9813941a3ae63c233ecceda3520712ec

Sharing

Copy URL Twitter E-mail

General

Target

9813941a3ae63c233ecceda3520712ec
Size

832KB
MD5

9813941a3ae63c233ecceda3520712ec
SHA1

91dcd5adada1ae349acf50157596321231da3467
SHA256

027833258b76e2dae3bcf47b33dea28ac320db3eb8c9a8cb97cef10fd5f8771b
SHA512

3c8efe613d7c5d2034af48aa3b8459ee7b16cb5472d53d2c3e575f366a1426503ca3aa09d71f84512e95b2a4250aba3824f63d742b62a732fb111ca6390aa2ac
SSDEEP

24576:Sh9zCUM5u+iNW8TlnkKwetvlz28X/i/Hk7j577LY:S/zrMuTlkKtvlz28K/HB

Score

1^/10

Malware Config

Signatures

Files

9813941a3ae63c233ecceda3520712ec
.exe windows:5 windows x86 arch:x86

636f3c76e030532f9fd5fbcf245a46be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:e8:b4:f5:72:3b:b9:27:1c:a1:a9:14:c9:27:d7:08:0e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2014, 08:14

Not After

17/06/2016, 08:14

Subject

CN=Hangzhou Shunwang Technology Co.\,Ltd,OU=Hangzhou Shunwang Technology Co.\,Ltd,O=Hangzhou Shunwang Technology Co.\,Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\slave\workspace\GameLaunch-trunk-deploy\bin\pdb\GameLaunch.pdb

Imports

kernel32

LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
SetErrorMode
GlobalFlags
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetCurrentThreadId
GlobalAddAtomW
GetProcessHeap
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
InterlockedIncrement
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GlobalFree
FormatMessageW
LocalFree
MulDiv
SetLastError
CreateThread
lstrlenA
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
FlushFileBuffers
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
InterlockedDecrement
CreateEventW
GetSystemDirectoryW
SetFilePointerEx
lstrlenW
SetEvent
Sleep
OutputDebugStringW
CreateFileMappingW
GetModuleHandleW
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
CreateMutexW
GetCurrentProcess
OpenProcess
LoadLibraryW
GetProcAddress
CreateRemoteThread
WaitForSingleObject
WideCharToMultiByte
GetFileSize
ReadFile
GetModuleFileNameW
GetTempPathW
GetTickCount
GetTempFileNameW
VirtualAlloc
MoveFileExW
CreateFileW
WriteFile
VirtualFree
RemoveDirectoryW
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
CreateDirectoryW
GetFileAttributesW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
GetLastError
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource
GetFileType
SizeofResource

user32

DestroyMenu
UnregisterClassW
RegisterClipboardFormatW
GetSysColorBrush
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
MessageBeep
GetNextDlgGroupItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
RegisterWindowMessageW
GetParent
SendMessageW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
UnhookWindowsHookEx
ReleaseCapture
SetFocus
GetDesktopWindow
GetFocus
PostThreadMessageW
GetClassNameW
EnableWindow
LoadCursorW
LoadIconW
GetWindowThreadProcessId
CharNextW
GetShellWindow
PtInRect
GetCursorPos
SetCursor
PostMessageW
MessageBoxW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
SetWindowPos
SystemParametersInfoW
AdjustWindowRect
GetDC
LoadBitmapW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
CharUpperW
CopyRect
IsRectEmpty
SetRect
CopyAcceleratorTableW
OffsetRect
SetCapture
InvalidateRgn
InvalidateRect
ReleaseDC
IsWindowEnabled
IsWindowVisible
EqualRect
IntersectRect
IsWindow

gdi32

ExtSelectClipRgn
GetStockObject
GetTextColor
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetRgnBox
CreateRectRgnIndirect
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DeleteObject
DeleteDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
AdjustTokenPrivileges
RegOpenKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW

shell32

ShellExecuteW

shlwapi

PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SafeArrayDestroy
SysAllocString
SysAllocStringLen
VariantChangeType
VariantInit
VariantCopy
OleCreateFontIndirect
LoadTypeLi
GetErrorInfo

gdiplus

GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipCreateFromHDC
GdipReleaseDC
GdipSetSmoothingMode
GdipDrawImageRectI
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics

ws2_32

ntohl

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryDataAvailable

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

636f3c76e030532f9fd5fbcf245a46be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:e8:b4:f5:72:3b:b9:27:1c:a1:a9:14:c9:27:d7:08:0eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

gdiplus

ws2_32

wininet

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 502KB - Virtual size: 502KB

.data Size: 13KB - Virtual size: 32KB

.rsrc Size: 27KB - Virtual size: 27KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:e8:b4:f5:72:3b:b9:27:1c:a1:a9:14:c9:27:d7:08:0e
Certificate

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 502KB - Virtual size: 502KB

.data
Size: 13KB - Virtual size: 32KB

.rsrc
Size: 27KB - Virtual size: 27KB