× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e29835e30a82311d856dc8ac8ba70b5f10f9cd6465a76a0f6423ed1b36dad744
File name: Hero Zero Hack.exe
Detection ratio: 0 / 54
Analysis date: 2016-01-23 13:10:44 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160123
AegisLab 20160122
Yandex 20160123
AhnLab-V3 20160123
Alibaba 20160122
ALYac 20160123
Antiy-AVL 20160123
Arcabit 20160123
Avast 20160123
AVG 20160123
Avira (no cloud) 20160123
Baidu-International 20160123
BitDefender 20160123
Bkav 20160123
ByteHero 20160123
CAT-QuickHeal 20160123
ClamAV 20160123
CMC 20160111
Comodo 20160123
Cyren 20160123
DrWeb 20160123
Emsisoft 20160123
ESET-NOD32 20160123
F-Prot 20160123
F-Secure 20160123
Fortinet 20160123
GData 20160123
Ikarus 20160123
Jiangmin 20160123
K7AntiVirus 20160123
K7GW 20160123
Kaspersky 20160123
Malwarebytes 20160123
McAfee 20160123
McAfee-GW-Edition 20160123
Microsoft 20160123
eScan 20160123
NANO-Antivirus 20160123
nProtect 20160122
Panda 20160123
Qihoo-360 20160123
Rising 20160122
Sophos AV 20160123
SUPERAntiSpyware 20160123
Symantec 20160122
Tencent 20160123
TheHacker 20160119
TrendMicro 20160123
TrendMicro-HouseCall 20160123
VBA32 20160123
VIPRE 20160123
ViRobot 20160123
Zillya 20160122
Zoner 20160123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright BugSplat, LLC (C) 2015

Product BugSplat Crash Report Send Utility
Original name BsSndRpt.exe
Internal name BsSndRpt.exe
File version 3, 3, 1, 0
Description Crash reporting Send Utility, BsSndRpt.exe
Signature verification Signed file, verified signature
Signing date 6:04 PM 4/27/2015
Signers
[+] BugSplat LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certification Authority
Valid from 3:14 PM 6/2/2012
Valid to 5:45 PM 5/29/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 571E61C03013A7E12479630AF278D1B79936984A
Serial number 07 FF 9E 4E 18 62 CF
[+] Go Daddy Secure Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm sha1RSA
Thumbprint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 16:37:36
Entry Point 0x00021939
Number of sections 4
PE sections
Overlays
MD5 27f7ba39f9283001984148330245a5b0
File type data
Offset 317952
Size 6096
Entropy 7.33
PE imports
RegCreateKeyExW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegisterEventSourceW
RegSetValueExW
DeregisterEventSource
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
ReportEventW
CryptAcquireContextW
RegDeleteKeyW
CryptHashData
CryptGetHashParam
RegCreateKeyW
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
InitCommonControlsEx
_TrackMouseEvent
CreateFontIndirectW
SelectObject
GetStockObject
GetObjectW
SetBkMode
DeleteObject
SetTextColor
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
DebugBreak
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
GetFileInformationByHandle
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InterlockedPushEntrySList
CreateEventW
LoadResource
TlsGetValue
MoveFileW
GetFullPathNameW
EncodePointer
SetLastError
InterlockedDecrement
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetFileSize
GetDateFormatW
GetStartupInfoW
SetEvent
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
lstrcpyW
FreeEnvironmentStringsW
ResetEvent
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
UuidToStringW
RpcStringFreeW
ShellExecuteW
PathFileExistsW
PathAppendW
PathUnquoteSpacesW
MapWindowPoints
SetFocus
GetMonitorInfoW
ReleaseCapture
UpdateWindow
EndDialog
BeginPaint
OffsetRect
DefWindowProcW
SetRectEmpty
GetCapture
KillTimer
ShowWindow
MessageBeep
FillRect
SetWindowPos
GetParent
wvsprintfW
SetCursor
SetWindowLongW
MessageBoxW
GetWindowRect
EnableWindow
SetCapture
CharUpperW
DialogBoxParamW
CharLowerW
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
PtInRect
LoadStringW
SetWindowTextW
GetWindowTextLengthW
GetDlgItem
SystemParametersInfoW
BringWindowToTop
IsWindow
MonitorFromWindow
ScreenToClient
InvalidateRect
DrawFocusRect
SetTimer
CallWindowProcW
GetClassNameW
UnregisterClassW
GetActiveWindow
GetClientRect
GetWindowTextW
LoadCursorW
GetFocus
CreateWindowExW
EndPaint
SetForegroundWindow
DrawTextW
CharNextW
DestroyWindow
HttpQueryInfoW
InternetConnectW
InternetWriteFile
InternetReadFile
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
HttpSendRequestW
InternetAttemptConnect
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
WSAStartup
gethostbyname
inet_ntoa
gethostname
WSACleanup
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
90624

ImageVersion
0.0

ProductName
BugSplat Crash Report Send Utility

FileVersionNumber
3.3.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
BsSndRpt.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3, 3, 1, 0

TimeStamp
2015:04:27 17:37:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BsSndRpt.exe

ProductVersion
3, 3, 1, 0

FileDescription
Crash reporting Send Utility, BsSndRpt.exe

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright BugSplat, LLC (C) 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
BugSplat, LLC

CodeSize
237568

FileSubtype
0

ProductVersionNumber
3.3.1.0

EntryPoint
0x21939

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 0ebd229db6bc69e560a949eb8ed71d5e
SHA1 4cec34cb0b0f4cac133d1482cc60cbad5e98592b
SHA256 e29835e30a82311d856dc8ac8ba70b5f10f9cd6465a76a0f6423ed1b36dad744
ssdeep
6144:bkTcxuXrWwoQbG3ATiEqNeen6x+mlrjzoMr:bQcx8WTpQTcEG6x+mlvf

authentihash e8bbf47f56df65385ae0d904944ff5cc1f396516d0da9ba892b91698bc92113c
imphash 9599125f680f0bffbd95ff832f1df1fa
File size 316.5 KB ( 324048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-05-03 03:56:45 UTC ( 2 years, 6 months ago )
Last submission 2017-11-22 05:11:17 UTC ( 3 hours, 48 minutes ago )
File names tmpe.tmp
tmp9b92.tmp
CM_FP_BsSndRpt.exe
BsSndRpt.exe
tmp6b8.tmp
Lets Fish hack.exe
tmp793d.tmp
BsSndRptExe
Shadowgun Deadzone Hack.exe
tmp62.tmp
t3456t12236.tmp
tmpa820.tmp
filename
tmp3.tmp
BsSndRpt.exe
bssndrpt.exe
tmp1.tmp
t177224t721580.tmp
BsSndRpt.exe
League of Angels.exe
BsSndRpt.exe
BsSndRpt.exe
tmp11.tmp
Tap Titans Hack.exe
tmpe3.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications