FalloutNVLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FalloutNVLauncher.exe
Size

2.0MB
MD5

939877f69c232d11c6df1ca26158c055
SHA1

92131d74c331974b4a74774fedeeffdecf4f2138
SHA256

119200d8ef4a8c79602d330bfaf4ffc32255e12794df5e82c0fe5510fd34590b
SHA512

092778bc48742d83f79f19a15ea0dbd8890aaa1a332a92d1675faf320baf21884beef7d03e4c136b6149321ec30d1a67e685507d4ab0a4ad5dc13c56cd105c57
SSDEEP

49152:ipyyK4g/Gm9s2uERi5Ze8PfUjaFS05UGzP03pzbw7W67n/5:KTus76BqUjaFH5UG8uW67R

Score

1^/10

Malware Config

Signatures

Files

FalloutNVLauncher.exe
.exe windows:5 windows x86 arch:x86

b1e2cf9de2da662fab0d3cef27526697

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:05:4e:a7:c5:18:c1:4a:ed:9e:e0:71:69:15:d4:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/09/2010, 00:00

Not After

13/09/2011, 23:59

Subject

CN=Bethesda Softworks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bethesda Softworks,L=Rockville,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:58:c3:d4:69:cd:d1:3c:cd:d8:62:98:ad:f1:2a:03:db:c9:e4:9b
Signer

Actual PE Digest

5a:58:c3:d4:69:cd:d1:3c:cd:d8:62:98:ad:f1:2a:03:db:c9:e4:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

dsound

ord11

steam_api

SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RegisterCallback
SteamRemoteStorage
SteamUserStats
SteamUtils
SteamUser

kernel32

GetCurrentProcess
TerminateProcess
GetStartupInfoA
lstrcmpW
lstrcmpiW
GetCommandLineW
Sleep
LocalFree
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetLastError
GetProcAddress
UnhandledExceptionFilter
GetPrivateProfileStringW
CopyFileW
GetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetFileAttributesW
CreateMutexW
FindFirstFileW
CreateDirectoryW
FindClose
FindNextFileW
InterlockedCompareExchange
GetCurrentProcessId
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedExchange
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceFrequency
GetCurrentThreadId

user32

SetWindowTextW
UpdateWindow
ShowWindow
EnumDisplayDevicesW
ChildWindowFromPointEx
GetClientRect
InvalidateRect
LoadImageW
DestroyWindow
UnregisterClassW
SetRect
CreateWindowExW
MessageBoxW
RegisterClassW
GetSystemMetrics
PostQuitMessage
LoadCursorW
TranslateMessage
RegisterClassExW
LoadIconW
PeekMessageW
DefWindowProcW
DispatchMessageW
SendMessageW
CreateDialogParamW
PostMessageW
GetWindowInfo
GetDlgItem
SetWindowLongW
EndDialog
SetWindowPos
LoadStringW
EnableWindow

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize

msvcp90

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH_W@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??Bios_base@std@@QBEPAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
??1locale@std@@QAE@XZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?eof@ios_base@std@@QBE_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$allocator@_W@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?uncaught_exception@std@@YA_NXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ

comctl32

PropertySheetW

msvcr90

_CxxThrowException
ftell
fseek
_splitpath_s
fclose
wcslen
tolower
_wchdir
wcscmp
exit
abort
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
strcat_s
_itow_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
qsort_s
strstr
fmod
memset
??_V@YAXPAX@Z
strcmp
floor
fabs
sin
_waccess
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
strlen
swscanf_s
_wtof
wcstombs
fopen_s
fread
_purecall
fwrite

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bind
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1e2cf9de2da662fab0d3cef27526697

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

40:05:4e:a7:c5:18:c1:4a:ed:9e:e0:71:69:15:d4:b4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5a:58:c3:d4:69:cd:d1:3c:cd:d8:62:98:ad:f1:2a:03:db:c9:e4:9bSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

dsound

steam_api

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp90

comctl32

msvcr90

version

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.bind Size: 352KB - Virtual size: 352KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

40:05:4e:a7:c5:18:c1:4a:ed:9e:e0:71:69:15:d4:b4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5a:58:c3:d4:69:cd:d1:3c:cd:d8:62:98:ad:f1:2a:03:db:c9:e4:9b
Signer

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.bind
Size: 352KB - Virtual size: 352KB