4588b6cf10b2a3efb2d75220b35b54aafc7e9b8e7da5265e008888b2f03812d6

Sharing

Copy URL Twitter E-mail

General

Target

4588b6cf10b2a3efb2d75220b35b54aafc7e9b8e7da5265e008888b2f03812d6
Size

1.0MB
MD5

75d6ea45f0014cc76984806933592e06
SHA1

868ba4edd56fe4bc735fdd6e49980d2a473fa684
SHA256

4588b6cf10b2a3efb2d75220b35b54aafc7e9b8e7da5265e008888b2f03812d6
SHA512

a9ee1a14a847fc7c01c7d5dbd0c9807af7a0bf098c26a236ab6cc4f40c5b47ecf28e16ffa5e13d38e49cc13df70c2d951aa99bb50484ad94d575bef1a1ca2f5c
SSDEEP

24576:51vARZFZos710BCSvU7OIjUHWTBAmFsc3X/nv:CZzoUSv0BjSWTBAmFzX/nv

Score

1^/10

Malware Config

Signatures

Files

4588b6cf10b2a3efb2d75220b35b54aafc7e9b8e7da5265e008888b2f03812d6
.exe windows x86

861e3e15072a2ebda4e8254720911760

Code Sign

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

18/05/2023, 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

18/05/2023, 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:00:a8:33:14:ef:6f:9c:e3:ac:c4:01:7e:f0:37:dc:cc:85:29:b1:c4:06:0c:bb:73:ae:b0:ee:a5:71:23:f3
Signer

Actual PE Digest

43:00:a8:33:14:ef:6f:9c:e3:ac:c4:01:7e:f0:37:dc:cc:85:29:b1:c4:06:0c:bb:73:ae:b0:ee:a5:71:23:f3

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

24/07/2020, 07:51
Valid: true

Chain 1

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

40:40:5f:c7:a9:21:dd:ee:9e:58:3c:b7:68:8e:a0:4a:3a:03:f0:7f
Signer

Actual PE Digest

40:40:5f:c7:a9:21:dd:ee:9e:58:3c:b7:68:8e:a0:4a:3a:03:f0:7f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

24/07/2020, 07:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

RaiseException
GetLastError
GetPrivateProfileStringA
WritePrivateProfileStringA
DecodePointer
DeleteCriticalSection
FreeLibrary
LoadLibraryW
GetProcAddress
EndUpdateResourceW
CreateFileW
GetTempPathW
BeginUpdateResourceW
UpdateResourceW
CreateProcessW
GetModuleHandleW
GetExitCodeProcess
WaitForMultipleObjects
GetCurrentProcessId
LocalFree
ResumeThread
GetCurrentProcess
TerminateThread
Sleep
OpenThread
GetExitCodeThread
GetCurrentThreadId
SuspendThread
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OpenProcess
QueryDosDeviceW
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
GetFileTime
CreateMutexW
ReleaseMutex
FindResourceW
LoadResource
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
FindFirstFileW
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
InterlockedExchangeAdd
lstrlenW
GetFileSizeEx
DeleteFileW
FindClose
FindNextFileW
GetLogicalDriveStringsW
GetTickCount
InterlockedExchange
SetLastError
FileTimeToSystemTime
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
CopyFileW
GetCurrentDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
GetEnvironmentVariableW
SetEnvironmentVariableA
LoadLibraryExW
DeviceIoControl
GlobalMemoryStatusEx
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
LocalAlloc
FlushFileBuffers
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
DeleteTimerQueueTimer
GetCommandLineW
CloseHandle
OpenEventW
CreateEventW
CreateTimerQueueTimer
SetEvent
WaitForSingleObject
MoveFileExW
SetStdHandle
WriteConsoleW
ReadConsoleW
GetFileAttributesExW
FormatMessageW
GetFileType
GetStdHandle
GetOEMCP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetStringTypeW
CreateThread
ExitThread

user32

GetMessageW
PostQuitMessage
LoadCursorW
DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
LoadIconW
TranslateMessage

gdi32

GetStockObject

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetUserNameW
AdjustTokenPrivileges
DuplicateTokenEx
SystemFunction036
QueryServiceConfigW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ord680

imagehlp

ImageEnumerateCertificates
ImageRemoveCertificate

netapi32

NetLocalGroupGetMembers

Sections

.text
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

861e3e15072a2ebda4e8254720911760

Code Sign

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9eCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

43:00:a8:33:14:ef:6f:9c:e3:ac:c4:01:7e:f0:37:dc:cc:85:29:b1:c4:06:0c:bb:73:ae:b0:ee:a5:71:23:f3Signer

Signature Validations

Verification

24/07/2020, 07:51 Valid: true

Chain 1

40:40:5f:c7:a9:21:dd:ee:9e:58:3c:b7:68:8e:a0:4a:3a:03:f0:7fSigner

Signature Validations

Verification

24/07/2020, 07:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

imagehlp

netapi32

Sections

.text Size: 813KB - Virtual size: 813KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 36KB - Virtual size: 35KB

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

43:00:a8:33:14:ef:6f:9c:e3:ac:c4:01:7e:f0:37:dc:cc:85:29:b1:c4:06:0c:bb:73:ae:b0:ee:a5:71:23:f3
Signer

24/07/2020, 07:51
Valid: true

40:40:5f:c7:a9:21:dd:ee:9e:58:3c:b7:68:8e:a0:4a:3a:03:f0:7f
Signer

24/07/2020, 07:51
Valid: false

.text
Size: 813KB - Virtual size: 813KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 36KB - Virtual size: 35KB