YYSetup-9[.]11[.]0[.]0-zh-CN[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

YYSetup-9.11.0.0-zh-CN.exe
Size

110.5MB
MD5

55ba32d1fcb9e65ea65cb034c245286a
SHA1

fbb19ac19ade8b3ed02cd3d9880ccbc5d412137d
SHA256

3ec375c2cf1b7442f470c110158a54804b8ca099d6095d5154d595c0529f09e8
SHA512

44526d3618011932d07a2b0ffb10c7d64d81d7fe104e36e5d3c230557b5a8e3fb92e47c1441c9ef664e3fbcc32dfe9e84f5e97edf35e4babbabcebc9dffd6bfe
SSDEEP

3145728:nekpObC6gOuvRvjySHHm2KqW2NVkN6D3veQ5wWuiB5:nekKRuvR285+0Vku/evZiB5

Score

1^/10

Malware Config

Signatures

Files

YYSetup-9.11.0.0-zh-CN.exe
.exe windows x86

f14f842426d500b6bb3e0d5a501fb2bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:d5:7f:a7:32:3b:cc:83:a5:a9:fb:34:83:00:c0:b6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/12/2021, 00:00

Not After

24/12/2022, 23:59

Subject

SERIALNUMBER=91440101741866864Y,CN=Guangzhou Jinhong Network Media Co.\,Ltd.,O=Guangzhou Jinhong Network Media Co.\,Ltd.,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:d4:3e:b7:a5:e4:f2:ce:a1:be:79:48:98:8e:8a:d5:a6:16:3d:ea:9c:76:b2:09:ab:fd:a5:ce:7c:51:b4:8a
Signer

Actual PE Digest

7d:d4:3e:b7:a5:e4:f2:ce:a1:be:79:48:98:8e:8a:d5:a6:16:3d:ea:9c:76:b2:09:ab:fd:a5:ce:7c:51:b4:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440101741866864Y,CN=Guangzhou Jinhong Network Media Co.\,Ltd.,O=Guangzhou Jinhong Network Media Co.\,Ltd.,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

12/10/2022, 12:07
Valid: true

Chain 1

SERIALNUMBER=91440101741866864Y,CN=Guangzhou Jinhong Network Media Co.\,Ltd.,O=Guangzhou Jinhong Network Media Co.\,Ltd.,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=91440101741866864Y,CN=Guangzhou Jinhong Network Media Co.\,Ltd.,O=Guangzhou Jinhong Network Media Co.\,Ltd.,L=广州市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e795aae7a6bae58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
InterlockedIncrement
InterlockedDecrement
MoveFileExW
CreateMutexW
GetModuleFileNameW
GetCommandLineW
TerminateThread
GetModuleHandleW
GetTempPathW
ExpandEnvironmentStringsW
TerminateProcess
OpenProcess
FreeResource
Process32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetEnvironmentVariableW
Sleep
LocalFree
GetCurrentProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetEndOfFile
InterlockedCompareExchange
VirtualAlloc
DebugBreak
IsBadReadPtr
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
SetFilePointerEx
GetFileAttributesExW
OutputDebugStringW
FlushInstructionCache
GetCurrentThreadId
SetLastError
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
GetTickCount
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetVersion
GetFullPathNameW
CopyFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetLocalTime
IsProcessorFeaturePresent
CreateProcessW
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDiskFreeSpaceExW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
GetModuleHandleA
LCMapStringW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
HeapFree
HeapAlloc
MoveFileW
LoadLibraryW
GetProcAddress
FreeLibrary
FindResourceExW
FindResourceW
GetLastError
LoadResource
LockResource
SizeofResource
RaiseException
ResumeThread
FindFirstFileW
RemoveDirectoryW
DeleteFileW
FindNextFileW
FindClose
MultiByteToWideChar
FlushFileBuffers
WideCharToMultiByte
WaitForSingleObject
SetFilePointer
WriteFile
ReadFile
CloseHandle
CreateFileW
CreateFileA

user32

BeginPaint
GetUpdateRect
SetCapture
GetClassNameW
GetWindowThreadProcessId
EnumWindows
wsprintfW
EnableMenuItem
GetSystemMenu
IsIconic
PostQuitMessage
ReleaseCapture
ChangeClipboardChain
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SetClipboardData
SetClipboardViewer
GetActiveWindow
LoadStringW
PostMessageW
MessageBoxW
GetKeyState
IsZoomed
SetWindowLongW
GetWindowLongW
LoadImageW
DestroyCursor
SetCursor
GetCursor
SetTimer
KillTimer
GetClassInfoExW
LoadCursorW
DestroyWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
CallWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
ClientToScreen
ScreenToClient
SetWindowTextW
SetWindowPos
GetWindowRect
GetClientRect
ShowWindow
RedrawWindow
SetActiveWindow
SendMessageW
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
LoadIconW
SetClassLongW
SystemParametersInfoW
InvalidateRect
ReleaseDC
UpdateLayeredWindow
UnregisterClassA
GetDC
EndPaint

gdi32

CreateDIBSection
SelectObject
CreateRoundRectRgn
CreateCompatibleDC
DeleteDC
BitBlt
DeleteObject

advapi32

ConvertStringSidToSidW
GetNamedSecurityInfoW
CreateWellKnownSid
GetExplicitEntriesFromAclW
EqualSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
CreateProcessAsUserW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

shell32

SHChangeNotify
ord680
SHGetFolderPathW
SHGetSpecialFolderLocation
DragFinish
DragAcceptFiles
SHFileOperationW
ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
VariantInit
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

wininet

InternetCloseHandle
InternetOpenW
HttpSendRequestW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetReadFile
HttpQueryInfoW
InternetSetOptionW

gdiplus

GdipSetCompositingMode
GdipGetCompositingMode
GdipSetWorldTransform
GdipDrawLine
GdipDrawRectangle
GdipFillRectangle
GdipDrawString
GdipDrawImageRect
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRegion
GdipSaveGraphics
GdipRestoreGraphics
GdipCloneBrush
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromScan0
GdipCreateImageAttributes
GdiplusShutdown
GdiplusStartup
GdipCloneRegion
GdipCreateRegionHrgn
GdipDeleteRegion
GdipCloneImage
GdipSetStringFormatLineAlign
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateFont
GdipMeasureString
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateFromHDC
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipStringFormatGetGenericDefault
GdipDeleteStringFormat
GdipCloneStringFormat
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetMatrixElements
GdipCreateMatrix
GdipGetGenericFontFamilySansSerif
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDeleteMatrix
GdipDrawImageRectRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDisposeImageAttributes

Sections

.text
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 556KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109.2MB - Virtual size: 109.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f14f842426d500b6bb3e0d5a501fb2bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:d5:7f:a7:32:3b:cc:83:a5:a9:fb:34:83:00:c0:b6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7d:d4:3e:b7:a5:e4:f2:ce:a1:be:79:48:98:8e:8a:d5:a6:16:3d:ea:9c:76:b2:09:ab:fd:a5:ce:7c:51:b4:8aSigner

Signature Validations

Verification

12/10/2022, 12:07 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

gdiplus

Sections

.text Size: 486KB - Virtual size: 486KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 556KB - Virtual size: 593KB

.rsrc Size: 109.2MB - Virtual size: 109.2MB

.reloc Size: 186KB - Virtual size: 185KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:d5:7f:a7:32:3b:cc:83:a5:a9:fb:34:83:00:c0:b6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7d:d4:3e:b7:a5:e4:f2:ce:a1:be:79:48:98:8e:8a:d5:a6:16:3d:ea:9c:76:b2:09:ab:fd:a5:ce:7c:51:b4:8a
Signer

12/10/2022, 12:07
Valid: true

.text
Size: 486KB - Virtual size: 486KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 556KB - Virtual size: 593KB

.rsrc
Size: 109.2MB - Virtual size: 109.2MB

.reloc
Size: 186KB - Virtual size: 185KB