| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2022-11-14 20:00:37.665697 | 2022-11-14 20:01:41.701970 | 64 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win7cuckoo | win7 Clone 1 | VirtualBox | 2022-11-14 20:00:38 | 2022-11-14 20:01:40 |
File Details
| File name | 30fe96ed612b0afd3016a22938da79a88636cd36.dll |
|---|---|
| File size | 231994 bytes |
| File type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| CRC32 | 86936F7E |
| MD5 | 97a48f9d72a963c1867e08200c7015f0 |
| SHA1 | 30fe96ed612b0afd3016a22938da79a88636cd36 |
| SHA256 | 9608a3d760d5bf6cbe591fad5b34160e3b20477450f3c61427802532db983602 |
| SHA512 | 2a9d96cf3e37b5987ba41e733a1a5b4bbe8411f04c64b6ba6fbfe0b6199e331118ce83c2a695117aacd66b7849b3ef0923ef30b9e8c7b9f21694d33d2ebae10a |
| Ssdeep | None |
| PEiD | None matched |
| Yara |
|
| VirusTotal | File not found on VirusTotal |
MetaFlows Scores
Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1668474113]=0): Snort Events=0, AV Events=0
Total Score=50
Dropped File/Buffer Yara Signatures:
3c33bc6ec009c2ef_install-prodinfo.exe: contains_base64
Total Score=50
Dropped File/Buffer Yara Signatures:
3c33bc6ec009c2ef_install-prodinfo.exe: contains_base64
Signatures
nolookup_communication details
Communicates with host for which no DNS query was performed
packer_entropy details
The binary likely contains encrypted or compressed data indicative of a packer
packer_upx details
The executable is compressed using UPX
Screenshots
Static Analysis
Version Infos
| LegalCopyright: | WildTangent, Inc. All rights reserved. |
| ProductVersion: | 1.0.1.6 |
| FileDescription: | WTDownloader SFXStub |
| FileVersion: | 1.0.1.6 |
| CompanyName: | WildTangent, Inc. |
| Translation: | 0x0409 0x04e4 |
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0001a000 | 0x00000000 | 0.0 |
| UPX1 | 0x0001b000 | 0x00010000 | 0x0000fc00 | 7.97222274518 |
| .rsrc | 0x0002b000 | 0x00001000 | 0x00000e00 | 4.28164669368 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0002b498 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0002b498 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | GLS_BINARY_LSB_FIRST |
| RT_STRING | 0x0002b5c4 | 0x0000006c | LANG_ENGLISH | SUBLANG_ENGLISH_US | data |
| RT_GROUP_ICON | 0x0002b634 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | MS Windows icon resource - 2 icons, 32x32, 16-colors |
| RT_VERSION | 0x0002b65c | 0x0000024c | LANG_ENGLISH | SUBLANG_ENGLISH_US | data |
| RT_MANIFEST | 0x0002b8ac | 0x0000027e | LANG_ENGLISH | SUBLANG_ENGLISH_US | XML document text |
Imports
Library KERNEL32.DLL:
• 0x42bb7c - LoadLibraryA
• 0x42bb80 - GetProcAddress
• 0x42bb84 - VirtualProtect
• 0x42bb88 - VirtualAlloc
• 0x42bb8c - VirtualFree
• 0x42bb90 - ExitProcess
Library ADVAPI32.dll:
• 0x42bb98 - RegCloseKey
Library USER32.dll:
• 0x42bba0 - MessageBoxW
Strings
!This program cannot be run in DOS mode.
P-E&#P
fTYxH9
:,L$K-v
o)sm1&
6{_y\m
Su8VCw
|zKTa<
b+o, t
t jx&EE
hvNB^d
G18"R6a$
x{BRBg
-^i?s)
BH|E]pR
Rh[<Y\
{=11Ol
S.7T:&
w+cRkW
cyaK+"
w!AkTQvJ `
'X ##I_{k"7+
n\ t\'
u)MC(P'v
K #Xe9
2<"zvX
y8f4Du&
fq~w#3]<
<q6.~]
, WMun
Daq,"~J4
(}~jmYQ
i!2,X<l
k)qdj@5w
7 @-YNo
=]dmIwv
Ruh:<W
+\Mi|G
eV$S6ii
X 2}ao5
@NMep@
N6Qm@L
7m/W%KY.
%'jE;#
}T`iMcB
#f/N%9
6|g2dvJ
XOMF.*
y'vF1|
Jq=vOjZ
RJ]@bR
Aj[;9^
uzpt?9
D~G3Y-9
H(\xgI`
vqK/>=
n[axr.c
Lwc@B6
Cal7(9
l~Z^d-
ht<K:U
G}kSCq25I
7X[+$G
JuB58FsA
}0;6zH7
$j?TnGE
Q=`*M_6J
O_$mXI
gps]='
ssm3lR
}'UJ{q
}1n'CU#
"sx40u
pl/LB/
\m2HMi
Lt\j5uG
nGcA>*
'^M9<@
8y)5#%
HYC/ezS
Z1=}Gu}
r9jV$m
:}/IUtS
%B]u'1U
=hIgA=n
qL}vbR
|@cu[<
H#/cgv6
H%6_k}PJ
z`z?'^
:EJWg;
zL<.bRB
08WkVb
mnA0Ck
9)[?2tg
2p}K)
RlN/RN@-
wcq]tr
6;;FaH
zAM:UOZ#
V1}X5t
pe@"D~a:
wwq01Y
sZn7i[g
FFShcx
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
)D$H)
9l$\w_
XPTPSW
33333330
{{{{{{{3
{{{{{{{33
{{{{{{{330
{{{{{{{330
{{{{{{{330
3333333
33333333
wwwwwwwwwww
DDDDDD@
DDDDDDGpw
DDDDDDGpw
DDDDDDDDDDD
wwwwwwwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="WildTangent.WildGames.WTDownloader.SFXStub"
type="win32"
<description>WTDownloader SFXStub</description>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
KERNEL32.DLL
ADVAPI32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
MessageBoxW
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
Thawte, Inc.1$0"
Thawte Code Signing CA - G20
110307000000Z
130306235959Z0
Washington1
Redmond1
WildTangent Inc1
Product Development1
WildTangent Inc0
*http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
http://ocsp.thawte.com0
)cx2Mt
Western Cape1
Cape Town1
Thawte Consulting cc1(0&
Certification Services Division1!0
Thawte Premium Server CA1(0&
premium-server@thawte.com0
061117000000Z
201230235959Z0
thawte, Inc.1(0&
Certification Services Division1806
/(c) 2006 thawte, Inc. - For authorized use only1 0
thawte Primary Root CA0
l[HhIY7
https://www.thawte.com/cps0
/http://crl.thawte.com/ThawtePremiumServerCA.crl0
.zy1_c
thawte, Inc.1(0&
Certification Services Division1806
/(c) 2006 thawte, Inc. - For authorized use only1 0
thawte Primary Root CA0
100208000000Z
200207235959Z0J1
Thawte, Inc.1$0"
Thawte Code Signing CA - G20
#http://crl.thawte.com/ThawtePCA.crl0
http://ocsp.thawte.com0
VeriSignMPKI-2-100
Thawte, Inc.1$0"
Thawte Code Signing CA - G2
www.wildtangent.com 0
^s3Qu'h
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
110419170400Z0#
;!@Install@!UTF-8!
Progress="no"
;!@InstallEnd@!
GIF89a
BM##/"R"P0g`*$c
UNe8,TL DWK9
;<?xml version="1.0" encoding="utf-8" ?>
<atom>
<type>prodinfo</type>
<name>prodinfo-supergranny6</name>
<description>Provides product information</description>
<version>1.0.1.1171</version>
<atomxmlversion>1</atomxmlversion>
<priority>0</priority>
<progressweight>0</progressweight>
<dependencies>
</dependencies>
<discriminators>
<discriminator>product:supergranny6</discriminator>
</discriminators>
<inputs>
<input>Locale</input>
<input>TemporaryPath</input>
<input>IPCKey</input>
<input>Silent</input>
<input>ProcessResult</input>
</inputs>
<outputs>
<output>ProductCodeName</output>
<output>ShortDescription</output>
<output>Snippet</output>
<output>ProductDisplayName</output>
<output>ProductGUID</output>
<output>ESRB</output>
<output>WTRating</output>
<output>HideBuyButton</output>
<output>FlashMinimumVersion</output>
<output>GameExplorerGUID</output>
<output>GameImageFilePath</output>
<output>WIREProductFeatureImageFilePath</output>
<output>WIREProductTitleImageFilePath</output>
<output>GameDiscoveryXMLFilePath</output>
</outputs>
<ui><file>wtatom.html</file></ui>
</uis>
</atom>
body.AtomUIFrame
color:#333;
font-size:12px;
font-family: Calibri,Tahoma, Arial, Verdana, Lucida Sans Unicode, Sans-Serif;
margin: 0px;
width: 100%;
height: 100%;
background-image:url(bg_400.gif);
cursor: default;
!This program cannot be run in DOS mode.
Richt1
(u/rVje
SjdV$N>
zi,]["5
HpX$
HjZ]x.
x<#X G
s[30rX2
0#cW@g
V[8Efu
5Bs;@DB
0"@frH
@ SY6M
-f&t)y
`B-_`;e
Instuo
Nullu]
H;DM}.$ q\&
sK5PJmA
[X/p+Hx
`@KYC9
=HYT{&Y
g={fb;
;5`-~\f/
<s3lDC
<Ku)q:
hg`*HR5`
qj!CD@
mOH5h*h
eB=goVlU1)%
F4)lMR
^j\PN$
='3{Ww
6;}!dt
8;Ev(6
~' vGc
mhA;?%r
>X6Vj)l+_,
ERSq+'
80xW#B
[,,i$rq$
bY<T#V
t#Iu5E
GQe+Ud
YlTh1t\
0%(xt"
x_!fKCVC
hA|9hS
AYOJXp
Utb=)1
Y.+j).k8
#d(9(0U
2 $db
32@FxFy
hMp2lHf
zT?(?V
pPb/HN
J+N^6e
NHNH K
`\iF<O
V!I;4!
!5$*s,
1t AGG;M
zuNkDp
f0zuOL*
cPtq'>
>Pp7CC9*
le6SX$
Vib@}3V2
t1g|9m/
A@KhDC
!9~`JRl
rpMM+C
1Ht Hm
s[S;7|G
j"k@L!P
?;crXtR99
thP5>p
xvQ;VmRt
tGqt=(dPsm
TF'+lk
xQTg(|0
QTpp x
+F-y(9 oP
7bT!w$y2
3E'8kV
7s6cP[
x?Wj?:
l]SA7 3+0k
d`X}EP
9lC<]`
W\>1 D
L<Pjpb=P
X>K<7:
#Jp_@Nr
hX7$8 \H
)wCahQu
KAYKYYK
)YN!K6\3
u8SS]h
"*m+#!7
SWCC*20
jb[Q`&
eUA^`"
u'p01
Z1>B<(
MQlP's
A|mt^j
474C;3
|r 8^`
%;rXk@d
S3HsH}
s!2;2MC
fnPv`~p
,1By:O
h'X3);PLeG
\WX7+h
1`u/WW
ON=Js`
RLY$_;
,` 6h{
t?0-,3
)0V.4)Y
eJHHLJ
)Y8l9Y
d9p:t;eJ
)x<|;U
H%SL?J
@ujx v
(&5fbWX
A[r(9
J^ ]{p
5taB#tF
(DSFcR
DP5.w(y:"Fr"
i0!cPV(
j0Y(:w[
eR* gPm
RP(xt"L
~,WP2
r-w].(
S!,!2-
7D,Cr)
y%$-f^
|zUd#f[|
|Zj MY+
<N<Ew[
=*l("Um
ju.Y*)
ZkJgyu
k6iEEEY
$A(-K`
<4IFQ/8
qVhnHh
oD+)Ke
?^pgas
,dSt"E
Gr rLrk
0r.\$.h
8TmV|h
\verifying stall
: %d%%
unpackda
I9CtegPty ch
e: has fai
d1Common6
auses)clude
7download andqma
owto ob
http://Dis.sf.,V
o.t/NSIS_Err
MakTsuYyo
42U7-O
B!u_<T>
~3u.t^
%s%iR'{
DEFAULT\i]h(
lOSHG]F
5Us3X6ul
[rKeyEx
}oftwa-\M\rs
r\Qui8L8m
w+*?|<>/":s
wt\*.*
k_aqme*<!
afeIPC.cp3W
$B3G%E
.miUrp
EOsPo(
C w2bS3
jS_*,\/X
k/N1[!
gu(sW2;
,pl1Eb.
msco.d
MONETAR
YCTYPb
OLLATE
!"#o
$%&'()*+,-./
89:;<=>?lC
GRJKLMNOPQRST
K\XYZ[\B`
ijklmSp
vwxyz{|}~
l> Hie
5p%HG#u
vf%KX$
iplh+d
4M\XTPLH4M
4D@<84
0,($ M
$SrU (D
E%zg bgj
{WSKGC7y
C?;3#v
}`kmod
0sP#bA
|iremib
p]/l]vM7
`WUXOGB
2 @I P
dXhxC2
9`'FW@nP2
a`++ pW
$'$2$A
A: %3%;0
T%s p'/
0yyp'/
Al'cT}
")*C2S=2
;*C*K*
, ,',&O
</,7,?,
W9+ =+S
rr)-1(
B .?AV
s?$_cTn
F>_of_
4M (!0D"M
d`\XPHi
|xthkI
d XMMl
c) 1992-2004 by P.J.
Dinkum
z RI4TS
GlobalAAq{
5ForSin
2pandE
5seH2lrS
OutpuP"
`xOEMD
ag.j_@
dT0lcYH t
SPct&5
^iIC|"
2 DKog
N\Qpbo
.n(K]x
XPTPSW
wwwwwwwxp
wwwwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v08-Dec-2009.cvs</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
ole32.dll
SHELL32.dll
USER32.dll
VERSION.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegEnumKeyA
SetBkMode
OleInitialize
ShellExecuteA
VerQueryValueA
NullsoftInst
]k)W=<Jv
6}xw7-cp
aS7LUA
0j7K;U|f
Ii3?~4
X#X!~d
bnT2K& gJ
Wla6wk2
; sE36.
Kj/ob(
C*d/Wj
BYR[7l!
'nbcoir_
s/WELU
<~a(F
!WY5/)
ygq<M,;vX
I.3&ei
l0`8bF`vM
r`mr*L
"Q3Ji[
5P4#,0
m0pMmL]
w!W]f}XX
6>C]/U-
#=$bd^
c wmxt
]FPGPq
wTNZ_\x
jv'z*dhU
a<!?T4
tcbk@2]9
+/'_Dd
b(UGbx
KfY#k"
yAjg#/]
7th`>,H=
V!F`u"
B@k)upt
ho'RH>
[8,^)P
qco|Zi+
cgkAyi4
Qc}+dA
&jeIOA8Y
[?ZJG7
m`258/U
~-]muHi
feLIOC\5
m~KUNc
?4X@,uFn
F_\6?U
wga]ZE4
6+DHRg,
e/_*EU
_\c2|d/
uBfA-hc4
^WUxkj
/By A^
oN'K*Qx
p[tX~.4z
*dOC3Y
ti!Rhd
|{_26x
L/a2i<
\sjGV;"
>[0;[o
Dp<obU v
z/7E4 K
[IY 4xY
wA%M=1k
EL<^@h
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
Thawte, Inc.1$0"
Thawte Code Signing CA - G20
110307000000Z
130306235959Z0
Washington1
Redmond1
WildTangent Inc1
Product Development1
WildTangent Inc0
*http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
http://ocsp.thawte.com0
)cx2Mt
Western Cape1
Cape Town1
Thawte Consulting cc1(0&
Certification Services Division1!0
Thawte Premium Server CA1(0&
premium-server@thawte.com0
061117000000Z
201230235959Z0
thawte, Inc.1(0&
Certification Services Division1806
/(c) 2006 thawte, Inc. - For authorized use only1 0
thawte Primary Root CA0
l[HhIY7
https://www.thawte.com/cps0
/http://crl.thawte.com/ThawtePremiumServerCA.crl0
.zy1_c
thawte, Inc.1(0&
Certification Services Division1806
/(c) 2006 thawte, Inc. - For authorized use only1 0
thawte Primary Root CA0
100208000000Z
200207235959Z0J1
Thawte, Inc.1$0"
Thawte Code Signing CA - G20
#http://crl.thawte.com/ThawtePCA.crl0
http://ocsp.thawte.com0
VeriSignMPKI-2-100
Thawte, Inc.1$0"
Thawte Code Signing CA - G2
www.wildtangent.com 0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
110419170342Z0#
&{3796CDE0-8AD3-B570-D259-BFB7950A9058}
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
WildTangent, Inc.
FileDescription
WTDownloader SFXStub
FileVersion
1.0.1.6
LegalCopyright
WildTangent, Inc. All rights reserved.
ProductVersion
1.0.1.6
VarFileInfo
Translation
<<<Obsolete>>
WildTangent SF
<html xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" type="text/css" href="atomui.css" />
<script language="javascript">
var ProcessIndex = "";
function OnMyProcessComplete()
var RetVal = window.external.GetValue( "ProcessResult" );
if ( RetVal == "0" )
//The process completed successfully
//****** NOTE: NSIS script-created file names must match variables values set by HTML ******
window.external.SetValue( "GameImageFilePath", TemporaryPath + "\\" + AtomFolder + "\\feature.jpg" );
window.external.SetValue( "WIREProductFeatureImageFilePath", TemporaryPath + "\\" + AtomFolder + "\\feature.jpg" );
window.external.SetValue( "WIREProductTitleImageFilePath", TemporaryPath + "\\" + AtomFolder + "\\title.jpg" );
window.external.SetValue( "GameDiscoveryXMLFilePath", TemporaryPath + "\\" + AtomFolder + "\\supergranny6.xml" );
window.external.SetComplete();
else
window.external.Abort();
var ShortDescription = "";
var Snippet = "";
var FlashMinimumVersion = "";
var Locale = window.external.GetValue( "Locale" );
if (Locale == "zh-cht") {
ShortDescription = "Super Granny
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "zh-chs") {
ShortDescription = "Super Granny
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "fr") {
ShortDescription = "Super Granny
6 est une aventure pour tous les
ges faisant intervenir casse-t
te et objets
lancer
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "de") {
ShortDescription = "Super Granny
6 ist ein Abenteuer voller Puzzles und Gegenst
r die ganze Familie!";
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "it") {
ShortDescription = "Super Granny
un'avventura rompicapo-lancia oggetti per tutte le et
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "ko") {
ShortDescription = "Super Granny
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "pt") {
ShortDescription = "Super Granny
6: resolva desafios e lance objetos em uma aventura para todas as idades!";
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "es") {
ShortDescription = "Super Granny
6 es una aventura para todas las edades en la que resolver
s enigmas y arrojar
s objetos.";
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else if (Locale == "es-es") {
ShortDescription = "Super Granny
6 es una aventura llena de puzles y gatitos para todas las edades.";
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = ""
} else { //Assume en-us
ShortDescription = "Super Granny
6 is a puzzle-solving, item-tossing adventure for all ages!";
Snippet = "Run, dig, and climb to save the kitties!"
FlashMinimumVersion = "";
window.external.SetValue( "ProductCodeName", "supergranny6" );
window.external.SetValue( "ShortDescription", ShortDescription );
window.external.SetValue( "Snippet", Snippet );
window.external.SetValue( "ProductDisplayName", "Super Granny 6" );
window.external.SetValue( "ProductGUID", "64f20297-3c1c-4e68-a664-e861f6f9e643" );
window.external.SetValue( "ESRB", "" );
window.external.SetValue( "WTRating", "wt2" );
window.external.SetValue( "HideBuyButton", "0" );
window.external.Setvalue( "FlashMinimumVersion", FlashMinimumVersion );
window.external.SetValue( "GameExplorerGUID", "64f20297-3c1c-4e68-a664-e861f6f9e643" );
var IPCKey = window.external.GetValue( "IPCKey" );
var Silent = window.external.GetValue( "Silent" );
var TemporaryPath = window.external.GetValue( "TemporaryPath" );
var AtomFolder = "prodinfo_supergranny6_1.0.1.1171";
ProcessIndex = window.external.CreateProcess( AtomFolder + "\\install-prodinfo.exe",
'/K=' + IPCKey
+ ' /TEMPORARYPATH="' + TemporaryPath + '"'
+ ( Silent == "true" ? ' /silent' : '' )
, AtomFolder, "frames.AtomUIFrame.OnMyProcessComplete();", "100" );
catch (e)
window.external.Abort();
</script>
</head>
<body class="AtomUIFrame">
</body>
</html>
VS_VERSION_INFO
StringFileInfo
000004e4
Comments
Part of a game installer
CompanyName
WildTangent
FileDescription
Prodinfo installer for supergranny6
FileVersion
1.0.1.1171
InternalName
installer-prodinfo
LegalCopyright
(C) 2011 WildTangent, Inc.
ProductName
Prodinfo Atom Installer
ProductVersion
1.0.1.1171
VarFileInfo
Translation
<<<Obsolete>>
*WildTangent Installe
Dropped Files
57fce2e63e9bea0a_bg_400.gif
| File name | 57fce2e63e9bea0a_bg_400.gif |
|---|---|
| File size | 598 bytes |
| File type | GIF image data, version 89a, 1 x 400 |
| MD5 | e6bd167bfd6656fd0a0053d95d7c27c4 |
| SHA1 | 5d70445c9c175aef79cf37c82435315c44d0c867 |
| SHA256 | 57fce2e63e9bea0aead2811c3bc79d545b0026fc5d11359f6592fd584c38a162 |
| SHA512 | 3315fcdbf8844270dfcb33a7ef83805ef9960289eb238f49f22eb5fa2e571491d0a02ac9fa85319fac9623274e8f026a483e9f4383479e988cc8e7d74009d387 |
| Ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for Analysis |
3c33bc6ec009c2ef_install-prodinfo.exe
| File name | 3c33bc6ec009c2ef_install-prodinfo.exe |
|---|---|
| File size | 144328 bytes |
| File type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, Nullsoft Installer self-extracting archive |
| MD5 | 4e981b18adca73f8672bc8e47d1ec990 |
| SHA1 | 29d69e3e43d037632b022d6e44a6fadb15eb2213 |
| SHA256 | 3c33bc6ec009c2ef67d42250c761aabc10991099bab04d25d72dace5fbe883fb |
| SHA512 | 96fe1f1585d6e8282cbb75143195d66a8782eaffe1c5b73cfb15058bc87404b5596632c272b79bb87feb90c57b6f3a54e5d445cb51b524c8ddd56cbaa0e7fcc5 |
| Ssdeep | None |
| Yara |
|
| VirusTotal | Search for Analysis |
c248c06c5f6162f0_wtatom.html
| File name | c248c06c5f6162f0_wtatom.html |
|---|---|
| File size | 9832 bytes |
| File type | HTML document, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators |
| MD5 | a79b0caa65d9c15c8aee600d601c3460 |
| SHA1 | 69ce755870acef08c01b1e5b61478b24d3d285fa |
| SHA256 | c248c06c5f6162f0135765c0af348ae336a048148bbc712a9f0924cefbdf3b20 |
| SHA512 | 0eecf959d0ff56f3b1f9176fcf5d9cd61e3807c250daf8f895bb9fe55c10e9351bfce62405e5ed2ed448c3757c776a0bd4ef7e18d87c81ac4177f4b28ab1d093 |
| Ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for Analysis |
80d8ac443868d7b3_wtatom.xml
| File name | 80d8ac443868d7b3_wtatom.xml |
|---|---|
| File size | 1183 bytes |
| File type | XML document text |
| MD5 | 91a695c374edfdf593f2097eef314109 |
| SHA1 | 9265325835a9b0799dc0bf3b7a85781879af1f31 |
| SHA256 | 80d8ac443868d7b323f534de35014c18d17d1fa10f28e9f2501f56558ab298fc |
| SHA512 | a20a83b07feec3df0db286654619c6389d77983fef5f89f36a0172143c9d7491ef0dbed0e16616a0f6060eb2763a1136623cd9efb496e75f25acde54a35c2114 |
| Ssdeep | None |
| Yara |
|
| VirusTotal | Search for Analysis |
fdd17447c564bd55_atomui.css
| File name | fdd17447c564bd55_atomui.css |
|---|---|
| File size | 248 bytes |
| File type | ASCII text, with CRLF line terminators |
| MD5 | 00915a276f15a803339c2551b69e84c9 |
| SHA1 | aba6455139b32e8e3e4460d25954dfad911fae17 |
| SHA256 | fdd17447c564bd5561136450054687af859ca33cb0eb2ebcb2f73665980dac46 |
| SHA512 | 6beef0a662399ea989d86680af73625e1620290ab71b39a01be071bc31e41478e98880bc272f588cbf3291fab2a4ece82be76e14731ca7ef6d83ad8b7ca6cb4a |
| Ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for Analysis |
Network Analysis
Hosts Involved
| IP Address |
|---|
| 20.126.106.131 |
| 23.101.14.229 |
| 23.204.249.81 |
| 23.99.109.44 |
| 70.186.27.9 |
| 8.250.163.254 |
| 8.8.8.8 |
DNS Requests
| Domain | IP Address |
|---|---|
| ipv6.msftncsi.com | |
| dns.msftncsi.com | 131.107.255.255 |
| nexusrules.officeapps.live.com | 52.109.8.45 |
| teredo.ipv6.microsoft.com | 54.241.176.34 |
| ctldl.windowsupdate.com | 209.197.3.8 |
| nexus.officeapps.live.com | 20.234.90.154 |
| armmf.adobe.com | 23.204.249.81 |
| watson.microsoft.com | 104.208.16.94 |
HTTP Requests
| URL | Data |
|---|---|
| http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt?911320f9b04be75f | GET /msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt?911320f9b04be75f HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ctldl.windowsupdate.com |
| http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?99597122bcf08015 | GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?99597122bcf08015 HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ctldl.windowsupdate.com |
Behavior Summary
File-Read
- C:\Users\Harry Dresden\AppData\Local\Temp\30fe96ed612b0afd3016a22938da79a88636cd36.dll
File-Written
- C:\Users\Harry Dresden\AppData\Local\Temp\prodinfo_supergranny6_1.0.1.1171\bg_400.gif
- C:\Users\Harry Dresden\AppData\Local\Temp\prodinfo_supergranny6_1.0.1.1171\install-prodinfo.exe
- C:\Users\Harry Dresden\AppData\Local\Temp\prodinfo_supergranny6_1.0.1.1171\wtatom.html
- C:\Users\Harry Dresden\AppData\Local\Temp\prodinfo_supergranny6_1.0.1.1171\wtatom.xml
- C:\Users\Harry Dresden\AppData\Local\Temp\prodinfo_supergranny6_1.0.1.1171\atomui.css
File-Opened
- C:\Users\Harry Dresden\AppData\Local\Temp\30fe96ed612b0afd3016a22938da79a88636cd36.dll
Directory-Created
- C:\Users\Harry Dresden\AppData\Local\Temp\prodinfo_supergranny6_1.0.1.1171
Registry Key-Read
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Mutex-Accessed
- {EEF4DCB9-E47E-4ee9-A191-C303C366F66C}_Mutex
Processes
registry filesystem process services network synchronization