shuamesetup_2[.]2[.]6[.]130[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

shuamesetup_2.2.6.130.exe
Size

18.5MB
MD5

7bbee435851c9b3292ccaa8b516cc1bb
SHA1

c3f313f37eb43f68be1e976d1bbd495d37656d2f
SHA256

c5f99150c0c71b3b28dfd93627efcc3f228f5a1e64c0b655e38a1ff21c452995
SHA512

52a3181be3d9a528847ab22adc43241cffdcd38ae006f5a7c9762c3b6709b01c8dbfd4832d7aeed301086c340a18e49e798dcf2937faf54668d3a24c136ca32e
SSDEEP

393216:2Xr6n889UkpZSnQI63uED9AotF5GMob1slB0uxhL5k1X:2768c3wQnlBp57obQ1xh+1X

Score

1^/10

Malware Config

Signatures

Files

shuamesetup_2.2.6.130.exe
.exe windows x86

c33a0bdbd918591184938fd166ce6a30

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:bc:78:bd:02:95:41
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

20/06/2013, 03:12

Not After

23/07/2016, 15:03

Subject

CN=深圳瓶子科技有限公司,O=深圳瓶子科技有限公司,L=深圳市,ST=广东省,C=CN,1.2.840.113549.1.9.1=#0c1061646d696e40736875616d652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:03:96:d6:9b:b1:dd:9e:f6:ea:a0:a2:ca:67:b6:4b:0f:ab:9a:b4
Signer

Actual PE Digest

f8:03:96:d6:9b:b1:dd:9e:f6:ea:a0:a2:ca:67:b6:4b:0f:ab:9a:b4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=深圳瓶子科技有限公司,O=深圳瓶子科技有限公司,L=深圳市,ST=广东省,C=CN,1.2.840.113549.1.9.1=#0c1061646d696e40736875616d652e636f6d

30/03/2023, 10:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
DeleteCriticalSection
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynW
CopyFileW
GetTempPathW
GetLocalTime
GetDiskFreeSpaceExW
TerminateThread
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
WaitForMultipleObjects
GetExitCodeThread
GetSystemInfo
GetSystemTimes
GetSystemTimeAsFileTime
SetFilePointer
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
GetStdHandle
WriteFile
MoveFileW
GetFullPathNameW
SetEndOfFile
GetCPInfo
LocalAlloc
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
OutputDebugStringW
CreateDirectoryW
GetFileAttributesW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
SetLastError
GetModuleHandleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
LCMapStringA
RtlUnwind
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetWaitableTimer
RaiseException
SizeofResource
FreeResource
GetCurrentThreadId
Sleep
CreateThread
SetEvent
CreateEventW
lstrlenW
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
GetTempFileNameW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetModuleFileNameW
GetProcAddress
GetDriveTypeW
GetLogicalDriveStringsW
GetVersion
lstrlenA
MultiByteToWideChar
GetLastError
GetTickCount
WideCharToMultiByte
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FindResourceExW
FindResourceW
CreateWaitableTimerW
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexW
lstrcmpW
FindFirstFileW
Process32NextW
TerminateProcess
OpenProcess
GetCurrentDirectoryA
LoadResource
LockResource
GetCurrentProcessId

user32

SendMessageW
ShowWindow
GetDesktopWindow
InvalidateRect
IsWindow
ReleaseDC
DestroyWindow
UnregisterClassA
LoadCursorW
GetKeyState
IsWindowEnabled
MoveWindow
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
SetCursor
PtInRect
SetRect
GetDC
InflateRect
CopyRect
CharLowerW
CharUpperW
DestroyIcon
CharNextW
SetActiveWindow
GetActiveWindow
GetWindow
MapWindowPoints
EnableWindow
LoadImageW
LoadBitmapW
SetFocus
SetForegroundWindow
IsIconic
EqualRect
GetCursorPos
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetRectEmpty
PostThreadMessageW
UpdateWindow
IsWindowVisible
IsDialogMessageW
MessageBoxW
KillTimer
SetTimer
LoadIconW
SetWindowPos
PostMessageW
UnionRect
OffsetRect
BeginPaint
EndPaint
SetCapture
ScreenToClient
ReleaseCapture
IntersectRect
IsRectEmpty
GetDlgCtrlID
InvalidateRgn
GetParent
GetDlgItem
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW

gdi32

CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteDC
GetRgnBox
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
RectInRegion
DeleteObject

advapi32

InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl

shell32

ord680
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHFileOperationW
SHGetPathFromIDListW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantCopy
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrToIntA
PathAddBackslashW
SHDeleteKeyW
PathRemoveBackslashW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

netapi32

Netbios

wininet

InternetReadFileExA
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackW
InternetConnectW
InternetCrackUrlW
HttpSendRequestExW

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c33a0bdbd918591184938fd166ce6a30

Code Sign

19:9d:f8:8eCertificate

Key Usages

04:bc:78:bd:02:95:41Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

f8:03:96:d6:9b:b1:dd:9e:f6:ea:a0:a2:ca:67:b6:4b:0f:ab:9a:b4Signer

Signature Validations

Verification

30/03/2023, 10:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

dbghelp

iphlpapi

netapi32

wininet

Sections

.text Size: 640KB - Virtual size: 640KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 325KB - Virtual size: 324KB

19:9d:f8:8e
Certificate

04:bc:78:bd:02:95:41
Certificate

3d
Certificate

f8:03:96:d6:9b:b1:dd:9e:f6:ea:a0:a2:ca:67:b6:4b:0f:ab:9a:b4
Signer

30/03/2023, 10:55
Valid: false

.text
Size: 640KB - Virtual size: 640KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 325KB - Virtual size: 324KB