80DECDDE9DF43BAA70FA1C7A556CE4D8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

80DECDDE9DF43BAA70FA1C7A556CE4D8.exe
Size

346.8MB
MD5

80decdde9df43baa70fa1c7a556ce4d8
SHA1

136b3997d11ad2683cd5b4d9d6b6df0160396127
SHA256

25a4e983d7acfa5147de885e10fa182aa662b4aec6e081688905730d654a42b6
SHA512

ebbc9ecc277d51453ae86cebfe96770e10d15910d86322d061fd45940e30dc2c1610e02922a83d7da09e468051a711cbaa619c40e8e66d8c24f5aad6d1946824
SSDEEP

98304:EZ///DXqSPIUHECZnkxFTT1sxy8VD260vQQrpGz:EZ///jlPIUk0YFTT1sxlJ0vQspQ

Score

N/A

Malware Config

Signatures

Files

80DECDDE9DF43BAA70FA1C7A556CE4D8.exe
.exe windows x86

044e506aa3e18611397aa605efeb262c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05/12/2017, 11:59

Not After

05/12/2020, 11:59

Subject

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05/12/2017, 11:59

Not After

05/12/2020, 11:59

Subject

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:02:7a:8d:98:45:f1:3c:68:82:9a:0e:2a:47:cc:a0:71:f9:12:d9:44:95:3d:e7:d0:5a:a8:d5:d7:31:72:b4
Signer

Actual PE Digest

0e:02:7a:8d:98:45:f1:3c:68:82:9a:0e:2a:47:cc:a0:71:f9:12:d9:44:95:3d:e7:d0:5a:a8:d5:d7:31:72:b4

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

09/03/2020, 05:40
Valid: true

Chain 1

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

c9:a8:ef:6a:6c:f3:48:9e:d6:c9:61:a3:8b:1a:a7:48:97:7b:da:12
Signer

Actual PE Digest

c9:a8:ef:6a:6c:f3:48:9e:d6:c9:61:a3:8b:1a:a7:48:97:7b:da:12

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

09/03/2020, 05:40
Valid: true

Chain 1

SERIALNUMBER=22467276,CN=A FOUR TECH CO.\, LTD.,O=A FOUR TECH CO.\, LTD.,STREET=6FL.\, NO.108\, MIN CHUAN RD.\, XINDIAN DIST.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

GetDesktopWindow

advapi32

GetUserNameA

shell32

ShellAboutW

gdiplus

GdiplusStartup

shlwapi

PathMatchSpecA

crypt32

CryptUnprotectData

comctl32

CreateStatusWindowA

Sections

.text
Size: - Virtual size: 6.5MB

IMAGE_SCN_MEM_READ

.shared
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 652KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2.4MB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

044e506aa3e18611397aa605efeb262c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25Certificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

0e:02:7a:8d:98:45:f1:3c:68:82:9a:0e:2a:47:cc:a0:71:f9:12:d9:44:95:3d:e7:d0:5a:a8:d5:d7:31:72:b4Signer

Signature Validations

Verification

09/03/2020, 05:40 Valid: true

Chain 1

c9:a8:ef:6a:6c:f3:48:9e:d6:c9:61:a3:8b:1a:a7:48:97:7b:da:12Signer

Signature Validations

Verification

09/03/2020, 05:40 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

gdiplus

shlwapi

crypt32

comctl32

Sections

.text Size: - Virtual size: 6.5MB

.shared Size: 1024B - Virtual size: 4KB

.rsrc Size: 652KB - Virtual size: 3.3MB

.text Size: 94KB - Virtual size: 96KB

.didata Size: 2.4MB - Virtual size:

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

15:43:1c:e5:bc:df:3a:f8:b6:f5:27:25
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

0e:02:7a:8d:98:45:f1:3c:68:82:9a:0e:2a:47:cc:a0:71:f9:12:d9:44:95:3d:e7:d0:5a:a8:d5:d7:31:72:b4
Signer

09/03/2020, 05:40
Valid: true

c9:a8:ef:6a:6c:f3:48:9e:d6:c9:61:a3:8b:1a:a7:48:97:7b:da:12
Signer

09/03/2020, 05:40
Valid: true

.text
Size: - Virtual size: 6.5MB

.shared
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 652KB - Virtual size: 3.3MB

.text
Size: 94KB - Virtual size: 96KB

.didata
Size: 2.4MB - Virtual size: