Creative_SBXG_WIN8_BETA_1_02_0080[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Creative_SBXG_WIN8_BETA_1_02_0080.exe
Size

113.2MB
MD5

17867d6acbc6125bb419fbfe7fe4c524
SHA1

afae7cfb2c17900cb491a92de984d135ac980477
SHA256

51276254fe27bac765804cd9405845077163a323acc0eb9992ec4c1e3f2da856
SHA512

c7e4ebd534e5e73752c7c868b62ad05620159cacfc2eaa40957bed781bcad3ea9241a3657ee36ff03db2c37bba59a67d9e3eca8314308658d509f7bc75b9599e
SSDEEP

3145728:0H1yM//2OPY9+lq9gS7jSiPax4f/vvgHIjLTcY/m/:0H0MO9ESmx43+ILYYW

Score

1^/10

Malware Config

Signatures

Files

Creative_SBXG_WIN8_BETA_1_02_0080.exe
.exe windows:4 windows x86 arch:x86

af4e4b390dfae32202db4dcaa8228d77

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4c:91:11:fb:26:bd:1d:a4:c7:af:15:0c:49:f3
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

28/07/2010, 00:00

Not After

24/08/2012, 23:59

Subject

CN=Creative Technology Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Creative Technology Ltd,L=Singapore,ST=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:cb:9c:e6:dd:54:83:15:30:85:4d:40:3a:5c:84:33:e7:9c:d5:69
Signer

Actual PE Digest

63:cb:9c:e6:dd:54:83:15:30:85:4d:40:3a:5c:84:33:e7:9c:d5:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetFileAttributesA
CreateDirectoryA
SetFileAttributesA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetWindowsDirectoryA
lstrcmpiA
ReadFile
GetFileSize
CreateProcessA
CopyFileA
RemoveDirectoryA
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcess
GetCommandLineA
SetCurrentDirectoryA
GetFullPathNameA
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitThread
FindNextFileA
Sleep
CreateThread
TerminateThread
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetStdHandle
GetStdHandle
SetHandleCount
SetEndOfFile
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
FindFirstFileA
lstrcmpA
MultiByteToWideChar
FindClose
GetEnvironmentVariableA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
HeapFree
HeapAlloc
GetLastError
GetFileType
WriteFile
SetFilePointer
ExitProcess
TerminateProcess
RtlUnwind
GetStartupInfoA
GetVersion
GetStringTypeA

user32

SetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage
PostMessageA
EnableWindow
ShowWindow
UpdateWindow
LoadStringA
WaitForInputIdle
MessageBoxA
DialogBoxParamA
EndDialog
SetDlgItemTextA
LoadIconA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
FindExecutableA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af4e4b390dfae32202db4dcaa8228d77

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

0c:4c:91:11:fb:26:bd:1d:a4:c7:af:15:0c:49:f3Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

63:cb:9c:e6:dd:54:83:15:30:85:4d:40:3a:5c:84:33:e7:9c:d5:69Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 16KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

0c:4c:91:11:fb:26:bd:1d:a4:c7:af:15:0c:49:f3
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

63:cb:9c:e6:dd:54:83:15:30:85:4d:40:3a:5c:84:33:e7:9c:d5:69
Signer

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 13KB