beta_bloomanddoom_windows_0[.]1[.]1[.]1014_setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

beta_bloomanddoom_windows_0.1.1.1014_setup.exe
Size

39.6MB
MD5

03307d187341ae61934dc7eccc200d8b
SHA1

6b10ab2da3596b965745cd27671346fd554ba4ea
SHA256

f46162938ad4fdb4a87b041747ec3f4a5f13e2c36262c095bd476d1ef62c3fa4
SHA512

44f69743635d0a7cb9ff5c67391a052c590547c1a8814926b8160f69f8ff34aaf72ef5646343e8a3214efa8a8f0ad8a60950ca59ce526fbeb5fc04734342c96d
SSDEEP

786432:2BuVo9m0U4+PBHvkZgcGUfYL569poEbiGdGtzOkqhrP443Woka0/9RAtip9in:suV+m0RUGZPfjNeOkqhrP40fgWG90

Score

1^/10

Malware Config

Signatures

Files

beta_bloomanddoom_windows_0.1.1.1014_setup.exe
.exe windows:4 windows x86 arch:x86

131b6a9f5d922e00c55c5cbe767490dc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

SetEvent
GetWindowsDirectoryA
CreateEventA
GetLastError
GetExitCodeProcess
MultiByteToWideChar
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
InterlockedDecrement
FindFirstFileW
FindClose
FindNextFileW
LoadLibraryExW
ExpandEnvironmentStringsW
CreateDirectoryA
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
OpenThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileAttributesA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
DeleteFileA
FreeLibrary
GetVersionExA
LoadLibraryA
OpenProcess
WaitForSingleObject
LocalFree
ResetEvent
GetDiskFreeSpaceA
Sleep
MulDiv
GetModuleHandleA
CopyFileA
WideCharToMultiByte
GetSystemDirectoryA
QueryPerformanceCounter
LocalFileTimeToFileTime
SetFileTime
CloseHandle
SetFileAttributesA
CreateFileA
DosDateTimeToFileTime
HeapReAlloc
RtlUnwind
RaiseException
GetStartupInfoA
RemoveDirectoryA
GetProcessHeap
GetCommandLineA
ExitProcess
CreateThread
ResumeThread
ExitThread
HeapFree
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetFilePointer
HeapAlloc
LeaveCriticalSection
FindFirstFileA
FindNextFileA
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

user32

GetSysColor
EnableWindow
FillRect
MapWindowPoints
DispatchMessageA
SetTimer
LoadStringW
ShowWindow
EndDialog
DefWindowProcA
GetClientRect
GetSysColorBrush
GetDC
DrawFocusRect
DialogBoxParamW
AdjustWindowRectEx
DialogBoxParamA
TranslateMessage
GetMessageA
SendMessageA
DeferWindowPos
SetWindowTextW
GetWindowTextW
MessageBoxW
EnumChildWindows
BeginDeferWindowPos
DestroyIcon
DrawTextW
GetDesktopWindow
GetSystemMetrics
EndDeferWindowPos
KillTimer
RegisterWindowMessageA
IsDlgButtonChecked
CreateWindowExA
SetWindowPos
GetWindowThreadProcessId
PostThreadMessageA
GetClassNameW
BeginPaint
RegisterClassA
GetClassNameA
ReleaseDC
IsWindow
SetWindowTextA
DrawTextA
EndPaint
UnregisterClassA
LoadImageA
SendMessageW
SendDlgItemMessageA
DrawIconEx
IsWindowUnicode
GetWindowTextA
GetDlgItem
GetWindowLongA

gdi32

CreateFontW
SetTextColor
GetTextExtentPoint32W
DeleteDC
GetObjectA
CreateFontA
GetDeviceCaps
BitBlt
GetStockObject
CreateSolidBrush
CreateCompatibleDC
GetTextMetricsA
SetBkMode
SetBkColor
DeleteObject
SelectObject

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteExA
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteA
SHBrowseForFolderW
SHGetPathFromIDListA
SHChangeNotify
SHBrowseForFolderA

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

131b6a9f5d922e00c55c5cbe767490dc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 32KB - Virtual size: 30KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 32KB - Virtual size: 30KB