FalloutNV[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

FalloutNV.rar
Size

13.5MB
MD5

8c9519d03408335b17fba390cb5c9d8d
SHA1

8561603e9d4f8062dab3d24534d3d0190af9d6d1
SHA256

3af6e40ef72ae87678dca85a8b390bb701a393673c03c9ac9248148649ee14e3
SHA512

77a2141e2cb38afee048ac4add286f33bb8e8e2a471af0c774950b52c70ad5aeebce827a19383088db142f14367871af584c2e3390d8b819943706d6e2006340
SSDEEP

196608:g3b2XtukRcZzX4Ff1GktMtkQyt/4jM00l0a5kPFoQ7tmZcNKFoP/ciF:g3qXkkWoFNGHkQjM00CpFok5NXci

Score

1^/10

Malware Config

Signatures

Files

FalloutNV.rar
.rar
FalloutNV.exe
.exe windows:5 windows x86 arch:x86

1accd1dff7f3b254e3a5e9d2d3eaccbf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:05:4e:a7:c5:18:c1:4a:ed:9e:e0:71:69:15:d4:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/09/2010, 00:00

Not After

13/09/2011, 23:59

Subject

CN=Bethesda Softworks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bethesda Softworks,L=Rockville,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:f9:63:b6:7c:da:b5:8c:e1:11:73:cb:16:8d:72:68:a0:4a:93:e0
Signer

Actual PE Digest

dc:f9:63:b6:7c:da:b5:8c:e1:11:73:cb:16:8d:72:68:a0:4a:93:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_Fallout3\Platforms\Common\build\win32\FalloutNV.pdb

Imports

comctl32

ImageList_Destroy
ImageList_LoadImageA
InitCommonControlsEx

d3d9

D3DPERF_SetOptions

xinput1_3

ord2
ord3

kernel32

TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetTickCount
FindClose
FindNextFileA
CompareFileTime
FindFirstFileA
lstrcatA
lstrcpyA
CloseHandle
ReadFile
GetFileSize
CreateFileA
LocalFree
FormatMessageA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
CreateSemaphoreA
CreateDirectoryA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetPrivateProfileIntA
DebugBreak
CreateEventA
SetEvent
DeleteFileA
GetLocalTime
WriteFile
GetSystemTime
InterlockedExchange
GetDriveTypeA
ExitProcess
IsDebuggerPresent
GetCommandLineW
GetSystemInfo
CreateMutexA
LeaveCriticalSection
Sleep
WaitForMultipleObjects
VirtualFree
GetCurrentProcess
VirtualAlloc
GetModuleHandleA
SetThreadPriority
GetCurrentThread
CreateThread
MultiByteToWideChar
SetThreadIdealProcessor
InitializeCriticalSectionAndSpinCount
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
GlobalMemoryStatus
ExitThread
GlobalMemoryStatusEx
GetModuleFileNameA
RaiseException
ResumeThread
SuspendThread
GetFileAttributesA
GetPrivateProfileStringA
GetExitCodeThread
OutputDebugStringA
WideCharToMultiByte
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
MoveFileA
GetCommandLineA
GetStartupInfoA
GetFullPathNameA
GetModuleHandleW
HeapReAlloc
HeapAlloc
HeapFree
HeapSize
LCMapStringA
TryEnterCriticalSection
ReleaseSemaphore
CopyFileA
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
ResetEvent
GetCurrentThreadId
LCMapStringW
GetCPInfo
SetLastError
GetStdHandle
GetACP
GetOEMCP
InterlockedExchangeAdd
IsValidCodePage
SetEnvironmentVariableA
CompareStringW
SetHandleCount
GetFileType
GetConsoleCP
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
GetConsoleMode
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
GetCurrentProcessId
EnumSystemLocalesA
VirtualQuery
GetUserDefaultLCID
GetLocaleInfoA

user32

LoadIconA
UpdateWindow
ShowWindow
SendMessageA
DestroyWindow
DispatchMessageA
TranslateMessage
PeekMessageA
LoadCursorA
SetWindowPos
GetWindow
ShowCursor
GetSystemMetrics
RegisterClassA
CreateWindowExA
GetClientRect
GetDoubleClickTime
SwapMouseButton
UnhookWindowsHookEx
GetWindowTextA
GetClassNameA
SendInput
SetWindowsHookExA
SetWindowTextA
DefWindowProcA
EnumChildWindows
GetWindowLongA
GetClassLongA
EnumDisplayDevicesA
MessageBoxA
AdjustWindowRectEx
GetActiveWindow
SetForegroundWindow
FindWindowA
GetAsyncKeyState
CallNextHookEx
AdjustWindowRect

gdi32

GetStockObject

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
GetUserNameA

shell32

CommandLineToArgvW
SHGetFolderPathA
ShellExecuteA

ole32

CoInitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance

steam_api

SteamFriends
SteamAPI_Init
SteamAPI_UnregisterCallback
SteamAPI_Shutdown
SteamUser
SteamAPI_RunCallbacks
SteamAPI_RegisterCallback
SteamUserStats
SteamApps
SteamAPI_IsSteamRunning
SteamUtils

wsock32

closesocket
socket
WSAGetLastError
recv
send
connect
gethostbyname
ioctlsocket
htons
inet_ntoa
WSAStartup
gethostname
listen
bind
setsockopt
inet_addr
select
__WSAFDIsSet
accept
ntohs
WSAAsyncSelect

d3dx9_38

D3DXLoadSurfaceFromSurface
D3DXSaveTextureToFileA
D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXCompileShaderFromFileA
D3DXGetShaderConstantTable
D3DXCreateBuffer
D3DXVec4Transform
D3DXGetVertexShaderProfile
D3DXGetPixelShaderProfile
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemory
D3DXCompileShader
D3DXMatrixRotationYawPitchRoll
D3DXMatrixMultiplyTranspose
D3DXVec3TransformCoord
D3DXPlaneTransform
D3DXVec3Normalize
D3DXVec3TransformNormal
D3DXMatrixMultiply
D3DXMatrixInverse
D3DXMatrixTranspose
D3DXPlaneNormalize

dinput8

DirectInput8Create

winmm

mmioOpenA
mmioDescend
mmioClose
mmioRead
mmioAscend
mmioGetInfo
mmioAdvance
timeGetTime

dsound

ord11

binkw32

_BinkSetSoundSystem@8
_BinkClose@4
_BinkNextFrame@4
_BinkWait@4
_BinkPause@8
_BinkOpenDirectSound@4
_BinkOpen@8
_BinkDoFrame@4
_BinkCopyToBufferRect@44

libvorbisfile

ov_open_callbacks
ov_clear
ov_pcm_total
ov_seekable
ov_read
ov_info

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 512B - Virtual size: 31B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 815KB - Virtual size: 814KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 802KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 454KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1accd1dff7f3b254e3a5e9d2d3eaccbf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

40:05:4e:a7:c5:18:c1:4a:ed:9e:e0:71:69:15:d4:b4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

dc:f9:63:b6:7c:da:b5:8c:e1:11:73:cb:16:8d:72:68:a0:4a:93:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

d3d9

xinput1_3

kernel32

user32

gdi32

advapi32

shell32

ole32

steam_api

wsock32

d3dx9_38

dinput8

winmm

dsound

binkw32

libvorbisfile

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 256KB - Virtual size: 954KB

.tls Size: 1024B - Virtual size: 709B

CONST Size: 512B - Virtual size: 31B

.rsrc Size: 815KB - Virtual size: 814KB

.reloc Size: 802KB - Virtual size: 802KB

.bind Size: 454KB - Virtual size: 456KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

40:05:4e:a7:c5:18:c1:4a:ed:9e:e0:71:69:15:d4:b4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

dc:f9:63:b6:7c:da:b5:8c:e1:11:73:cb:16:8d:72:68:a0:4a:93:e0
Signer

.text
Size: 11.9MB - Virtual size: 11.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 256KB - Virtual size: 954KB

.tls
Size: 1024B - Virtual size: 709B

CONST
Size: 512B - Virtual size: 31B

.rsrc
Size: 815KB - Virtual size: 814KB

.reloc
Size: 802KB - Virtual size: 802KB

.bind
Size: 454KB - Virtual size: 456KB