Five_Nights_at_Freddys_v1[.]132[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Five_Nights_at_Freddys_v1.132.zip
Size

219.5MB
MD5

1ea572a69779ca3283c4d6de09f8306d
SHA1

3aaf0526a6ee36d408c1aef3d1863b6ce0c551b1
SHA256

d52e507caa1d7c8cfe9f9738ea10c5e24f85b4abc0500d1af0818b841f21bf37
SHA512

6d5c70e7d0d9134029c3919d1dd862409849f7919e85aad27f6829f3dc2c978643649934d42a1c1746d133db0633865a0417f9ab32f8958e1cffb058ebb6f166
SSDEEP

6291456:Wt4baAhLt4sS6WT2lT5Q6bXgLqal85OJrJq6:Pa0pFN5QIQLqal85OJc6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Five.Nights.at.Freddys.v1.132/Five Nights at Freddy's/FiveNightsatFreddys.exe

Files

Five_Nights_at_Freddys_v1.132.zip
.zip
Five.Nights.at.Freddys.v1.132/Five Nights at Freddy's/FiveNightsatFreddys.exe
.exe windows:5 windows x86 arch:x86

3a597e7b3ec8a722b64745095a57f9bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

winmm

timeBeginPeriod
joyGetDevCapsW
joyGetPosEx
timeGetTime
timeEndPeriod

kernel32

GetTempFileNameW
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleW
lstrlenW
GetLocaleInfoA
LockResource
VirtualProtect
VirtualQuery
SetLastError
LoadResource
SizeofResource
FindResourceA
FindResourceW
IsBadReadPtr
IsBadWritePtr
SetFilePointerEx
OutputDebugStringW
LoadLibraryExW
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
GetVersionExW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedDecrement
RtlUnwind
GetCommandLineA
HeapSize
HeapCompact
SetEnvironmentVariableW
HeapReAlloc
DeleteFileW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapFree
HeapAlloc
LoadLibraryExA
InterlockedExchange
RaiseException
GetVersion
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
GetTempPathW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetErrorMode
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GetExitCodeProcess
GetCommandLineW
Sleep
SetCurrentDirectoryW
CreateDirectoryW
CloseHandle
SetFilePointer
WriteFile
GetLastError
ReadFile
CreateFileW
GetCurrentThreadId
RemoveDirectoryW
GetModuleFileNameW
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
LCMapStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetFileType

user32

FillRect
GetMenuItemID
GetMenuStringW
ModifyMenuW
GetTabbedTextExtentW
SystemParametersInfoW
DrawEdge
DrawTextW
GetKeyboardLayout
PostQuitMessage
IntersectRect
SetRect
DrawFocusRect
InvertRect
CreateDialogParamA
CreateDialogParamW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
DialogBoxParamA
DialogBoxIndirectParamA
DialogBoxIndirectParamW
LoadMenuA
LoadMenuW
LoadStringA
SetLastErrorEx
EndPaint
BeginPaint
PtInRect
GetDlgItem
MapVirtualKeyW
GetInputState
GetDlgItemTextW
GetUpdateRect
EndDialog
DestroyMenu
LoadMenuIndirectW
GetMenuItemCount
SetWindowPlacement
GetWindowPlacement
GetFocus
CallWindowProcW
RemovePropW
SetPropW
GetPropW
UnionRect
DestroyWindow
SetScrollPos
SetScrollRange
CreateWindowExW
GetParent
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetFocus
GetSysColor
GetDesktopWindow
RedrawWindow
UpdateWindow
SetWindowLongW
MessageBoxW
LoadStringW
DialogBoxParamW
RegisterClassW
RegisterClassExW
LoadImageW
IsIconic
DefMDIChildProcW
SetDlgItemTextW
SendDlgItemMessageW
LoadIconW
GetWindow
GetClassNameW
GetTopWindow
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
OemToCharA
GetAsyncKeyState
GetActiveWindow
ShowCursor
SetCapture
ReleaseCapture
GetKeyState
GetWindowRect
MapWindowPoints
SetWindowPos
IsZoomed
GetWindowLongW
AdjustWindowRectEx
SendMessageW
LockWindowUpdate
IsWindowVisible
GetClientRect
SetWindowTextW
IsDialogMessageW
SetTimer
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsClipboardFormatAvailable
wsprintfW
ShowWindow
PostMessageW
CheckMenuItem
EnableMenuItem
GetMenu
InvalidateRect
SetCursorPos
ClientToScreen
ScreenToClient
GetCursorPos
GetKeyboardState
CopyRect
UnhookWindowsHookEx
KillTimer
SetWindowsHookExW
CallNextHookEx
DestroyIcon
GetSubMenu
DeleteMenu
GetMenuState
ReleaseDC
CreateIconIndirect
GetDC
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
TranslateMDISysAccel
GetMessageW
PeekMessageW
DrawMenuBar

gdi32

CreatePalette
GetDeviceCaps
SelectPalette
RealizePalette
GetObjectW
CreateFontIndirectW
CreatePen
Rectangle
SelectObject
MoveToEx
LineTo
CreateSolidBrush
GetStockObject
SetTextColor
SetBkMode
DeleteObject
GetClipRgn
ExcludeClipRect
SelectClipRgn
GetTextExtentPointW
TextOutW
SetTextAlign
SetROP2
GetNearestPaletteIndex
SetPolyFillMode
DPtoLP
SetBkColor
Polygon
CreateHatchBrush
GetCharWidthW
LPtoDP
GetTextMetricsW
SetDIBits
CreateCompatibleBitmap
CreateRectRgn
CreateBitmap

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

DragQueryFileW
DragAcceptFiles
ShellExecuteExW

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Five.Nights.at.Freddys.v1.132/HOW TO RUN GAME!!.txt
Five.Nights.at.Freddys.v1.132/_Redist/dxwebsetup.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21-02-2011 20:53

Not After

21-05-2012 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:ba:f7:87:7a:93:e9:f2:77:9a:d0:d8:84:ae:dd:db:7d:05:48:fb
Signer

Actual PE Digest

25:ba:f7:87:7a:93:e9:f2:77:9a:d0:d8:84:ae:dd:db:7d:05:48:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a597e7b3ec8a722b64745095a57f9bb

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

winmm

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 23KB - Virtual size: 31KB

.rsrc Size: 296KB - Virtual size: 296KB

.reloc Size: 51KB - Virtual size: 51KB

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:b2:9b:00:00:00:00:00:15Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

25:ba:f7:87:7a:93:e9:f2:77:9a:d0:d8:84:ae:dd:db:7d:05:48:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 243KB - Virtual size: 244KB

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 23KB - Virtual size: 31KB

.rsrc
Size: 296KB - Virtual size: 296KB

.reloc
Size: 51KB - Virtual size: 51KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

25:ba:f7:87:7a:93:e9:f2:77:9a:d0:d8:84:ae:dd:db:7d:05:48:fb
Signer

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 243KB - Virtual size: 244KB