AngryBirdsSeasonsFull[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AngryBirdsSeasonsFull.exe
Size

1.3MB
MD5

439fea364aefcce7254d98867328f286
SHA1

2cee7c3cbefb4202459af001728fe49e51b38378
SHA256

9f997acc530bd567afa60ecbc54519eafd81b876fcbb137552ef722aa3d8e5de
SHA512

54c018466037a4213fc6e6e64c729debd79e84f8f8263f58fe2c081c2bf15edf37c9b02384a08dc26a4ed07bf72d4dd4f7edf356ffc60e22b4d3b5d6a61ce0c2
SSDEEP

24576:6x/HtCf99mqGtr4Bx67VpZ0l6RkndzXftUAlo5GWB9buANM1tGK98zSETgl8AEF6:A/HtEUq67VpZ5KndBUA+5vbuiMHGK98I

Score

1^/10

Malware Config

Signatures

Files

AngryBirdsSeasonsFull.exe
.exe windows:5 windows x86 arch:x86

6cd22abee454263b61bebfa62fc63e70

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:a7:4d:b1:67:25:0d
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

26/10/2011, 13:20

Not After

26/10/2014, 13:20

Subject

CN=Rovio Entertainment Ltd.,OU=Technology,O=Rovio Entertainment Ltd.,L=Espoo,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:10:8c:d7:59:50:80:68:fd:07:3d:79:5a:d2:a4:8f:62:66:31:67
Signer

Actual PE Digest

b4:10:8c:d7:59:50:80:68:fd:07:3d:79:5a:d2:a4:8f:62:66:31:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Hudson\workspace\AngryBirdsSeasons_3.3.0_Windows\AngryBirdsSeasons\build\windows\distribution\game\AngryBirdsSeasonsFull.pdb

Imports

kernel32

GetModuleHandleW
SetErrorMode
LoadLibraryW
GetCurrentDirectoryW
OutputDebugStringA
GetLastError
FlushFileBuffers
MoveFileExW
GlobalLock
GlobalUnlock
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateProcessW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
SetThreadPriority
GetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
ReleaseMutex
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsA
Sleep
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetTickCount
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetVersionExA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryA
GetProcAddress
GetStartupInfoW
GetVersionExW
SetLastError
FormatMessageA
GetFileAttributesA

user32

TranslateMessage
DispatchMessageW
PeekMessageW
SetCapture
ClientToScreen
SetCursorPos
ReleaseCapture
LoadIconW
RegisterClassExW
AdjustWindowRectEx
MonitorFromPoint
CreateWindowExW
UnregisterClassW
PostQuitMessage
GetWindowTextA
ShowWindow
MapVirtualKeyW
ScreenToClient
DefWindowProcW
GetMessageW
DestroyWindow
LoadImageW
SetCursor
ReleaseDC
GetDC
SetWindowTextW
GetClientRect
GetCursorPos
MoveWindow
GetWindowLongW
GetWindowPlacement
LoadCursorW
SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowLongW
SetWindowPos
SetWindowPlacement
ClipCursor
CloseClipboard
GetClipboardData
OpenClipboard
FindWindowW
TrackMouseEvent
MessageBoxW
GetTopWindow
GetWindowRect

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

ws2_32

setsockopt
recv
WSAGetLastError
WSAStartup
WSACleanup
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
sendto
accept
listen
__WSAFDIsSet
select
ioctlsocket
gethostname
recvfrom
send

wldap32

ord46
ord143
ord26
ord27
ord211
ord22
ord41
ord60
ord301
ord79
ord35
ord50
ord33
ord200
ord32
ord30

normaliz

IdnToAscii

advapi32

CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

msvcp100

??1_Container_base12@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xfunc@tr1@std@@YAXXZ

msvcr100

memcpy
memmove
memset
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_purecall
_CIsqrt
memchr
_CIacos
_CIatan2
_CIcos
floor
_CIfmod
_CIpow
_CIsin
_difftime64
_localtime64
_mktime64
_time64
_mkdir
??_V@YAXPAX@Z
sprintf
atoi
ceil
free
malloc
exit
fprintf
__iob_func
modf
frexp
longjmp
_setjmp3
atof
??3@YAXPAX@Z
sscanf
getenv
fseek
fwrite
fclose
strncpy
strrchr
strchr
strtol
isdigit
_errno
_wfopen
ferror
_get_osfhandle
_fileno
ftell
fopen
_ftelli64
_fseeki64
feof
strerror
ungetc
freopen
getc
realloc
strstr
_gmtime64
strftime
clock
_CIsinh
_CIcosh
_CItan
??1exception@std@@UAE@XZ
_CIasin
_CIatan
_CIlog
_CIlog10
_CIexp
ldexp
rand
srand
_HUGE
tolower
toupper
isxdigit
isalnum
isupper
isspace
ispunct
iscntrl
isalpha
islower
strpbrk
fputs
strtoul
strtod
strncat
strcspn
strcoll
localeconv
calloc
__sys_nerr
_strtoi64
strncmp
fgets
qsort
fputc
_beginthreadex
fflush
_fstat64
_lseeki64
wprintf
_stat64
_strdup
isprint
isgraph
??0exception@std@@QAE@XZ
_close
_open
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_stricmp
_vsnprintf
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_CItanh
_write
_read
_strnicmp
_lseek
vswprintf_s
_chdir
__argv
__argc
fread

gdiplus

GdipFree
GdipAlloc
GdipDeleteBrush
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipNewInstalledFontCollection
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdiplusStartup
GdipDeleteFont
GdipCloneImage
GdipCloneBrush
GdipGetFontHeight
GdipGetFontStyle
GdipCreateFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipIsStyleAvailable
GdipGetFamilyName
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipCreateSolidFill

iphlpapi

GetAdaptersInfo

dsound

ord11

shell32

SHGetFolderPathAndSubDirW
ShellExecuteExW

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod

Sections

.text
Size: 955KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cd22abee454263b61bebfa62fc63e70

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

07:a7:4d:b1:67:25:0dCertificate

Extended Key Usages

Key Usages

b4:10:8c:d7:59:50:80:68:fd:07:3d:79:5a:d2:a4:8f:62:66:31:67Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winhttp

ws2_32

wldap32

normaliz

advapi32

msvcp100

msvcr100

gdiplus

iphlpapi

dsound

shell32

winmm

Sections

.text Size: 955KB - Virtual size: 954KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 9KB - Virtual size: 103KB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 70KB - Virtual size: 70KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

03:01
Certificate

07:a7:4d:b1:67:25:0d
Certificate

b4:10:8c:d7:59:50:80:68:fd:07:3d:79:5a:d2:a4:8f:62:66:31:67
Signer

.text
Size: 955KB - Virtual size: 954KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 9KB - Virtual size: 103KB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 70KB - Virtual size: 70KB