SonicGenerations[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SonicGenerations.exe
Size

23.2MB
MD5

9f54aba466fcadb6253ada71c6703d0c
SHA1

54dff08ce6596be1314a5c912bfbdde75516c2bb
SHA256

f04727a89dcb599c241b8b85861a4a4ef91a411038dae746d7135ce0c8a7fedb
SHA512

923dc48d5005bc8b2b8b52a234a8a1f35e54ef9f66cf2f2b857ff02cbfcd09a634b7170e457b99be59acbf2f8dd707c947233371d7dc15c07d20d91fa3a8b0f1
SSDEEP

393216:grGq6C9a3/S31JA8c0u/chihKG+btsInNKpE:grGFv/Y1u3/FhXSCu

Score

1^/10

Malware Config

Signatures

Files

SonicGenerations.exe
.exe windows:5 windows x86 arch:x86

d9e7192c7f5e5dd53bd8aa465267e96d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:7c:99:2b:1c:fe:b7:ae:ff:5a:cf:48:1e:93:3e:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

05/08/2012, 23:59

Subject

CN=Sega Europe Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sega Europe Limited,L=Brentford,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:3f:3b:9d:2d:65:8a:a2:1d:f7:cc:f0:62:70:ce:ea:7c:49:2b:63
Signer

Actual PE Digest

b8:3f:3b:9d:2d:65:8a:a2:1d:f7:cc:f0:62:70:ce:ea:7c:49:2b:63

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXGetDeclVertexSize
D3DXCheckVolumeTextureRequirements
D3DXGetDeclLength
D3DXFillCubeTexture
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory
D3DXVec3Normalize
D3DXFilterTexture
D3DXFillVolumeTexture
D3DXCreateVolumeTexture
D3DXSaveSurfaceToFileA
D3DXCreateCubeTexture
D3DXFillTexture

dsound

ord11

imagehlp

MakeSureDirectoryPathExists

winmm

timeGetTime
timeSetEvent
timeKillEvent

wininet

InternetGetConnectedState

kernel32

GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
CompareStringW
TlsGetValue
SetThreadIdealProcessor
GetCurrentThread
SetThreadPriority
GetSystemInfo
GetVersion
Sleep
FindResourceExA
LoadResource
LockResource
FreeResource
ReleaseMutex
CreateMutexA
GetLastError
DeleteFileA
CreateEventA
ReadFileEx
GetOverlappedResult
CloseHandle
ReadFile
CreateFileA
SetEvent
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
RaiseException
ResumeThread
WaitForSingleObject
GetExitCodeThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
TlsAlloc
TlsFree
TlsSetValue
InterlockedCompareExchange
ResetEvent
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
HeapSetInformation
HeapCreate
GetProcessHeap
HeapDestroy
EnumSystemLocalesA
WriteConsoleW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateEventW
GetCurrentDirectoryA
InterlockedExchange
InterlockedPushEntrySList
InterlockedFlushSList
InterlockedExchangeAdd
InterlockedPopEntrySList
InitializeSListHead
GetFileSize
SuspendThread
SetFilePointer
WriteFile
SetEndOfFile
SetFileTime
FlushFileBuffers
MoveFileA
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetThreadPriority
GetCurrentThreadId
CreateDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
CreateThread
CreateFileW
GetStdHandle
GetCurrentDirectoryW
GetVersionExA
IsDBCSLeadByteEx
IsValidCodePage
SetProcessAffinityMask
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
RtlUnwind
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetCPInfo
IsValidLocale
LCMapStringA
GetStringTypeA
VirtualQuery
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
CreateProcessA
SetStdHandle
LCMapStringW
GetStringTypeW
SetLastError
HeapSize
HeapFree
GetExitCodeProcess
SetEnvironmentVariableA
CreateSemaphoreA
ReleaseSemaphore
GetModuleHandleA
HeapAlloc
CompareStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
VirtualAlloc
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP

user32

EnumDisplayDevicesA
SetForegroundWindow
OpenIcon
IsIconic
UnregisterClassW
DefWindowProcA
PostQuitMessage
UpdateWindow
ShowWindow
FindWindowA
DestroyWindow
wvsprintfA
AdjustWindowRect
SetRect
RegisterClassA
LoadCursorA
LoadIconA
MessageBoxW
ShowCursor
ClipCursor
TranslateMessage
PeekMessageA
DispatchMessageA
wsprintfA
EnumDisplaySettingsA
CreateWindowExA

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

storm_api

SteamFriends
SteamUtils
SteamUser
SteamApps
SteamAPI_Init
SteamAPI_RunCallbacks
SteamRemoteStorage
SteamAPI_Shutdown
SteamAPI_IsSteamRunning
SteamUserStats
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallResult

includeapp

?track@InAppTracker@@SAXPBD@Z
?destroy@InAppTracker@@SAXXZ
?track@InAppTracker@@SAXPBD00@Z
?track@InAppTracker@@SAXPBD0H@Z
?track@InAppTracker@@SAXPBD0M@Z
?trackXYZ@InAppTracker@@SAXPBD0AAM11@Z
?init@InAppTracker@@SAHPBD00@Z

shlwapi

PathCanonicalizeA

wsock32

closesocket
socket
WSAGetLastError
recv
send
connect
gethostbyname
listen
gethostname
__WSAFDIsSet
accept
ntohs
inet_addr
setsockopt
WSAStartup
inet_ntoa
select
WSAAsyncSelect
htons
ioctlsocket
bind

xinput1_3

ord3
ord2

d3d9

D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_EndEvent
D3DPERF_GetStatus
Direct3DCreate9
D3DPERF_BeginEvent
D3DPERF_SetOptions

dinput8

DirectInput8Create

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PSFD00
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.1MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e7192c7f5e5dd53bd8aa465267e96d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3c:7c:99:2b:1c:fe:b7:ae:ff:5a:cf:48:1e:93:3e:bbCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

b8:3f:3b:9d:2d:65:8a:a2:1d:f7:cc:f0:62:70:ce:ea:7c:49:2b:63Signer

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

dsound

imagehlp

winmm

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

storm_api

includeapp

shlwapi

wsock32

xinput1_3

d3d9

dinput8

shell32

Sections

.text Size: 15.7MB - Virtual size: 15.7MB

PSFD00 Size: 7KB - Virtual size: 7KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 3.1MB - Virtual size: 8.3MB

.tls Size: 512B - Virtual size: 73B

.rsrc Size: 22KB - Virtual size: 22KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3c:7c:99:2b:1c:fe:b7:ae:ff:5a:cf:48:1e:93:3e:bb
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b8:3f:3b:9d:2d:65:8a:a2:1d:f7:cc:f0:62:70:ce:ea:7c:49:2b:63
Signer

.text
Size: 15.7MB - Virtual size: 15.7MB

PSFD00
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 3.1MB - Virtual size: 8.3MB

.tls
Size: 512B - Virtual size: 73B

.rsrc
Size: 22KB - Virtual size: 22KB