cfPT_launcher[.]exe

Resubmissions

03/05/2024, 00:29

240503-as6q7sce36 3

03/05/2024, 00:25

240503-aqyb2scd65 3

Sharing

Copy URL Twitter E-mail

General

Target

cfPT_launcher.exe
Size

1.1MB
MD5

326fa9b17b31b1e529f305abc69bdd6b
SHA1

35e3193629c442bcdfb7240ed6a7788f0433ed9a
SHA256

0a12bab0012df43394a33e1d76991712d71b601bc9aeb9656902b0a426a2ee6e
SHA512

79785eef6f1f8b8dd41d93b3ce9aaea451c802b88b25c0a005066685dc5efd50748f2a6a59f3ad54004e7a972f59b71345cc8a9fa5529277eda3227c8fea28c1
SSDEEP

24576:BX9QkDEScPyaBgiVCiQkNay44/m7kJR+bggg+rpgOB:BNtcPyaBgiMiQ14/b8gggaSOB

Score

1^/10

Malware Config

Signatures

Files

cfPT_launcher.exe
.exe windows:4 windows x86 arch:x86

Password: 123

e3ded0c931867f46c3cda3abc44272de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:be:0b:7b:46:58:38:45:42:64:5b:f4:90:4f:1b:d4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/11/2018, 00:00

Not After

28/01/2020, 23:59

Subject

CN=Smilegate Entertainment\, Inc.,OU=IT Team,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:a0:c1:78:58:26:5d:df:13:c9:3c:c3:b9:44:c3:8f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/11/2019, 00:00

Not After

24/11/2021, 23:59

Subject

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13055375776f6e,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e3:99:5c:f2:bd:96:32:ad:0b:d7:21:2b:e6:a4:1c:10:f3:33:c1:d4:a8:a5:c8:3b:a5:b2:de:bb:a6:3d:d1:9a
Signer

Actual PE Digest

e3:99:5c:f2:bd:96:32:ad:0b:d7:21:2b:e6:a4:1c:10:f3:33:c1:d4:a8:a5:c8:3b:a5:b2:de:bb:a6:3d:d1:9a

Digest Algorithm

sha256

PE Digest Matches

true

8f:df:cf:70:85:e4:65:d9:32:20:1a:2f:4f:34:3e:ce:3d:5b:cd:c7
Signer

Actual PE Digest

8f:df:cf:70:85:e4:65:d9:32:20:1a:2f:4f:34:3e:ce:3d:5b:cd:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\current\npe\src\cf_us-sa\cf_br_launcher\bin\x86\release\cfPT_launcher.pdb

Imports

kernel32

VirtualProtect
VirtualAlloc
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetTickCount
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalGetAtomNameW
GetThreadLocale
WritePrivateProfileStringW
CloseHandle
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentProcessId
GlobalFree
FormatMessageW
LocalFree
GetModuleHandleA
FreeResource
GlobalAddAtomW
InterlockedCompareExchange
IsProcessorFeaturePresent
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
GetProcessHeap
WideCharToMultiByte
lstrlenA
LoadLibraryW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetProcAddress
Sleep
InitializeCriticalSection
GetModuleHandleW
GetCurrentThreadId
SetLastError
GetLastError
lstrcmpiW
FreeLibrary
GlobalAlloc
InterlockedDecrement
GlobalUnlock
InterlockedIncrement
GlobalLock
MulDiv
GetCurrentProcess
RaiseException
FlushInstructionCache
DeleteCriticalSection
lstrcmpW
LoadLibraryExW
lstrlenW
GetModuleFileNameW
EnterCriticalSection
CreateProcessW
MultiByteToWideChar
InterlockedExchange
GetCurrentDirectoryW
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
HeapCreate
GetSystemInfo
CreateEventW
OpenEventW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

IsRectEmpty
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorW
SetRectEmpty
CreateDialogIndirectParamW
EndDialog
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
IsDialogMessageW
GetCursorPos
IsWindowEnabled
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
CopyAcceleratorTableW
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
TrackPopupMenu
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
PtInRect
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
GetWindowPlacement
LoadBitmapW
KillTimer
SetTimer
EqualRect
IsWindowVisible
IsWindow
GetWindowTextLengthW
GetFocus
LoadCursorW
DestroyAcceleratorTable
GetWindowTextW
GetClassInfoExW
SetWindowTextW
RegisterWindowMessageW
GetDesktopWindow
InvalidateRgn
DestroyWindow
CreateWindowExW
ReleaseDC
DefWindowProcW
GetDC
EndPaint
BeginPaint
CharNextW
ScreenToClient
CallWindowProcW
GetDlgItem
SetWindowLongW
IsChild
CharUpperW
UnregisterClassW
GetSysColorBrush
SystemParametersInfoW
GetMenuItemInfoW
SetWindowPos
SetFocus
MoveWindow
UnpackDDElParam
ReuseDDElParam
GetLastActivePopup
LoadAcceleratorsW
SetCapture
GetWindow
ReleaseCapture
GetClassNameW
CreateAcceleratorTableW
RedrawWindow
RegisterClassExW
DrawIcon
GetSystemMetrics
IsIconic
SetWindowRgn
LoadIconW
SetRect
FillRect
OffsetRect
GetWindowLongW
PostMessageW
LoadMenuW
DestroyIcon
DrawStateW
GetActiveWindow
SendMessageW
GetSysColor
CopyRect
WindowFromPoint
InflateRect
ClientToScreen
FrameRect
DestroyMenu
InvalidateRect
DestroyCursor
SetCursor
GetParent
GetNextDlgTabItem
GetClientRect
EnableWindow
DrawFocusRect
TrackPopupMenuEx
LoadImageW
GetWindowRect
GetSubMenu
MapWindowPoints
UnregisterClassA

gdi32

Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
GetStockObject
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
CreatePatternBrush
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectW
ExtTextOutW
GetClipBox
GetBitmapBits
GetPixel
GetTextExtentPoint32W
SetPixel
StretchBlt
CreateBitmapIndirect
CreateDIBitmap
CreateSolidBrush
GetDeviceCaps
CreateDIBSection
SetDIBColorTable
CreateRectRgn
CombineRgn
ExtCreateRegion
DeleteObject
DeleteDC
SetTextColor
BitBlt
SetBkColor
SelectObject
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
GetObjectW
LineTo

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathFindFileNameW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CLSIDFromProgID
StringFromGUID2
OleInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemRealloc

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SafeArrayGetUBound
VarUI4FromStr
OleCreateFontIndirect
VariantClear
SafeArrayGetLBound
VariantInit
SafeArrayDestroy
SysFreeString
SysStringLen
SafeArrayUnaccessData
LoadRegTypeLi
SafeArrayAccessData
SysAllocStringLen
SysAllocString
LoadTypeLi
SysStringByteLen

gdiplus

GdiplusShutdown
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImagePixelFormat
GdipCloneImage
GdipGetImageGraphicsContext
GdipAlloc
GdipGetImagePaletteSize
GdipDeleteGraphics
GdipDisposeImage
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipDrawImageI
GdipFree

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

e3ded0c931867f46c3cda3abc44272de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:be:0b:7b:46:58:38:45:42:64:5b:f4:90:4f:1b:d4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

3d:a0:c1:78:58:26:5d:df:13:c9:3c:c3:b9:44:c3:8fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

e3:99:5c:f2:bd:96:32:ad:0b:d7:21:2b:e6:a4:1c:10:f3:33:c1:d4:a8:a5:c8:3b:a5:b2:de:bb:a6:3d:d1:9aSigner

8f:df:cf:70:85:e4:65:d9:32:20:1a:2f:4f:34:3e:ce:3d:5b:cd:c7Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 312KB - Virtual size: 308KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 744KB - Virtual size: 743KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:be:0b:7b:46:58:38:45:42:64:5b:f4:90:4f:1b:d4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

3d:a0:c1:78:58:26:5d:df:13:c9:3c:c3:b9:44:c3:8f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e3:99:5c:f2:bd:96:32:ad:0b:d7:21:2b:e6:a4:1c:10:f3:33:c1:d4:a8:a5:c8:3b:a5:b2:de:bb:a6:3d:d1:9a
Signer

8f:df:cf:70:85:e4:65:d9:32:20:1a:2f:4f:34:3e:ce:3d:5b:cd:c7
Signer

.text
Size: 312KB - Virtual size: 308KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 744KB - Virtual size: 743KB