GaThread[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GaThread.exe
Size

523KB
MD5

2895b7ba25c9648861fa4b0360f4bf90
SHA1

4727088e08948de128ad6f203ad09d1d421a0fd0
SHA256

7c4dbc5b27cb5ecae6434ecb3b0d28549fa61f946580a29a64069728a15da98d
SHA512

fde56c1895a5e6b3dc9c04cd3535bbd98dbf972b7e0ed5c29c9385c9c4768bcf82703cabdbe575c4f068c5bb1a687420907b048f89d35ed03a6174f9461de058
SSDEEP

6144:IvWNVEVO09VwMi4M5oU1Vh5vVclGIMmATNrhDt7uzi1j0u8keN:IvtbrM5oU1Vh5vVclGIMmA5VxqG1wu8R

Score

1^/10

Malware Config

Signatures

Files

GaThread.exe
.exe windows x64

f0b19511ee8b24b8831dab0e7a979425

Code Sign

02:f7:b0:7c:55:25:b8:c9:07:01:6c:37:79:8a:63:55
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/03/2019, 00:00

Not After

11/04/2020, 12:00

Subject

CN=Wondershare Technology Co.\,Ltd,OU=IT,O=Wondershare Technology Co.\,Ltd,L=拉萨,ST=西藏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7c:6a:d9:68:4b:16:0a:25:99:89:6f:d7:9a:9e:4d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/03/2019, 00:00

Not After

11/04/2020, 12:00

Subject

CN=Wondershare Technology Co.\,Ltd,OU=IT,O=Wondershare Technology Co.\,Ltd,L=拉萨,ST=西藏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:c4:d7:82:f0:a8:6f:db:3c:d1:b3:76:74:54:e1:45:e2:37:75:1f:f6:85:f4:9f:d3:af:93:b8:9b:b2:90:e8
Signer

Actual PE Digest

6a:c4:d7:82:f0:a8:6f:db:3c:d1:b3:76:74:54:e1:45:e2:37:75:1f:f6:85:f4:9f:d3:af:93:b8:9b:b2:90:e8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Wondershare Technology Co.\,Ltd,OU=IT,O=Wondershare Technology Co.\,Ltd,L=拉萨,ST=西藏,C=CN

08/11/2019, 04:24
Valid: true

Chain 1

CN=Wondershare Technology Co.\,Ltd,OU=IT,O=Wondershare Technology Co.\,Ltd,L=拉萨,ST=西藏,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

81:d1:01:e2:e4:ce:54:64:56:cf:cf:07:7a:e3:00:49:49:cc:c7:a2
Signer

Actual PE Digest

81:d1:01:e2:e4:ce:54:64:56:cf:cf:07:7a:e3:00:49:49:cc:c7:a2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Wondershare Technology Co.\,Ltd,OU=IT,O=Wondershare Technology Co.\,Ltd,L=拉萨,ST=西藏,C=CN

08/11/2019, 04:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

qt5core

?wait@QThread@@QEAA_NK@Z
?msleep@QThread@@SAXK@Z
??0QWaitCondition@@QEAA@XZ
??1QWaitCondition@@QEAA@XZ
?event@QThread@@UEAA_NPEAVQEvent@@@Z
?shared_null@QListData@@2UData@1@B
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?terminate@QThread@@QEAAXXZ
?qt_metacall@QThread@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?staticMetaObject@QThread@@2UQMetaObject@@B
?trimmed@QString@@QEBA?AV1@XZ
?remove@QString@@QEAAAEAV1@AEBV1@W4CaseSensitivity@Qt@@@Z
?fromLocal8Bit@QString@@SA?AV1@PEBDH@Z
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
??1QSettings@@UEAA@XZ
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z
??8@YA_NAEBVQString@@0@Z
?start@QThread@@QEAAXW4Priority@1@@Z
??0QMessageLogger@@QEAA@PEBDH0@Z
?isRunning@QThread@@QEBA_NXZ
??1QThread@@UEAA@XZ
??0QThread@@QEAA@PEAVQObject@@@Z
?singleShotImpl@QTimer@@CAXHW4TimerType@Qt@@PEBVQObject@@PEAVQSlotObjectBase@QtPrivate@@@Z
?append@QListData@@QEAAPEAPEAXXZ
?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@XZ
?unlock@QMutex@@QEAAXXZ
?lock@QMutex@@QEAAXXZ
??1QMutex@@QEAA@XZ
??0QMutex@@QEAA@W4RecursionMode@0@@Z
?separator@QDir@@SA?AVQChar@@XZ
?exists@QDir@@QEBA_NXZ
?mkpath@QDir@@QEBA_NAEBVQString@@@Z
?toNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z
??1QDir@@QEAA@XZ
??0QDir@@QEAA@AEBVQString@@@Z
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
?arg@QString@@QEBA?AV1@VQChar@@H0@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?quit@QCoreApplication@@SAXXZ
?instance@QCoreApplication@@SAPEAV1@XZ
?keys@QJsonObject@@QEBA?AVQStringList@@XZ
?toVariantMap@QJsonObject@@QEBA?AV?$QMap@VQString@@VQVariant@@@@XZ
??1QJsonObject@@QEAA@XZ
?object@QJsonDocument@@QEBA?AVQJsonObject@@XZ
?fromJson@QJsonDocument@@SA?AV1@AEBVQByteArray@@PEAUQJsonParseError@@@Z
??1QJsonDocument@@QEAA@XZ
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
??1QDebug@@QEAA@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
?type@QVariant@@QEBA?AW4Type@1@XZ
??0QVariant@@QEAA@_N@Z
??0QVariant@@QEAA@AEBV0@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?setParent@QMapNodeBase@@QEAAXPEAU1@@Z
?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z
?color@QMapNodeBase@@QEBA?AW4Color@1@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??1QObject@@UEAA@XZ
??0QObject@@QEAA@PEAV0@@Z
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?isEmpty@QListData@@QEBA_NXZ
?size@QListData@@QEBAHXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?dispose@QListData@@QEAAXXZ
?detach@QListData@@QEAAPEAUData@1@H@Z
??0QString@@QEAA@PEBD@Z
??M@YA_NAEBVQString@@0@Z
?number@QString@@SA?AV1@HH@Z
?toInt@QString@@QEBAHPEA_NH@Z
?toUtf8@QString@@QEBA?AVQByteArray@@XZ
?split@QString@@QEBA?AVQStringList@@AEBV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?contains@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?isEmpty@QString@@QEBA_NXZ
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
?length@QByteArray@@QEBAHXZ
?constData@QByteArray@@QEBAPEBDXZ
?data@QByteArray@@QEAAPEADXZ
??1QByteArray@@QEAA@XZ
??1Connection@QMetaObject@@QEAA@XZ
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
?qt_metacast@QThread@@UEAAPEAXPEBD@Z

qt5widgets

??1QApplication@@UEAA@XZ
?exec@QApplication@@SAHXZ
??0QApplication@@QEAA@AEAHPEAPEADH@Z

advapi32

RegOpenKeyExW

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr120

_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__C_specific_handler
_acmdln
_calloc_crt
_unlock
_lock
memmove
_purecall
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
malloc
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__dllonexit
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_initterm
??_V@YAXPEAX@Z

fcommonlib

?sigRecveMsg@CommunicatorClient@@QEAAXVQString@@@Z
?sigServerClosed@CommunicatorClient@@QEAAXXZ
??0CommunicatorClient@@QEAA@PEAVQObject@@@Z
??1CommunicatorClient@@UEAA@XZ
?ConnectToServer@CommunicatorClient@@QEAAXVQString@@@Z
?StopReConnectToServer@CommunicatorClient@@QEAAXXZ
?SendMsg@CommunicatorClient@@QEAAXVQString@@VQStringList@@_N@Z
?IsOneApp@OneApplication@@QEAA_NXZ
??1OneApplication@@QEAA@XZ
??0OneApplication@@QEAA@VQString@@@Z
?GetAppValue@FConfig@@QEBA?AVQVariant@@AEBVQString@@0_N@Z
?FGetFilmoraDirectory@@YA?AVQString@@XZ
?staticMetaObject@CommunicatorClient@@2UQMetaObject@@B
?qt_metacast@CommunicatorClient@@UEAAPEAXPEBD@Z
?qt_metacall@CommunicatorClient@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@CommunicatorClient@@UEBAPEBUQMetaObject@@XZ
?SetAppValue@FConfig@@QEAAXAEBVQString@@0AEBVQVariant@@_N@Z
?Instance@FConfig@@SAAEAV1@XZ
?GetAccountInfo@TAccountModel@@QEBAAEBUAccountInfo@@XZ
?GetInstance@TAccountModel@@SAPEAV1@XZ

watracker

TrackWAData
SetTrackerLink
DestroyAnalyticsTracker
CreateAnalyticsTracker

universalanalytics

ua_tracker_set_custom_metric
ua_send_hit
ua_destroy_tracker
ua_destroy_hit
ua_tracker_set_custom_dimension
ua_create_timing_hit
ua_create_screenview_hit
ua_create_event_hit
ua_create_tracker
ua_tracker_set_language
ua_tracker_set_viewport_size
ua_tracker_set_app_ver
ua_create_exception_hit
ua_create_socialnetwork_hit

kernel32

GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
WideCharToMultiByte
LocalFree
DecodePointer
EncodePointer

shell32

CommandLineToArgvW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0b19511ee8b24b8831dab0e7a979425

Code Sign

02:f7:b0:7c:55:25:b8:c9:07:01:6c:37:79:8a:63:55Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:7c:6a:d9:68:4b:16:0a:25:99:89:6f:d7:9a:9e:4dCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

6a:c4:d7:82:f0:a8:6f:db:3c:d1:b3:76:74:54:e1:45:e2:37:75:1f:f6:85:f4:9f:d3:af:93:b8:9b:b2:90:e8Signer

Signature Validations

Verification

08/11/2019, 04:24 Valid: true

Chain 1

81:d1:01:e2:e4:ce:54:64:56:cf:cf:07:7a:e3:00:49:49:cc:c7:a2Signer

Signature Validations

Verification

08/11/2019, 04:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

qt5widgets

advapi32

msvcp120

msvcr120

fcommonlib

watracker

universalanalytics

kernel32

shell32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 423KB - Virtual size: 422KB

.reloc Size: 512B - Virtual size: 364B

02:f7:b0:7c:55:25:b8:c9:07:01:6c:37:79:8a:63:55
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:7c:6a:d9:68:4b:16:0a:25:99:89:6f:d7:9a:9e:4d
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

6a:c4:d7:82:f0:a8:6f:db:3c:d1:b3:76:74:54:e1:45:e2:37:75:1f:f6:85:f4:9f:d3:af:93:b8:9b:b2:90:e8
Signer

08/11/2019, 04:24
Valid: true

81:d1:01:e2:e4:ce:54:64:56:cf:cf:07:7a:e3:00:49:49:cc:c7:a2
Signer

08/11/2019, 04:24
Valid: false

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 423KB - Virtual size: 422KB

.reloc
Size: 512B - Virtual size: 364B