AC4BFSP[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

AC4BFSP.exe
Size

43.0MB
MD5

8dbd0fc0408da34fc3a9c9c253b432ae
SHA1

c506dae72af6533a0d5704795d8b49efef498cc0
SHA256

54ca73af7ec7394c95e68c3b4d1c61a86c31f34abdc81e753bda4b53960d8b1a
SHA512

be077c003ab42cf60822995fabf9c91068d155d12097b09af775d4387859b846458b1fdb7b03c1991527d74876539e58f1b02cfba251aad90a89026b5d21227c
SSDEEP

393216:58jEVhtZQGultwF7uAsNPEaQ73bPFqujV97YgxxOrAji4W3dADVNW:KoJZQGuHPC3bPFqujV97YgxYrAjidz

Score

1^/10

Malware Config

Signatures

Files

AC4BFSP.exe
.exe windows:5 windows x86 arch:x86

6ca487a09a88dc0237f1d23dcaf57df2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:bb:64:37:aa:ba:4f:1b:33:a5:10:ef:cf:35:39:b5
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/07/2014, 00:00

Not After

16/07/2015, 23:59

Subject

CN=UBISOFT ENTERTAINMENT INC.,O=UBISOFT ENTERTAINMENT INC.,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Work\acga\pcdlc\output\win32\exe\scimitar_engine_win32_f.pdb

Imports

ws2_32

getsockopt
socket
getsockname
bind
connect
send
recv
setsockopt
ioctlsocket
select
accept
listen
closesocket
recvfrom
inet_ntoa
getnameinfo
gethostbyname
ntohs
inet_addr
htons
htonl
gethostname
WSAStartup
__WSAFDIsSet
WSACleanup
sendto
ntohl
WSAIoctl
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSASocketA
WSASendTo
WSAResetEvent
WSARecvFrom
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
WSAGetLastError

d3d9

Direct3DCreate9

opengl32

wglMakeCurrent
wglCreateContext
wglDeleteContext
glGetString

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11CreateTextureFromFileA

dxgi

CreateDXGIFactory1

gfsdk_ssao_win32

?NV_SSAO_SetInputDepths@@YA?AW4NV_SSAO_Status@@PBUNV_SSAO_InputDepthData@@@Z
?NV_SSAO_SetInputNormals@@YA?AW4NV_SSAO_Status@@PBUNV_SSAO_InputNormalData@@@Z
?NV_SSAO_ReleaseResources@@YA?AW4NV_SSAO_Status@@XZ
?NV_SSAO_RenderAO@@YA?AW4NV_SSAO_Status@@PAUID3D11DeviceContext@@PAUID3D11RenderTargetView@@W4NV_SSAO_RenderMask@@@Z
?NV_SSAO_SetParameters@@YA?AW4NV_SSAO_Status@@PBUNV_SSAO_Parameters@@@Z
?NV_SSAO_Initialize@@YA?AW4NV_SSAO_Status@@PAUID3D11Device@@I@Z

gfsdk_shadowlib.win32

?NV_ShadowLib_OpenDX@@YA?AW4NV_ShadowLib_Status@@MQIAUNV_ShadowLib_Ctx@@QIAUID3D11Device@@QIAUID3D11DeviceContext@@PAUgfsdk_new_delete_t@@@Z
?NV_ShadowLib_AddBuffer@@YA?AW4NV_ShadowLib_Status@@QIAUNV_ShadowLib_Ctx@@PAUNV_ShadowLib_BufferDesc@@PAPAI@Z
?NV_ShadowLib_FinalizeBuffer@@YA?AW4NV_ShadowLib_Status@@QIAUNV_ShadowLib_Ctx@@PAIPAPAUID3D11ShaderResourceView@@@Z
?NV_ShadowLib_RenderBufferUsingExternalMap@@YA?AW4NV_ShadowLib_Status@@QIAUNV_ShadowLib_Ctx@@PAUNV_ShadowLib_ExternalMapDesc@@PAUID3D11ShaderResourceView@@PAIPAUNV_ShadowLib_BufferRenderParams@@@Z
?NV_ShadowLib_ClearBuffer@@YA?AW4NV_ShadowLib_Status@@QIAUNV_ShadowLib_Ctx@@PAI@Z
?NV_ShadowLib_RemoveBuffer@@YA?AW4NV_ShadowLib_Status@@QIAUNV_ShadowLib_Ctx@@PAPAI@Z
?NV_ShadowLib_CloseDX@@YA?AW4NV_ShadowLib_Status@@QIAUNV_ShadowLib_Ctx@@@Z

gfsdk_godrayslib.win32

?GFSDK_GodraysLib_OpenDX@@YA?AW4GFSDK_GodraysLib_Status@@MQIAUGFSDK_GodraysLib_Ctx@@QIAUID3D11Device@@QIAUID3D11DeviceContext@@PAUgfsdk_new_delete_t@@@Z
?GFSDK_GodraysLib_GetVersion@@YA?AW4GFSDK_GodraysLib_Status@@PAM@Z
?GFSDK_GodraysLib_RenderVolume@@YA?AW4GFSDK_GodraysLib_Status@@QIAUGFSDK_GodraysLib_Ctx@@QIAUID3D11DeviceContext@@PBUGFSDK_GodraysLib_ShadowMapDesc@@PAUID3D11ShaderResourceView@@PBUGFSDK_GodraysLib_DepthBufferDesc@@3PBUGFSDK_GodraysLib_LightDesc@@PBUGFSDK_GodraysLib_ViewerDesc@@PBUGFSDK_GodraysLib_AirlightDesc@@MMW4GFSDK_GodraysLib_Technique@@W4GFSDK_GodraysLib_Quality@@W4GFSDK_GodraysLib_BufferSize@@_NIIPAUID3D11BlendState@@@Z
?GFSDK_GodraysLib_CloseDX@@YA?AW4GFSDK_GodraysLib_Status@@QIAUGFSDK_GodraysLib_Ctx@@@Z

gfsdk_multires.win32

GFSDK_MultiRes_CreateClassInterface

gfsdk_psm.win32

GFSDK_PSM_Create

gfsdk_gsa.win32

GFSDK_GSA_GetResolution
GFSDK_GSA_InitializeSDK
GFSDK_GSA_RegisterOption
GFSDK_GSA_RegisterResolutions
GFSDK_GSA_LoadConfigFile
GFSDK_GSA_ReleaseSDK
GFSDK_GSA_SetOptionValue
GFSDK_GSA_SetResolution
GFSDK_GSA_SaveConfigFile
GFSDK_GSA_GetOptionValue

xinput1_3

ord2
ord3
ord4

dinput8

DirectInput8Create

bink2w32

_BinkShouldSkip@4
_BinkNextFrame@4
_BinkSetSoundTrack@8
_BinkSetMemory@8
_BinkSetVolume@12
_BinkClose@4
_BinkDoFrame@4
_BinkPause@8
_BinkGoto@12
_BinkWait@4
_BinkOpen@8
_BinkGetFrameBuffersInfo@8
_BinkSetSpeakerVolumes@20
_BinkOpenXAudio2@4
_BinkSetSoundSystem@8
_BinkSetIO@4
_BinkRegisterFrameBuffers@8

iphlpapi

GetBestInterface
GetIfEntry
GetAdaptersAddresses

uplay_r1_loader

UPLAY_ACH_EarnAchievement
UPLAY_GetOverlappedOperationResult
UPLAY_SAVE_Remove
UPLAY_USER_GetEmailUtf8
UPLAY_USER_GetPasswordUtf8
UPLAY_USER_GetUsernameUtf8
UPLAY_ACH_GetAchievements
UPLAY_OVERLAY_SetShopUrl
UPLAY_OVERLAY_Show
UPLAY_HasOverlappedOperationCompleted
UPLAY_Update
UPLAY_Startup
UPLAY_SAVE_Close
UPLAY_SAVE_SetName
UPLAY_SAVE_Write
UPLAY_SAVE_Open
UPLAY_SAVE_Read
UPLAY_Release
UPLAY_USER_GetCdKeys
UPLAY_GetNextEvent
UPLAY_Quit
UPLAY_SAVE_GetSavegames
UPLAY_GetLastError

kernel32

PeekNamedPipe
GetFileInformationByHandle
GetConsoleCP
HeapQueryInformation
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleMode
SetConsoleMode
SetStdHandle
EnumSystemLocalesA
ReadConsoleInputA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
GetDriveTypeW
HeapAlloc
HeapFree
LocalFileTimeToFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetLocaleInfoW
IsProcessorFeaturePresent
InterlockedExchange
GetTimeZoneInformation
HeapSize
SetConsoleCtrlHandler
RtlUnwind
GetModuleHandleW
EncodePointer
DecodePointer
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
TerminateProcess
WaitForMultipleObjectsEx
SleepEx
IsValidLocale
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
LocalAlloc
HeapCreate
GetPrivateProfileIntW
WritePrivateProfileStringW
CloseHandle
CreateProcessW
GetCommandLineW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetModuleHandleA
SetPriorityClass
GetCurrentProcess
Sleep
WaitForSingleObject
CreateMutexW
CreateSemaphoreA
ReleaseSemaphore
SetErrorMode
SetCurrentDirectoryA
GetModuleFileNameA
WideCharToMultiByte
GetLastError
CreateFileW
ReadFileEx
WriteFileEx
CancelIo
EnterCriticalSection
LeaveCriticalSection
GetFileSize
VirtualFree
VirtualAlloc
TlsGetValue
FindClose
GetFileAttributesA
WriteFile
CreateDirectoryW
DeleteFileW
ReadFile
MultiByteToWideChar
VirtualQuery
GetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentThreadId
SwitchToThread
OpenThread
SetLastError
IsDebuggerPresent
SetThreadAffinityMask
GetVersion
SetThreadPriority
SetThreadPriorityBoost
RaiseException
SuspendThread
ResumeThread
GetCurrentThread
GetLogicalDriveStringsA
GetSystemInfo
CreateEventA
SetEvent
ResetEvent
GetProcessAffinityMask
SetProcessAffinityMask
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocaleInfoA
GetUserDefaultLCID
IsWow64Process
GetVersionExA
lstrlenA
TlsAlloc
TlsFree
TlsSetValue
InterlockedDecrement
lstrlenW
GetEnvironmentVariableW
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
GetTickCount
QueryPerformanceCounter
GetLocalTime
QueryPerformanceFrequency
OutputDebugStringA
DebugBreak
GetOverlappedResult
GetFileSizeEx
CreateFileA
VirtualProtect
SetFilePointer
CreateEventW
CopyFileA
GetFileTime
SetEndOfFile
FlushFileBuffers
SetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
DeleteFileA
WaitForMultipleObjects
LocalFree
SystemTimeToFileTime
GetSystemTime
SetFileTime
ExitProcess
GetFullPathNameA
CreateProcessA
FormatMessageA
InterlockedIncrement
AreFileApisANSI
UnlockFile
LockFile
GetFileAttributesW
LoadLibraryW
GetCurrentProcessId
GetSystemTimeAsFileTime
LockFileEx
GetTempPathA
GetTempPathW
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateThread
GetExitCodeThread
InterlockedExchangeAdd
MoveFileA

user32

ShowWindow
DefWindowProcA
DestroyWindow
GetDC
UpdateWindow
CreateWindowExA
AdjustWindowRect
RegisterClassExA
LoadIconA
LoadCursorA
LoadImageA
TranslateMessage
DispatchMessageA
PeekMessageA
GetAsyncKeyState
PostQuitMessage
UnregisterDeviceNotification
RegisterDeviceNotificationA
IsIconic
MessageBoxW
GetWindowRect
GetDesktopWindow
RegisterClassA
UnregisterClassA
ReleaseDC
PostMessageA
MessageBoxA
EnumDisplayDevicesA
IsWindow
GetMonitorInfoA
MonitorFromWindow
GetActiveWindow
GetWindowPlacement
IsWindowVisible
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetForegroundWindow
CallWindowProcW
SetWindowLongW
GetWindowLongW
RegisterDeviceNotificationW
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoA
GetClientRect
ShowCursor
GetSystemMetrics

gdi32

CreateDCA
ExtEscape
DeleteDC
SetPixelFormat
ChoosePixelFormat

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

shutdown
getpeername
WSAAsyncSelect
WSASetLastError

winmm

timeGetTime

wininet

InternetSetCookieExA

Exports

Exports

?CreateWithCustomAllocator@iZHybridReverbEngine@iZReverb@@SAXPAPAV12@IP6APAXI@ZP6AXPAX@ZIIW4Reverb_Quality@2@W4Reverb_Mode@2@_N@Z
?CreateWithCustomAllocator@iZHybridReverbEngine@iZReverb@@SAXPAPAV12@IPAXIIW4Reverb_Quality@2@W4Reverb_Mode@2@_N@Z
?CreateWithCustomAllocator@iZTrashBoxModelerEngine@iZTrashBoxModeler@@SAXPAPAV12@IIP6APAXI@ZP6AXPAX@ZIPBD_N@Z
?CreateWithCustomAllocator@iZTrashBoxModelerEngine@iZTrashBoxModeler@@SAXPAPAV12@IIPAXIPBD_N@Z
?CreateWithCustomAllocator@iZTrashDelayEngine@iZTrashDelay@@SAXPAPAV12@IIP6APAXI@ZP6AXPAX@ZI_N@Z
?CreateWithCustomAllocator@iZTrashDistortionEngine@iZTrashDistortion@@SAXPAPAV12@IIP6APAXI@ZP6AXPAX@ZI_N@Z
?CreateWithCustomAllocator@iZTrashDynamicsEngine@iZTrashDynamics@@SAXPAPAV12@IIP6APAXI@ZP6AXPAX@ZI_N@Z
?CreateWithCustomAllocator@iZTrashFiltersEngine@iZTrashFilters@@SAXPAPAV12@IIP6APAXI@ZP6AXPAX@ZI_N@Z
?CreateWithCustomAllocator@iZTrashMultibandDistortionEngine@iZTrashMultibandDistortion@@SAXPAPAV12@IIP6APAXI@ZP6AXPAX@ZI_N@Z
?CreateWithDefaultAllocator@iZHybridReverbEngine@iZReverb@@SAXPAPAV12@IIIW4Reverb_Quality@2@W4Reverb_Mode@2@_N@Z
?CreateWithDefaultAllocator@iZTrashBoxModelerEngine@iZTrashBoxModeler@@SAXPAPAV12@IIIPBD_N@Z
?CreateWithDefaultAllocator@iZTrashDelayEngine@iZTrashDelay@@SAXPAPAV12@III_N@Z
?CreateWithDefaultAllocator@iZTrashDistortionEngine@iZTrashDistortion@@SAXPAPAV12@III_N@Z
?CreateWithDefaultAllocator@iZTrashDynamicsEngine@iZTrashDynamics@@SAXPAPAV12@III_N@Z
?CreateWithDefaultAllocator@iZTrashFiltersEngine@iZTrashFilters@@SAXPAPAV12@III_N@Z
?CreateWithDefaultAllocator@iZTrashMultibandDistortionEngine@iZTrashMultibandDistortion@@SAXPAPAV12@III_N@Z
?DestroyEngine@iZHybridReverbEngine@iZReverb@@SAXPAV12@@Z
?DestroyEngine@iZTrashBoxModelerEngine@iZTrashBoxModeler@@SAXPAV12@@Z
?DestroyEngine@iZTrashDelayEngine@iZTrashDelay@@SAXPAV12@@Z
?DestroyEngine@iZTrashDistortionEngine@iZTrashDistortion@@SAXPAV12@@Z
?DestroyEngine@iZTrashDynamicsEngine@iZTrashDynamics@@SAXPAV12@@Z
?DestroyEngine@iZTrashFiltersEngine@iZTrashFilters@@SAXPAV12@@Z
?DestroyEngine@iZTrashMultibandDistortionEngine@iZTrashMultibandDistortion@@SAXPAV12@@Z
GetDataBufferSize
InitBufferSynchro
ReadData
WriteData

Sections

.text
Size: 26.3MB - Virtual size: 26.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 39.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ca487a09a88dc0237f1d23dcaf57df2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1b:bb:64:37:aa:ba:4f:1b:33:a5:10:ef:cf:35:39:b5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

d3d9

opengl32

d3dcompiler_43

d3d11

d3dx11_43

dxgi

gfsdk_ssao_win32

gfsdk_shadowlib.win32

gfsdk_godrayslib.win32

gfsdk_multires.win32

gfsdk_psm.win32

gfsdk_gsa.win32

xinput1_3

dinput8

bink2w32

iphlpapi

uplay_r1_loader

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

wsock32

winmm

wininet

Exports

Exports

Sections

.text Size: 26.3MB - Virtual size: 26.3MB

.rdata Size: 9.0MB - Virtual size: 9.0MB

.data Size: 3.5MB - Virtual size: 39.0MB

.shared Size: 256KB - Virtual size: 256KB

.tls Size: 512B - Virtual size: 137B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1b:bb:64:37:aa:ba:4f:1b:33:a5:10:ef:cf:35:39:b5
Certificate

.text
Size: 26.3MB - Virtual size: 26.3MB

.rdata
Size: 9.0MB - Virtual size: 9.0MB

.data
Size: 3.5MB - Virtual size: 39.0MB

.shared
Size: 256KB - Virtual size: 256KB

.tls
Size: 512B - Virtual size: 137B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB