:00:00:00:00:00:1aCertificate

Extended Key Usages

61:0f:ec:c8:00:00:00:00:00:1bCertificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

ab:98:9e:81:48:4f:7d:98:62:52:ce:7f:5d:7a:76:ae:c9:07:e1:04Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

advapi32

ole32

secur32

shell32

user32

xinput1_3

iphlpapi

oleaut32

shlwapi

ws2_32

dsound

crypt32

wintrust

msvcp90

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.data Size: 596KB - Virtual size: 596KB

.rsrc Size: 7.8MB - Virtual size: 7.8MB

.reloc Size: 211KB - Virtual size: 211KB

61:1d:43:d3:00:00:00:00:00:21
Certificate

61:05:13:36:00:00:00:00:00:1a
Certificate

61:0f:ec:c8:00:00:00:00:00:1b
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

ab:98:9e:81:48:4f:7d:98:62:52:ce:7f:5d:7a:76:ae:c9:07:e1:04
Signer

.text
Size: 6.2MB - Virtual size: 6.2MB

.data
Size: 596KB - Virtual size: 596KB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 211KB - Virtual size: 211KB