DiRT-2_NoCD_Win_EN_NoDVD[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

DiRT-2_NoCD_Win_EN_NoDVD.zip
Size

5.5MB
MD5

4255678c63802db197556f0bdc15a4cd
SHA1

923e38b54f0578400b70a8971ae22971ca21c622
SHA256

a07394278275444ed01b0727c5502e33b21cac906b33752b2e6823f6798c72eb
SHA512

70bde55f35c410c1fe931c5f4dc81b8ccc452291780d0611bd8549e9222196ed0c07cf400f3a568a1a42937d8f0b0dead1c94a8eda8d2eb327f1b5435df574b4
SSDEEP

98304:MBmozZN67IGik/vgEwhYBVWc0BOpsUzcpUnflh/JQVAv3TTEMbO4l+uF:MwolQ7ISQEw27WrBOiEcpUnfj/JVbAIr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/rld.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dirt2.exe
unpack001/rld.dll

Files

DiRT-2_NoCD_Win_EN_NoDVD.zip
.zip
dirt2.exe
.exe windows:4 windows x86 arch:x86

4a941e7ceb7d4d19e02fe5fce96e486e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
MessageBoxA

kernel32

GetFileAttributesW
GetCommandLineW
CreateEventA
GetProcAddress
lstrcmpA
lstrlenW
VirtualFree
ResumeThread
SetFilePointer
ReadFile
CreateFileW
GetModuleFileNameW
SetLastError
LoadLibraryA
GetModuleHandleA
SetUnhandledExceptionFilter
WaitForSingleObject
Sleep
GetLastError
ResetEvent
CloseHandle
TerminateProcess
GetCurrentThreadId
VirtualAlloc
GetStdHandle
LocalFree
LocalAlloc
OutputDebugStringA
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
RtlUnwind
HeapReAlloc
HeapSize
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
VirtualProtect
GetSystemInfo

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptDecodeObject
CryptQueryObject

advapi32

SetEntriesInAclA
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid

Exports

Exports

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.secu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dirt2o.exe
.exe windows:4 windows x86 arch:x86

9a887d92022ff890246b9d97bd01d2fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:e2:be:3f:dd:84:63:e4:83:8f:72:b8:27:32:b8:ec
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/09/2008, 00:00

Not After

12/10/2011, 23:59

Subject

CN=Sony DADC Austria AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Virtual Factory,O=Sony DADC Austria AG,L=Salzburg,ST=Salzburg,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:10:a3:0c:eb:36:4b:84:8a:02:52:bb:2f:a4:08:b9:f8:a4:a7:17
Signer

Actual PE Digest

bb:10:a3:0c:eb:36:4b:84:8a:02:52:bb:2f:a4:08:b9:f8:a4:a7:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
MessageBoxA
UnregisterClassA
GetMessageA
DispatchMessageA
SetWindowLongA
SetTimer
KillTimer
PostQuitMessage
DefWindowProcA
GetDesktopWindow
LoadCursorA
GetWindowTextA
GetWindowLongA
GetParent
GetClientRect
GetClassNameA
GetClassLongA
EnumChildWindows
DestroyCursor
GetCursor
GetWindowThreadProcessId
EnumWindows
GetSystemMetrics
GetKeyboardType
wsprintfW
SetForegroundWindow
FlashWindow
SetWindowPos
CreateWindowExA
EnableWindow
SetWindowTextW
SetWindowTextA
ShowWindow
GetSysColor
SetDlgItemTextA
SetDlgItemTextW
EndDialog
UpdateWindow
GetDlgItem
GetForegroundWindow
DestroyWindow
DialogBoxIndirectParamA
SendDlgItemMessageA
GetSysColorBrush
LoadStringA
CopyImage
LoadImageA
SetSystemCursor
LoadCursorFromFileA
CharLowerA
GetSubMenu
SetCursor
GetMenuState
GetMenu
FindWindowExA
EnableMenuItem
CheckMenuItem
wsprintfA
FindWindowA
RegisterClassExA
RegisterHotKey
UnregisterHotKey
CharLowerBuffA
GetUserObjectInformationW
GetProcessWindowStation
SetFocus
TranslateMessage

kernel32

GetFileAttributesW
GetCommandLineW
CreateEventA
GetProcAddress
lstrcmpA
lstrlenW
VirtualFree
ResumeThread
SetFilePointer
ReadFile
CreateFileW
GetModuleFileNameW
SetLastError
LoadLibraryA
GetModuleHandleA
SetUnhandledExceptionFilter
WaitForSingleObject
Sleep
GetLastError
ResetEvent
CloseHandle
TerminateProcess
GetCurrentThreadId
VirtualAlloc
GetStdHandle
LocalFree
LocalAlloc
OutputDebugStringA
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
RtlUnwind
HeapReAlloc
HeapSize
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
VirtualProtect
GetSystemInfo
SetNamedPipeHandleState
WaitNamedPipeA
ReleaseMutex
CreateMutexA
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentThread
GetWindowsDirectoryA
FileTimeToSystemTime
IsBadReadPtr
GlobalMemoryStatus
GetTempPathA
DeleteFileA
FreeLibrary
CreateFileMappingA
CreateProcessA
DeviceIoControl
FindClose
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetDriveTypeA
GetFileSize
GetLocalTime
GetLogicalDrives
GetSystemDirectoryA
GetSystemTime
GetVolumeInformationA
MapViewOfFile
OpenMutexA
OpenProcess
QueryDosDeviceA
SetCurrentDirectoryA
SetErrorMode
UnmapViewOfFile
GetOverlappedResult
CopyFileA
GetTempFileNameA
MoveFileExA
CreateDirectoryW
GetTempPathW
GetExitCodeThread
WaitForMultipleObjects
GetEnvironmentVariableA
GetVersion
GetFileAttributesA
FlushInstructionCache
lstrlenA
SuspendThread
IsBadWritePtr
GetThreadContext
SetThreadPriority
GlobalFree
GlobalAlloc
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
DuplicateHandle
SystemTimeToFileTime
CreateDirectoryA
CreateSemaphoreA
ReleaseSemaphore
FlushConsoleInputBuffer
GetConsoleMode
QueryPerformanceFrequency
SetPriorityClass
FormatMessageA
LocalUnlock
GlobalUnlock
LocalLock
GlobalLock
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
ReadConsoleInputA
SetConsoleCtrlHandler
GetTimeZoneInformation
OpenEventA
lstrcmpiA
GetFullPathNameW
GetFullPathNameA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
CreateFileA
CreateThread
GetComputerNameA
SetEvent
GetExitCodeProcess
GetShortPathNameA
GetProcessHeap
FileTimeToLocalFileTime
GetThreadPriority
GetPriorityClass
SetConsoleMode
ReadProcessMemory
WriteProcessMemory
GetFileTime
CompareFileTime
WritePrivateProfileStringA
RemoveDirectoryA
GetUserDefaultLangID
LockResource
LoadResource
FindResourceA
RaiseException
SetFileAttributesA

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptDecodeObject
CryptQueryObject

advapi32

SetEntriesInAclA
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
DeleteService
QueryServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CreateServiceA
StartServiceA
OpenThreadToken
RegQueryInfoKeyA
GetTokenInformation
EqualSid
RegOpenKeyA
GetUserNameA
RevertToSelf
RegEnumKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService

ole32

CoInitialize
CoUninitialize

shlwapi

PathFileExistsW
PathRemoveExtensionW
PathStripPathW
PathCombineW
PathRemoveFileSpecW
PathFileExistsA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteExA

wsock32

recv
closesocket
WSASetLastError
send
shutdown
WSAGetLastError

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Stext
Size: 3.7MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sitext
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Srdata
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sdata
Size: 684KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sidata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.securom
Size: 920KB - Virtual size: 919KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
reloaded.nfo
rld.dll
.dll windows:5 windows x86 arch:x86

525c976a9f7771d02c62c50994f35c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetModuleHandleA
MultiByteToWideChar
lstrcpyA
CopyFileA
HeapAlloc
lstrcmpiA
SetLastError
WideCharToMultiByte
lstrlenW
CreateEventA
GetCurrentProcessId
CloseHandle
lstrcmpA
CreateFileA
GetLastError
CreateDirectoryA
lstrcatA
lstrlenA
GetTempPathA
GetModuleFileNameA
HeapCreate
HeapDestroy
CompareFileTime
GetProcessTimes
GetCurrentProcess
GetFileTime
TerminateProcess
GetTickCount
LoadLibraryA
WriteProcessMemory
ReadProcessMemory
OpenEventA
WaitForMultipleObjects
CreateThread
ExitThread
SetEvent
WaitForSingleObject
ReadFile
VirtualProtect
IsBadWritePtr

user32

wsprintfA
CharLowerA
MessageBoxA
DefWindowProcA
SendMessageA
GetWindowLongA
SetWindowLongA
SetTimer
UnregisterClassA
DestroyWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassExA
PostMessageA
KillTimer

Exports

Exports

DllInit
P01
P02
P03
P04
P05
P06
P07
P08
P09
P10
P11
P12
P13
P14
P15

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a941e7ceb7d4d19e02fe5fce96e486e

Headers

File Characteristics

Imports

user32

kernel32

crypt32

advapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 1KB

.secu Size: 4KB - Virtual size: 3KB

9a887d92022ff890246b9d97bd01d2fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4b:e2:be:3f:dd:84:63:e4:83:8f:72:b8:27:32:b8:ecCertificate

Extended Key Usages

Key Usages

bb:10:a3:0c:eb:36:4b:84:8a:02:52:bb:2f:a4:08:b9:f8:a4:a7:17Signer

Headers

File Characteristics

Imports

user32

kernel32

crypt32

advapi32

ole32

shlwapi

shell32

wsock32

version

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 1KB

Stext Size: 3.7MB - Virtual size: 7.2MB

Sitext Size: 32KB - Virtual size: 28KB

Srdata Size: 436KB - Virtual size: 434KB

Sdata Size: 684KB - Virtual size: 2.5MB

Sidata Size: 24KB - Virtual size: 20KB

.securom Size: 920KB - Virtual size: 919KB

525c976a9f7771d02c62c50994f35c1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.UPX0 Size: 1KB - Virtual size: 1KB

.UPX1 Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 396B

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB

.secu
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4b:e2:be:3f:dd:84:63:e4:83:8f:72:b8:27:32:b8:ec
Certificate

bb:10:a3:0c:eb:36:4b:84:8a:02:52:bb:2f:a4:08:b9:f8:a4:a7:17
Signer

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB

Stext
Size: 3.7MB - Virtual size: 7.2MB

Sitext
Size: 32KB - Virtual size: 28KB

Srdata
Size: 436KB - Virtual size: 434KB

Sdata
Size: 684KB - Virtual size: 2.5MB

Sidata
Size: 24KB - Virtual size: 20KB

.securom
Size: 920KB - Virtual size: 919KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.UPX0
Size: 1KB - Virtual size: 1KB

.UPX1
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 396B