Airplay[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Airplay.exe
Size

8.0MB
MD5

0f2a8eacda0d09abf0a7617715db569f
SHA1

fb81acd7c2eba843ccfc58819e73fbde94eb023c
SHA256

2d95fc27f3bebfa601d8c2c5d5d3548631acc8ad94acb0ca0360834187aa065c
SHA512

eb04db3e9402de06867443b5f613efff5e6b39b987777972a60166d0e56da63d529a6be783547d57854ff568acaf0f276763096049b1ac5a2719a3c2ebdad758
SSDEEP

98304:Dn7/aarBc/lw+xusxpSoe1GEf5j7HQojkzBAw7uiNPrMoCCXG5+M5O7hbLCVF:XLctdqv4E97HDw7uia9+G+ygMVF

Score

N/A

Malware Config

Signatures

Files

Airplay.exe
.exe windows x86

367b67b81eab7e291011c0495de21b25

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:6a:10:6c:89:d0:b4:6e:de:39:07:a3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2020 08:53

Not After

28-05-2023 08:53

Subject

SERIALNUMBER=91110107MA009U219W,CN=北京宇辰互联科技有限公司,O=北京宇辰互联科技有限公司,STREET=石景山区古城南街9号院5号楼7层706,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:8f:8f:fb:0f:49:5e:3e:79:f6:3a:97:d9:89:da:6d:b6:1a:f9:2e
Signer

Actual PE Digest

8f:8f:8f:fb:0f:49:5e:3e:79:f6:3a:97:d9:89:da:6d:b6:1a:f9:2e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110107MA009U219W,CN=北京宇辰互联科技有限公司,O=北京宇辰互联科技有限公司,STREET=石景山区古城南街9号院5号楼7层706,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

30-11-2020 01:56
Valid: true

Chain 1

SERIALNUMBER=91110107MA009U219W,CN=北京宇辰互联科技有限公司,O=北京宇辰互联科技有限公司,STREET=石景山区古城南街9号院5号楼7层706,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=91110107MA009U219W,CN=北京宇辰互联科技有限公司,O=北京宇辰互联科技有限公司,STREET=石景山区古城南街9号院5号楼7层706,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileW
FindFirstFileW
GetTempPathA
GetSystemDefaultLangID
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
OpenThread
TerminateThread
CreateThread
Sleep
InterlockedDecrement
InterlockedIncrement
TerminateProcess
OpenProcess
DeleteFileW
CopyFileW
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
InitializeCriticalSection
WaitForSingleObject
CreateProcessW
FreeLibrary
LoadLibraryA
OutputDebugStringW
GetLocalTime
GetPrivateProfileStringW
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
CloseHandle
WriteFile
CreateFileW
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleFileNameW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
SetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
RtlUnwind
LoadLibraryExW
TlsFree
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
ExitProcess
GlobalLock
GlobalUnlock
GetTickCount
lstrlenW
LoadLibraryW
GetCurrentDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
GetFileSize
ReadFile
FindResourceW
LocalFree
FormatMessageW
GetModuleHandleExW
VerSetConditionMask
MulDiv
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
GlobalAlloc
VerifyVersionInfoA
CreateNamedPipeA
GetStdHandle
WaitForMultipleObjects
GetEnvironmentVariableW
CreateMutexA
GetFileAttributesW
GetModuleHandleA
CreateFileA
FileTimeToSystemTime
GetVersionExA
FileTimeToLocalFileTime
GetOverlappedResult
FormatMessageA
IsWow64Process
GetExitCodeProcess
CreateMutexW
GetFullPathNameA
TlsAlloc
TlsGetValue
TlsSetValue

user32

IsZoomed
SetWindowRgn
ScreenToClient
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
LoadImageW
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
CharPrevW
DrawTextW
FillRect
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
UpdateLayeredWindow
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
IsWindowEnabled
GetWindowTextW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
UpdateWindow
GetSysColorBrush
LoadIconW
CreateWindowExA
SetWindowTextA
GetWindowTextA
EnumChildWindows
KillTimer
SetWindowPos
SetTimer
LoadCursorW
UnionRect
InflateRect
SetCursor
DestroyWindow
GetWindow
PostMessageW
GetDesktopWindow
IsWindow
GetPropW
GetWindowThreadProcessId
IsWindowVisible
GetParent
GetWindowLongW
SetWindowLongW
GetSystemMetrics
UnregisterClassW
GetWindowTextLengthW
MessageBoxTimeoutW
MessageBoxW
wvsprintfW
EnableWindow
GetDlgItem
SendMessageW
MoveWindow
ClientToScreen
OffsetRect
SendMessageTimeoutW
WaitForInputIdle
IsHungAppWindow
SetWindowTextW
SetPropW
CreateDialogParamW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetClientRect
MapWindowPoints
GetLastActivePopup
SetForegroundWindow
ShowWindow
IsIconic

advapi32

SetSecurityDescriptorOwner
ConvertStringSidToSidA
InitializeSecurityDescriptor
ConvertSidToStringSidA
CryptReleaseContext
CryptGenKey
CryptAcquireContextW
CryptDestroyKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownW
GetTokenInformation

shell32

DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
ord680

ole32

OleDuplicateData
RegisterDragDrop
CoCreateInstance
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitialize
CoCreateGuid
CoUninitialize
DoDragDrop

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

PathFileExistsW
PathIsDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

MakeSureDirectoryPathExists

libcurl

curl_multi_remove_handle
curl_multi_init
curl_easy_cleanup
curl_easy_setopt
curl_easy_init
curl_slist_append
curl_multi_perform
curl_multi_cleanup
curl_multi_setopt
curl_multi_add_handle

winmm

timeGetTime

setupapi

SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupGetInfPublishedNameW
SetupGetInfDriverStoreLocationW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupUninstallOEMInfW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsA
SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDriverInfoW

ws2_32

WSAStartup
gethostname
gethostbyname

gdi32

CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
GetStockObject
GetDeviceCaps
DeleteDC
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetEnhMetaFileHeader
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
GetObjectA
MoveToEx
TextOutW
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
GetClipBox
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
CreateRoundRectRgn
BitBlt
DeleteObject
SetWindowOrgEx
SetBitmapBits
GetBitmapBits
PtInRegion
CreateRectRgn
GdiFlush

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdiplus

GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameCount
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipGetPropertyItem
GdipDrawImageRectI
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 730KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

367b67b81eab7e291011c0495de21b25

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

56:6a:10:6c:89:d0:b4:6e:de:39:07:a3Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8f:8f:8f:fb:0f:49:5e:3e:79:f6:3a:97:d9:89:da:6d:b6:1a:f9:2eSigner

Signature Validations

Verification

30-11-2020 01:56 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

dbghelp

libcurl

winmm

setupapi

ws2_32

gdi32

comctl32

imm32

gdiplus

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 6.4MB - Virtual size: 6.4MB

.data Size: 120KB - Virtual size: 132KB

.gfids Size: 512B - Virtual size: 420B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 730KB - Virtual size: 730KB

.reloc Size: 68KB - Virtual size: 68KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

56:6a:10:6c:89:d0:b4:6e:de:39:07:a3
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8f:8f:8f:fb:0f:49:5e:3e:79:f6:3a:97:d9:89:da:6d:b6:1a:f9:2e
Signer

30-11-2020 01:56
Valid: true

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 120KB - Virtual size: 132KB

.gfids
Size: 512B - Virtual size: 420B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 730KB - Virtual size: 730KB

.reloc
Size: 68KB - Virtual size: 68KB