1acfc70b5ba9c6aca4134df1f3ffb8375251fb5e73434dc080b7fba07fd4b17e

Sharing

Copy URL

Twitter E-mail

General

Target

1acfc70b5ba9c6aca4134df1f3ffb8375251fb5e73434dc080b7fba07fd4b17e
Size

203KB
MD5

4c3e3ae7ec40adec344b8f598b48a493
SHA1

da74b6914ff30842a5c6c4e6e6a7a66da560d6b7
SHA256

1acfc70b5ba9c6aca4134df1f3ffb8375251fb5e73434dc080b7fba07fd4b17e
SHA512

15b0da8b915982d0177a125c0d867bde63ca6d9c37986912f9126347a2ba273040e46dc44adb0af2a64423ca1ae0ac57924bed9f910c0f20d3b6ee5fb0d26af3
SSDEEP

3072:52ZOwMIkIPZiP3RU9M0ddQu85hWtv4Ji9UpLP3cx+evxvUe7HIC9yxSj5mi2C:OV7iPmM0ddQx21N9anC

Score

1^/10

Malware Config

Signatures

Files

1acfc70b5ba9c6aca4134df1f3ffb8375251fb5e73434dc080b7fba07fd4b17e
.exe windows:5 windows x86 arch:x86

9c9a460e446ad959ccf14b0fc088fc7b

Code Sign

Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

29-06-2004 17:06

Not After

29-06-2034 17:06

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16-11-2006 01:54

Not After

16-11-2026 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:9b:d1:ee:8a:f2:a9
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

08-10-2010 19:09

Not After

08-10-2011 19:09

Subject

CN=IF STUDIOS,O=IF STUDIOS,L=Gaithersburg,ST=MD,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:03
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

06-05-2010 19:34

Not After

06-05-2015 19:34

Subject

CN=Starfield Services Timestamp Authority,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6:23:9d:69:24:a4:04:d0:8a:61:90:89:a0:66:35:d7:98:40:ea:c6
Signer

Actual PE Digest

e6:23:9d:69:24:a4:04:d0:8a:61:90:89:a0:66:35:d7:98:40:ea:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\p4_1666\depot\HeroEngine\MAIN\launchclient\Release\Launcher.pdb

Imports

wsock32

send
recv
closesocket
socket
ioctlsocket
htons
connect
gethostbyname
WSAAsyncSelect
WSAGetLastError
WSAStartup
WSACleanup

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

winmm

timeGetTime

kernel32

SetStdHandle
SetFilePointer
HeapReAlloc
VirtualAlloc
FlushFileBuffers
ReadFile
GetStringTypeW
GetStringTypeA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock
GlobalUnlock
GlobalFree
GetWindowsDirectoryA
OutputDebugStringA
SetCurrentDirectoryA
ReleaseMutex
CloseHandle
GetCommandLineA
CreateMutexA
OpenMutexA
GetLastError
CreateFileA
GetExitCodeProcess
GetTempPathA
GlobalSize
GlobalAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
FreeLibrary
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
CompareStringA
CompareStringW
CreateProcessA
GetProcAddress
SetConsoleCtrlHandler
GetModuleFileNameA
GetModuleHandleW
SetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
DeleteFileA
RaiseException
RtlUnwind
Sleep
ExitProcess
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize

user32

wvsprintfA
wsprintfA
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassA
SetTimer
SetWindowTextA
DefWindowProcA
KillTimer
DestroyWindow
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow
UpdateWindow
GetClientRect
CreateWindowExA
SendMessageA
MessageBoxA

gdi32

SetBkColor
CreateSolidBrush
GetStockObject
CreateBrushIndirect
SetTextColor
DeleteObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c9a460e446ad959ccf14b0fc088fc7b

Code Sign

Certificate

03:01Certificate

Key Usages

4e:9b:d1:ee:8a:f2:a9Certificate

Extended Key Usages

Key Usages

20:03Certificate

Extended Key Usages

Key Usages

e6:23:9d:69:24:a4:04:d0:8a:61:90:89:a0:66:35:d7:98:40:ea:c6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

version

comctl32

winmm

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 2KB

03:01
Certificate

4e:9b:d1:ee:8a:f2:a9
Certificate

20:03
Certificate

e6:23:9d:69:24:a4:04:d0:8a:61:90:89:a0:66:35:d7:98:40:ea:c6
Signer

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 2KB