ce9e1dc391df9942c018af7429f6bad21908743ef8f9fc2bc2a15490a5e9d47a

Sharing

Copy URL Twitter E-mail

General

Target

ce9e1dc391df9942c018af7429f6bad21908743ef8f9fc2bc2a15490a5e9d47a
Size

4.5MB
MD5

4c6260aaeadd6ea46088b6cb146f6925
SHA1

aaeb1259702c37cbbd4695c2a18e9400dd7560b4
SHA256

ce9e1dc391df9942c018af7429f6bad21908743ef8f9fc2bc2a15490a5e9d47a
SHA512

c8118fdb074c336e8cff042b0f275c397b1ab90fe17da74f8ebe9a38cdead93f262d763cf09180a7b2fa1dbc61f76ddf47a304bf49ed6d4ac7392cbbb332509a
SSDEEP

98304:+645OoLi0eZwsg6WiqbctCoW1Jcul0KeGHSrv/jJDFt2F74Pp:+641XGZqbctp4MKbHEv/8F7o

Score

N/A

Malware Config

Signatures

Files

ce9e1dc391df9942c018af7429f6bad21908743ef8f9fc2bc2a15490a5e9d47a
.exe windows x64

838e882b3a0e9e884a145c265f311f82

Code Sign

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

SERIALNUMBER=91440300746612636Q,CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:b5:6e:50:25:ab:70:19:a5:f3:c3:c1:c6:f2:98:92:96:15:07:14:9c:8d:93:54:a8:2f:ce:1c:5a:39:e0:2c
Signer

Actual PE Digest

42:b5:6e:50:25:ab:70:19:a5:f3:c3:c1:c6:f2:98:92:96:15:07:14:9c:8d:93:54:a8:2f:ce:1c:5a:39:e0:2c

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440300746612636Q,CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

11/05/2020, 09:38
Valid: true

Chain 1

SERIALNUMBER=91440300746612636Q,CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

44:98:ca:2f:49:6b:10:ad:32:35:c3:37:19:f6:41:d1:b8:b4:93:a2
Signer

Actual PE Digest

44:98:ca:2f:49:6b:10:ad:32:35:c3:37:19:f6:41:d1:b8:b4:93:a2

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN

11/05/2020, 09:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

WSACleanup

crypt32

CertEnumSystemStore

user32

CharUpperBuffW

Exports

Exports

��B' it��_#�i��w��:�o�9_�`��r��/�\�Q��}�H�@-m�W�lV�1�g�=:�V^��Ԑ�u��{�n��j�=��̖�XjWfBJoE��y�5�J�̽@Y�Ъ&��4mǭE�U��$�ަtݘj��$��:׸ �I��D��P��d� 2� ��c��Af?cȡ��뫅�@�v \�!�Y��KLt5�)�LT�Z��#.7}�ȂԘ��o��Y�,.��5,M�f0�:�]�y~Ma��oܞ��H]��v��H� D::׫׎�u��k�ɽv��7��1�JXo��r�V��>���P(��F^�Vt�B�uW&�(�9ٗt��U'c$/��pf��hx��Y ��a��=��Y��NA��!�˻&J��3R��*8�0��fw[5��3U?+�n�D��t��RANn-D��UJ�q�%�N��Y�~��ǃ��zľ�I��g��s��B��r&�7�<��l�&�?�%�ߘ��b8�� !�n��H(�"ρ�Q�:�p�@�Ҥ��K��t�[>�?�)�+٭��"(��^/��m?��@^ٴ�n��l��{A�tM�Bi�U�L��U;�uY1L��V��q�J :��+d��[/�ۭ�Ϻ�#m0?{k;��h� n�Sf��E�#��궎l1X�4��-�F�[��;�g��5�ۧ�n��i=H0��l��+%�"Yt�)0�ly��1�� pϭ��eWn��3|!F��k}PQ9g�1��a�0��N��#�v��5 :�[�ǂISŚ>s��,AIw�w#N0P�yW�gb��a�f&3�C��Y�9DZ��"�QIQ�A ]CrGV��:��I�I�� T��򜄾�78P�W��h��7�؂A�u�ڟ��ly��k�ƻ��)~t�g��u7�㨾�X�� Fl�D(O�L�W|��ू�\uQ��6+W+��z(|�Hk�>��N��PJ"�֋��t��5�k�5�eH�Dl�Ư0�AE��fG}P�Y_��V��-Y�;s\ j��0-��9�H��N��f�PD��?|��; ��s��R��n��4�m��A5s �K�Ỳ��3�͡'��Jj��D%�.��'R��䎛e�� Y��1��ͯ��YGҠ��$d凳-j��}��E}|�n��p��m�� B��_P hG��m>��p��#(��vc�k�7 ��d�y��ۃoB�W��n��lM:��~\P�5��yΟX3F��z��s`��:� ��(c��v��V��uP�;�>obJ� �S��U�"L�_tgUU[�p�)(�3#Ǔ�sQt�kv�#b�!з[�5vn��.��93�I��̟ɱ��r�}��]�60��!�ߟ#.q9��UhcHg�m]}tJ�n�.B�Eƃ`��B)�7��<�,۟F�SN�z��F��;�]EL3��'��x��Y�&;>��*��JX�.Z��:�� g7��D��˛��E��j�[�.ɳ#�WJm��X"��~��:��aS��B�{�"d<��Ǹ�V�FlӀE�q�B�mVt�8��zI,��W��)W7 h��1��ߓHLPs��b�_\orm[��љ�Z�Z;��!��M�m��Uh��(ĕ��8�Ҙ!�0�U�j1gG��Գ�ڶ�}gs �q�̦�U]q�f �Bl��mdtG�; �X��F�p@�1~��C�-��_��#��FYSK�f[��i��cf<��6��;I;aD&��¡滼p̱��HƸ-��A��w�\��zx��x<� �U��~�m"Fn` {��y��`bRÅ�b�NZ+��3}D��a�Z�-��v�\r�3�R��fcA�.��/a��ood9 ��i��6��+�z�K�+�UN�]�:��!��P9��*LezGoz~��70qr��̚�6��ے�u��#^Gw�8DL�3(i�2��(��7�JH�Bf@�zH�[׫ܣ�d��n��Q&�˒L�j��%[�(�ꛛQ�/ �$<M��nb��-^1�A朼E��K0tn(�M�3Flt#�<�{L�br�y*�8�a��h쑽��pK]�c��,��@��z��D�U�WFU'T�wV��) ��s��d�pD>6 `-�<��D�'��H��Wm.J�+�bE-��, c58��8�N ]8#�)&��^�T�C�-IZ[��|&#�`\��>y=�~�_x��Ek�-5H��|�GQ�]�&��E�R�+��!�Nń��$��a�zi � rݣ�%lG/*��Օn��!)y�Y�[��"�l��oxi�`x\��8��u��V��0@>��.k�L12��!v��n�� g��l��ݩ�c��$�u��Rc�%�ʻqGX��ϭe)�S$�B��i�T_{�N睐��yŻ�0`��$m��Lo{� \8��N]!�H}��?��ʔ6�h)W�.��j��xkj�zk�e��*j\,D<�Z��(�ڟ�%F��&&��ԉ�/�e�g�7�9b�t��1�<Z�G��ڮ Tq%xN�|��/�>[��'\!4rM?H�u�ĭ[Y�g�!)��l�[�g��L��I5�(�y�'RO��z��\+�-�SɀI��}��t��u y�,[�)1��hǘ�*� ux�o��Q{�L)#l�I?��䮲8ԞE(��% �q��9!�!��GJ� dVc y(1JV�4n�y��dT_�<)S3��<B�3}~��c��[{]��h6�gd��T�>ՐM1`��'�&Ay�y�n/ׂ�$��J�2��.��&�u�}��

Sections

.text
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: - Virtual size: 24B

.voltbl
Size: - Virtual size: 40B

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_sysc
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.{NU
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nU_
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PO'
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

838e882b3a0e9e884a145c265f311f82

Code Sign

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

42:b5:6e:50:25:ab:70:19:a5:f3:c3:c1:c6:f2:98:92:96:15:07:14:9c:8d:93:54:a8:2f:ce:1c:5a:39:e0:2cSigner

Signature Validations

Verification

11/05/2020, 09:38 Valid: true

Chain 1

44:98:ca:2f:49:6b:10:ad:32:35:c3:37:19:f6:41:d1:b8:b4:93:a2Signer

Signature Validations

Verification

11/05/2020, 09:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

crypt32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 74KB

.rdata Size: - Virtual size: 40KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 4KB

.00cfg Size: - Virtual size: 40B

.gehcont Size: - Virtual size: 32B

.retplne Size: - Virtual size: 24B

.voltbl Size: - Virtual size: 40B

_RDATA Size: - Virtual size: 244B

_sysc Size: - Virtual size: 12B

.{NU Size: - Virtual size: 2.5MB

.nU_ Size: 2KB - Virtual size: 2KB

.PO' Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 168KB - Virtual size: 167KB

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

42:b5:6e:50:25:ab:70:19:a5:f3:c3:c1:c6:f2:98:92:96:15:07:14:9c:8d:93:54:a8:2f:ce:1c:5a:39:e0:2c
Signer

11/05/2020, 09:38
Valid: true

44:98:ca:2f:49:6b:10:ad:32:35:c3:37:19:f6:41:d1:b8:b4:93:a2
Signer

11/05/2020, 09:38
Valid: false

.text
Size: - Virtual size: 74KB

.rdata
Size: - Virtual size: 40KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 4KB

.00cfg
Size: - Virtual size: 40B

.gehcont
Size: - Virtual size: 32B

.retplne
Size: - Virtual size: 24B

.voltbl
Size: - Virtual size: 40B

_RDATA
Size: - Virtual size: 244B

_sysc
Size: - Virtual size: 12B

.{NU
Size: - Virtual size: 2.5MB

.nU_
Size: 2KB - Virtual size: 2KB

.PO'
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 168KB - Virtual size: 167KB