c4dc9648dc4f4eb767e8e47fc45da712

Sharing

Copy URL Twitter E-mail

General

Target

c4dc9648dc4f4eb767e8e47fc45da712
Size

903KB
MD5

c4dc9648dc4f4eb767e8e47fc45da712
SHA1

f06c8673ea2d8150267e51801898f7662712e1dd
SHA256

112283439917a068682d6fc75fbfb330f944bdec7f17bf6dcf0b92239c39e2a8
SHA512

c14d3d8d1f13505ac60d27337ef11e74311d1d0c34d98732d465ba5334cbc2d8c7f62b9d4de075181fa6449e8a39db088f938c077ef1c816a1ca038f2015ed32
SSDEEP

24576:LlYshevqrptkrEF/uxKPBAHz9msczksoMjF1wjvQUDMB:LlfwrEGK4mr3jWj4B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/!Bonus Games/games-manager.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/!Bonus Games/games-manager.exe
unpack001/BGroom_Setup.exe

Files

c4dc9648dc4f4eb767e8e47fc45da712
.zip
!Bonus Games/games-manager.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 620KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 446KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BGroom_Setup.exe
.exe windows:4 windows x86 arch:x86

8cd83b42d6a83ee9d5e7fa5f7dccbd6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BG\app\release\debug\setup.pdb

Imports

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetOpenA

netapi32

Netbios

kernel32

FreeLibrary
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
InterlockedDecrement
SetThreadPriority
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GetCurrentThread
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
lstrcatA
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
lstrcmpW
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
SetLastError
GlobalFree
SizeofResource
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
ResetEvent
SetEvent
CreateEventA
SuspendThread
ResumeThread
CreateProcessA
WaitForSingleObject
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
GetCurrentProcessId
Sleep
Process32Next
GetComputerNameA
GetSystemTimeAsFileTime
GetLocalTime
FormatMessageA
LocalFree
GetCurrentDirectoryA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
CopyFileA
SetCurrentDirectoryA
GetCurrentProcess
SetPriorityClass
CreateFileA
CloseHandle
DeviceIoControl
FindResourceA
LoadResource
LockResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapAlloc

user32

CharNextA
IsRectEmpty
CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsWindow
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
IsWindowVisible
GetMenu
GetSysColor
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
wsprintfA
GetMenuState
GetMenuItemID
DestroyMenu
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMenuItemCount
GetSubMenu
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
GetLastActivePopup
ValidateRect
LoadIconA
EnumWindows
GetWindowThreadProcessId
LoadImageA
PostQuitMessage
SetForegroundWindow
PostThreadMessageA
MessageBoxA
UnregisterClassA
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetSystemMetrics
SetRect
EnableWindow
UpdateWindow
GetClientRect
GetWindowRect
IsIconic
PostMessageA
SendMessageA
DrawIcon
CharUpperA
AdjustWindowRectEx

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
SetViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegDeleteValueA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
SHGetPathFromIDListA

comctl32

ord17

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleInitialize

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
SysFreeString

ws2_32

WSACleanup

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CD Cover/cdcover.jpg
.jpg
FILE_ID.DIZ
Install_Backgammon.exe
.exe windows:4 windows x86 arch:x86

c83b680d9fabb52f4c2d69ebcbdea603

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:45:0c:28:52:09:85:3b:c8:05:36:ee:f6:9f:17:ce
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/10/2006, 00:00

Not After

23/11/2009, 23:59

Subject

CN=InterLogic Ltd.,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2+OU=Skill Games,O=InterLogic Ltd.,L=Carmel,ST=North,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:d7:72:b6:12:ef:83:6c:85:65:3a:9c:ca:bf:6b:6b:bc:23:f2:80
Signer

Actual PE Digest

a0:d7:72:b6:12:ef:83:6c:85:65:3a:9c:ca:bf:6b:6b:bc:23:f2:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

LocalFree
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
lstrlenW
MultiByteToWideChar
GetOEMCP
GetCurrentThreadId
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
GetLastError
IsValidLocale
lstrcmpiA
lstrlenA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
CloseHandle
CompareStringA
CompareStringW
WriteFile
DeleteFileA
FreeLibrary
EndUpdateResourceA
UpdateResourceA
SizeofResource
BeginUpdateResourceA
LockResource
LoadResource
FindResourceA
LoadLibraryExA
CreateDirectoryA
CreateFileA
TerminateProcess
OpenProcess
GetStringTypeA
Sleep
GetModuleFileNameA
GetTempPathA
CreateProcessA
SetLastError
GetFileType
GetFileAttributesA
VerifyVersionInfoA
GetProcAddress
GetModuleHandleA
CopyFileA
SetCurrentDirectoryA
SetHandleCount
HeapAlloc
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetEnvironmentStrings
GetExitCodeProcess
WaitForSingleObject
SetFileAttributesA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
GetProcessHeap
HeapFree
GetCurrentProcess
HeapCreate
GetCPInfo
LCMapStringW
InterlockedIncrement
InterlockedDecrement
LCMapStringA
ExitThread
lstrcpynA
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExA
IsDBCSLeadByte
GetTimeZoneInformation
MoveFileExA
GetCurrentProcessId
GetThreadLocale
ReadFile
GetFileSize
CreateThread
LoadLibraryA
MoveFileA
GetSystemTimeAsFileTime
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
GetCommandLineA
RemoveDirectoryA
GetStartupInfoA
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
RtlUnwind
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetACP
InterlockedExchange
GetEnvironmentStringsW

user32

EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
UnregisterClassA
LoadCursorA
wsprintfA
GetClassInfoExA
SetWindowLongA
GetWindowLongA
PostMessageA
SetWindowTextA
MoveWindow
SetWindowPos
GetWindowRect
InvalidateRect
GetDlgItem
MessageBoxA
ShowWindow
ScreenToClient
SendMessageA
GetActiveWindow
CharNextA
DialogBoxParamA
CreateIconFromResource
GetClientRect
GetSystemMetrics
CallWindowProcA
EndDialog
DestroyWindow
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints

shell32

SHFileOperationA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
GetUserNameA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
README.TXT
Screenshots/board.jpg
.jpg
Screenshots/lobby.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 620KB

UPX1 Size: 446KB - Virtual size: 448KB

.rsrc Size: 43KB - Virtual size: 44KB

8cd83b42d6a83ee9d5e7fa5f7dccbd6e

Headers

File Characteristics

PDB Paths

Imports

wininet

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 36KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 3KB

c83b680d9fabb52f4c2d69ebcbdea603

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

60:45:0c:28:52:09:85:3b:c8:05:36:ee:f6:9f:17:ceCertificate

Extended Key Usages

Key Usages

a0:d7:72:b6:12:ef:83:6c:85:65:3a:9c:ca:bf:6b:6b:bc:23:f2:80Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

shell32

advapi32

wininet

ole32

oleaut32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 16KB - Virtual size: 13KB

UPX0
Size: - Virtual size: 620KB

UPX1
Size: 446KB - Virtual size: 448KB

.rsrc
Size: 43KB - Virtual size: 44KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 36KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 3KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

60:45:0c:28:52:09:85:3b:c8:05:36:ee:f6:9f:17:ce
Certificate

a0:d7:72:b6:12:ef:83:6c:85:65:3a:9c:ca:bf:6b:6b:bc:23:f2:80
Signer

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 16KB - Virtual size: 13KB