nigger2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nigger2.exe
Size

22KB
MD5

b178f9b458909035aebd6abe79da5efa
SHA1

0b79d74218b704ff1bffe7db501b837d42903f45
SHA256

422a65c41497d018e74ba47f3e146730a1c519d80b8bf5d88eaf62635057b0ea
SHA512

7bbf563c149da15788c74fa7ff88483ca9f6275ccaf0b16bd309805113b19c462ee8649c8f7eb574843da2ca83d19ead300136953ec2aa1a4993efb9f1fc5e93
SSDEEP

384:74XBJcCCt/pJbKbC+RKCSgQYNN35ejDZzGYJLWYwbqoro:kRJcLdvkCZkL3A3Zz/LKbTE

Score

1^/10

Malware Config

Signatures

Files

nigger2.exe
.exe windows:5 windows x86 arch:x86

59c627e6b3be3d02c03d12b5123604d3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:48:c6:8e:b1:5b:75:f1:4d:9a:81:8d:5c:f3:be:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/03/2007, 00:00

Not After

22/03/2010, 23:59

Subject

CN=Sony Creative Software Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sony Creative Software Inc,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:88:8d:99:43:23:2c:01:ca:d2:55:fc:34:98:67:9b:ad:44:a3:b6
Signer

Actual PE Digest

03:88:8d:99:43:23:2c:01:ca:d2:55:fc:34:98:67:9b:ad:44:a3:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SrcTree\sonic3\release\forge\10.0\errorreport\Minidump\obj-x86\CreateMinidumpx86.pdb

Imports

dbghelp

MiniDumpWriteDump

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
DeleteFileW
CloseHandle
CreateFileW
GetLastError
OpenProcess
GetCommandLineW
WaitForSingleObject
CreateProcessW
TerminateProcess
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
OpenFileMappingW
Sleep
GetExitCodeProcess
SetFilePointer
ReadFile
GetFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Thread32Next
ResumeThread
SuspendThread
OpenThread
Thread32First
SetEvent
OpenEventW
GetCurrentThreadId
GetTickCount
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcess

user32

MessageBoxW

msvcr90

wcscat_s
??_U@YAPAXI@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
__CxxFrameHandler3
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
memset
malloc
_snwprintf_s
wcsrchr
wcscpy_s
_wtoi
_wcsicmp
_wcsnicmp

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c627e6b3be3d02c03d12b5123604d3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

73:48:c6:8e:b1:5b:75:f1:4d:9a:81:8d:5c:f3:be:0eCertificate

Extended Key Usages

Key Usages

03:88:8d:99:43:23:2c:01:ca:d2:55:fc:34:98:67:9b:ad:44:a3:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

msvcr90

shell32

shlwapi

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 928B

.rsrc Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

73:48:c6:8e:b1:5b:75:f1:4d:9a:81:8d:5c:f3:be:0e
Certificate

03:88:8d:99:43:23:2c:01:ca:d2:55:fc:34:98:67:9b:ad:44:a3:b6
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 928B

.rsrc
Size: 2KB - Virtual size: 1KB