brawl-stars[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

brawl-stars.exe
Size

9.4MB
MD5

db5f372474f906570d4e03702134a54f
SHA1

7c6218526b83abafc9eefadde4e66fbc33d95ae3
SHA256

9cf30d268e87560553364a7bfc806b306544df040f91914391314527dc246870
SHA512

4e9f7b3aeb32114757e7d1b415faed10a33cadfd1e03ddcbf9d1810ceebe797898988382c95260edf4b5dde7b62e0cab2696b1c30216d7537c8f62606499868f
SSDEEP

196608:pxLnHBqlUgN7AktVweDO8emQmG5eWWi/zio/if:3J2O84wWrX/

Score

1^/10

Malware Config

Signatures

Files

brawl-stars.exe
.exe windows:5 windows x86 arch:x86

b96da0cda56a9734420edc1d41d86136

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:04:74:3c:1d:80:96:ed:a2:ca:ca:5e:a3:7e:92:7c:ad:9f:50:f8:cc:32:de:d9:65:6f:7c:c3:7e:a3:3f:29
Signer

Actual PE Digest

83:04:74:3c:1d:80:96:ed:a2:ca:ca:5e:a3:7e:92:7c:ad:9f:50:f8:cc:32:de:d9:65:6f:7c:c3:7e:a3:3f:29

Digest Algorithm

sha256

PE Digest Matches

true

c8:50:51:e1:c2:a3:67:f9:97:12:11:71:de:da:e3:c5:00:d7:db:5c
Signer

Actual PE Digest

c8:50:51:e1:c2:a3:67:f9:97:12:11:71:de:da:e3:c5:00:d7:db:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\RO\qqpcmgr_proj\AndroidEmulator\Output\Binfinal\GameDownload\GameDownload.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

ws2_32

setsockopt
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
sendto
WSAJoinLeaf
inet_addr
bind
htons
ioctlsocket
recvfrom
WSAGetLastError
WSAStartup
WSACleanup
htonl
ntohs
ntohl
WSASocketW
closesocket
recv
connect
gethostname
freeaddrinfo
getaddrinfo
WSASetLastError
getsockopt
getsockname
__WSAFDIsSet
accept
gethostbyname
select
listen
getpeername
send
socket

imm32

ImmDisableIME

kernel32

GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetModuleHandleW
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetVersion
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
OpenProcess
TerminateProcess
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
VirtualAlloc
VirtualFree
GetLocaleInfoW
ExpandEnvironmentStringsW
GetLongPathNameW
GetLocalTime
GetCurrentThreadId
CreateDirectoryW
GetUserDefaultUILanguage
WriteProcessMemory
GetCurrentProcessId
SetErrorMode
InitializeCriticalSection
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
VirtualAllocEx
lstrcpynW
GetACP
FormatMessageW
FreeResource
GetTickCount
UnhandledExceptionFilter
DeviceIoControl
GetDriveTypeW
GetDiskFreeSpaceExW
GetLogicalDrives
OutputDebugStringW
GetWindowsDirectoryW
CreatePipe
SetHandleInformation
PeekNamedPipe
LoadLibraryExW
RaiseException
DecodePointer
SetLastError
lstrcmpiW
ResetEvent
SystemTimeToFileTime
GetTempFileNameW
lstrlenW
GetComputerNameW
WaitForSingleObjectEx
SetCurrentDirectoryW
GlobalMemoryStatusEx
GetFileAttributesExW
IsDBCSLeadByte
TlsSetValue
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
CreateIoCompletionPort
IsDebuggerPresent
GetSystemDefaultLangID
GetSystemInfo
SwitchToThread
LoadLibraryA
IsBadReadPtr
IsBadWritePtr
GetVersionExA
SetEndOfFile
MapViewOfFile
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetStdHandle
GetCPInfo
GetVersionExW
UnmapViewOfFile
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
WriteConsoleW
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExpandEnvironmentStringsA
GetFileType
FormatMessageA
SleepEx
GlobalLock
GlobalAlloc
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFullPathNameW
SetEvent
CreateEventW
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
InterlockedExchange
InterlockedCompareExchange
CreateProcessW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateFileW
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
CreateFileA
SetStdHandle
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCurrentDirectoryW

user32

GetDlgCtrlID
SetCapture
SetTimer
IsWindowVisible
FlashWindow
MessageBoxW
ReleaseCapture
LoadIconW
SetCursor
PtInRect
EqualRect
DrawFrameControl
DrawTextW
EndPaint
BeginPaint
GetSystemMenu
SendMessageTimeoutW
PostThreadMessageW
DrawIconEx
CallWindowProcW
GetActiveWindow
MsgWaitForMultipleObjects
OffsetRect
InflateRect
SetRect
CopyRect
DispatchMessageW
WaitMessage
GetMessageW
PeekMessageW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetDesktopWindow
CharNextW
UnregisterClassW
LoadStringW
GetMonitorInfoW
MonitorFromWindow
SetWindowRgn
GetDlgItem
GetParent
GetWindow
SetActiveWindow
EnableWindow
IsWindowEnabled
ShowWindow
TrackPopupMenu
SetWindowTextW
PostMessageW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
GetFocus
PostQuitMessage
KillTimer
GetQueueStatus
GetKeyState
MsgWaitForMultipleObjectsEx
InvalidateRect
ReleaseDC
GetWindowDC
GetDC
MapWindowPoints
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
SendMessageW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
LoadImageW
CopyImage
TranslateMessage
IsWindow

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
CreateSolidBrush
DeleteObject
GetTextMetricsW
SelectObject
CreateFontIndirectW
SaveDC
RectInRegion
GetCurrentObject
GetStockObject
GetObjectW
CreateDIBSection
SetBkColor
ExtTextOutW
StretchBlt
CreateRectRgn
CombineRgn
CreateBitmap
SetTextColor
CreatePen
CreateRectRgnIndirect
Rectangle
OffsetRgn
SetRectRgn
MoveToEx
LineTo
GetTextExtentPoint32W
SetBkMode
TextOutW
RoundRect
SelectClipRgn
GetClipRgn
CreateCompatibleBitmap
RestoreDC

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueExW
RegOpenKeyExA
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
QueryServiceStatusEx
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathA
ShellExecuteExW

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateGuid
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen
SysAllocString
OleLoadPicture
SysFreeString

shlwapi

PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
StrToIntA
PathAddBackslashW
PathAppendW
StrStrIA
StrStrIW
wnsprintfW

imagehlp

UnMapAndLoad
MapAndLoad

winmm

timeKillEvent
timeSetEvent

wininet

InternetCreateUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
DeleteUrlCacheEntryW

comctl32

_TrackMouseEvent

gdiplus

GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipAlloc
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipDrawImageI
GdipLoadImageFromStream

urlmon

URLDownloadToFileW

iphlpapi

GetIpForwardTable

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

wldap32

ord27
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord26
ord143
ord46
ord211
ord60
ord50
ord41
ord22

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b96da0cda56a9734420edc1d41d86136

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

83:04:74:3c:1d:80:96:ed:a2:ca:ca:5e:a3:7e:92:7c:ad:9f:50:f8:cc:32:de:d9:65:6f:7c:c3:7e:a3:3f:29Signer

c8:50:51:e1:c2:a3:67:f9:97:12:11:71:de:da:e3:c5:00:d7:db:5cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

ws2_32

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

imagehlp

winmm

wininet

comctl32

gdiplus

urlmon

iphlpapi

netapi32

wldap32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 373KB - Virtual size: 372KB

.data Size: 17KB - Virtual size: 24KB

.gfids Size: 1024B - Virtual size: 1004B

.tls Size: 512B - Virtual size: 9B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 74KB - Virtual size: 74KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

83:04:74:3c:1d:80:96:ed:a2:ca:ca:5e:a3:7e:92:7c:ad:9f:50:f8:cc:32:de:d9:65:6f:7c:c3:7e:a3:3f:29
Signer

c8:50:51:e1:c2:a3:67:f9:97:12:11:71:de:da:e3:c5:00:d7:db:5c
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 373KB - Virtual size: 372KB

.data
Size: 17KB - Virtual size: 24KB

.gfids
Size: 1024B - Virtual size: 1004B

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 74KB - Virtual size: 74KB