Download[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Download.rar
Size

11.0MB
MD5

ad76c1320c355f13cc5096fbceb0c920
SHA1

3162a2ddb03631feab48f08aa58d881c1631c915
SHA256

91539faffea2d75d5a41d2a840d39c32b5e0c5cb1d610b94c7ae89f14ffcbed2
SHA512

f0b8afd67df9d37b0e40eefd7ecf8ad1749721726ad55a1b1d3e7255b861e9678e4284f545c8177dccdae4a451bbc66a8e8443e505ce8e819565c7e7e8fa4d8b
SSDEEP

196608:aOSz1Tnvlhl0SxbSD68P7CQk1Hz/Ln3gVw/BAHNhtSioVyqhlxLmZrwWIn1mQD6:eDvl0SB1tydPqPxL86pD6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Download/Download/installer_1.0.0.1_hyf24.exe	upx

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Download/Download/mp3jq_182.exe	nsis_installer_1
static1/unpack001/Download/Download/mp3jq_182.exe	nsis_installer_2

Files

Download.rar
.rar
Download/Download/123dhsilent.exe
.exe windows x86

23320647b941620e2c21bb5a1f3f26b8

Code Sign

02:d4:f2:de:42:3a:b4:b4:70:c1:ef:16:33:db:74:50
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/02/2023, 00:00

Not After

10/02/2024, 23:59

Subject

CN=海南好望科技有限公司,O=海南好望科技有限公司,L=海口市,ST=海南省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:7b:31:ac:a2:57:f0:c0:50:b1:7d:7c:6c:ec:5a:6e:16:db:6e:f0
Signer

Actual PE Digest

ba:7b:31:ac:a2:57:f0:c0:50:b1:7d:7c:6c:ec:5a:6e:16:db:6e:f0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=海南好望科技有限公司,O=海南好望科技有限公司,L=海口市,ST=海南省,C=CN

22/04/2023, 06:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
WSACreateEvent
send
getsockopt
WSAIoctl
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
inet_ntoa
gethostbyname
gethostname
ioctlsocket
getpeername
recvfrom
ntohs
WSASetLastError
WSACleanup
setsockopt
freeaddrinfo
WSAStartup
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
WSAEnumNetworkEvents
closesocket
sendto
htons
inet_addr
socket
__WSAFDIsSet

kernel32

CreateDirectoryW
FreeResource
FindResourceW
LoadResource
SizeofResource
GetProcAddress
GetModuleHandleA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
CloseHandle
CreateMutexW
VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
GetModuleFileNameW
LockResource
DeleteFileW
CreateThread
WaitForSingleObject
OutputDebugStringW
lstrcatW
Sleep
GetLocalTime
lstrlenW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
FormatMessageW
MoveFileExW
ExpandEnvironmentStringsW
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
SleepEx
SetEvent
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
LoadLibraryW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentThreadId
lstrcpyW
GetTimeFormatW
CompareStringW
LCMapStringW
GetSystemTimeAsFileTime
InitializeSListHead
GlobalAlloc
GlobalLock
GetFileSizeEx
GlobalUnlock
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
WaitForSingleObjectEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
SetStdHandle
CreateFileW
WriteFile
SetCurrentDirectoryW
GetCurrentDirectoryW
SetFileAttributesW
GlobalFree
WriteConsoleW
GetTimeZoneInformation
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
SetEndOfFile
IsDebuggerPresent

user32

MessageBoxW
SetRect
KillTimer
ShowWindow
wsprintfW
SetTimer
PostQuitMessage
DefWindowProcW
DispatchMessageW
InvalidateRect
ReleaseCapture
SetCapture
OffsetRect
PtInRect
TrackMouseEvent
ScreenToClient
EndPaint
BeginPaint
IsRectEmpty
IntersectRect
SetWindowPos
GetSystemMetrics
GetClientRect
DestroyWindow
TranslateMessage
GetMessageW
PostMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetPropW
SetPropW
LoadStringW

advapi32

CryptDestroyHash
RegCloseKey
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptHashData
CryptCreateHash
RegCreateKeyExW

shell32

SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashW
PathAppendW
PathCombineW
PathIsRelativeW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

bcrypt

BCryptGenRandom

gdiplus

GdipDisposeImage
GdipFillRectangleI
GdipDrawRectangleI
GdipFillPath
GdipDrawPath
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipCreatePen2
GdipDrawImageRectRect
GdipRestoreGraphics
GdipSaveGraphics
GdipTranslateWorldTransform
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipCloneImage
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipLoadImageFromStream
GdipCreateFontFamilyFromName
GdipDrawImagePointRectI
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdipGetImageWidth
GdipGetGenericFontFamilySansSerif

wldap32

ord145
ord219
ord46
ord14
ord216
ord41
ord117
ord26
ord27
ord127
ord167
ord301
ord147
ord133
ord79
ord142
ord208

gdi32

BitBlt
SelectObject
CreateDIBSection
DeleteObject
DeleteDC
CreateCompatibleDC

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Download/Download/iSearch_1005.exe
.exe windows x86

07bfd3b34fd54d28ac3612fcdee900cf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:ef:4c:47:22:60:6e:c9:69:42:96:68:df:9d:9c:e0
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

12/12/2022, 00:00

Not After

12/12/2023, 23:59

Subject

CN=Anhui Aiqi Network Technology Co.\, Ltd,O=Anhui Aiqi Network Technology Co.\, Ltd,ST=Anhui Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:9c:68:dd:80:57:48:b0:b9:08:e5:fb:23:66:1a:5b:b0:05:b0:1e
Signer

Actual PE Digest

33:9c:68:dd:80:57:48:b0:b9:08:e5:fb:23:66:1a:5b:b0:05:b0:1e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Anhui Aiqi Network Technology Co.\, Ltd,O=Anhui Aiqi Network Technology Co.\, Ltd,ST=Anhui Sheng,C=CN

22/04/2023, 06:34
Valid: true

Chain 1

CN=Anhui Aiqi Network Technology Co.\, Ltd,O=Anhui Aiqi Network Technology Co.\, Ltd,ST=Anhui Sheng,C=CN

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
GetStdHandle
GetFileInformationByHandle
GetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
VirtualAlloc
VirtualFree
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
WaitForSingleObject
GetTempFileNameW
QueryDosDeviceW
TerminateProcess
WritePrivateProfileStringW
CreateFileA
GetFileSize
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjects
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
PeekNamedPipe
GetFileType
ExpandEnvironmentStringsA
FormatMessageA
ResetEvent
IsDebuggerPresent
OutputDebugStringW
ReadConsoleInputA
CreateFileW
MoveFileExW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
DecodePointer
FlushConsoleInputBuffer
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
Sleep
InterlockedExchange
InterlockedCompareExchange
GetLastError
GetModuleHandleW
GetTickCount
GetModuleFileNameW
CreateDirectoryW
lstrcpynW
LoadLibraryA
GlobalMemoryStatus
SetEnvironmentVariableA
WriteConsoleW
SetConsoleMode
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleHandleExW
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
AreFileApisANSI
GetFileAttributesW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
CreateThread
GetFullPathNameW
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
UnmapViewOfFile
GetLocalTime
GetStringTypeW
EncodePointer

user32

GetMessageW
DestroyWindow
GetWindowLongW
DefWindowProcW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
FindWindowA
SendMessageTimeoutW
SetWindowLongW
CharUpperW
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegisterEventSourceA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
DeregisterEventSource
ReportEventA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen

shlwapi

PathAddBackslashW
PathFileExistsW
PathIsDirectoryW
StrCmpNIW

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
getsockopt
closesocket
WSASetLastError
socket
bind
recv
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
setsockopt
getsockname
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
WSACleanup

wldap32

ord127
ord41
ord27
ord147
ord167
ord145
ord14
ord216
ord79
ord118
ord208
ord133
ord142
ord46
ord301
ord26

Sections

.text
Size: 884KB - Virtual size: 884KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Download/Download/installer_1.0.0.1_hyf24.exe
.exe windows x86

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/02/2023, 00:00

Not After

02/02/2024, 23:59

Subject

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/02/2023, 00:00

Not After

02/02/2024, 23:59

Subject

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ad:0c:d8:93:70:b7:fd:aa:67:58:fc:36:b6:7c:21:8e:f5:97:64:72:88:7f:85:8f:05:0a:3f:7f:90:b9:47
Signer

Actual PE Digest

0f:ad:0c:d8:93:70:b7:fd:aa:67:58:fc:36:b6:7c:21:8e:f5:97:64:72:88:7f:85:8f:05:0a:3f:7f:90:b9:47

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

07/04/2023, 01:07
Valid: true

Chain 1

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

4c:07:d4:21:89:34:04:d0:b2:cc:c5:dd:af:43:45:1a:7d:46:fe:a8
Signer

Actual PE Digest

4c:07:d4:21:89:34:04:d0:b2:cc:c5:dd:af:43:45:1a:7d:46:fe:a8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

07/04/2023, 01:07
Valid: true

Chain 1

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Download/Download/mp3jq_182.exe
.exe windows x86

2cc72a761896f6e0e6e77fd91993bcff

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:2e:0d:46:07:df:33:21:31:03:84:e3:19:bc:89:8d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27/10/2022, 00:00

Not After

26/10/2025, 23:59

Subject

CN=武汉静之网络有限公司,O=武汉静之网络有限公司,ST=湖北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:b7:c4:4c:27:20:33:35:90:e3:bc:e5:30:7d:d1:74:b2:74:cb:73:b8:85:1b:0f:18:c0:ce:37:72:70:35:ae
Signer

Actual PE Digest

3b:b7:c4:4c:27:20:33:35:90:e3:bc:e5:30:7d:d1:74:b2:74:cb:73:b8:85:1b:0f:18:c0:ce:37:72:70:35:ae

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=武汉静之网络有限公司,O=武汉静之网络有限公司,ST=湖北省,C=CN

11/04/2023, 02:25
Valid: true

Chain 1

CN=武汉静之网络有限公司,O=武汉静之网络有限公司,ST=湖北省,C=CN

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameA
GetVersion
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
Sleep
GetLastError
CreateDirectoryA
CreateProcessA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryA
lstrcpyA
GetFileSize
MoveFileExA
SetFileAttributesA
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetModuleHandleA
LoadLibraryExA
MulDiv
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CreateThread

user32

IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
CallWindowProcA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetSysColor
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
GetMessagePos
ScreenToClient
CheckDlgButton
LoadCursorA
SetCursor
GetClassInfoA
GetWindowLongA
ShowWindow
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegEnumValueA
LookupPrivilegeValueA

comctl32

ImageList_Destroy
ImageList_AddMasked
ord17
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23320647b941620e2c21bb5a1f3f26b8

Code Sign

02:d4:f2:de:42:3a:b4:b4:70:c1:ef:16:33:db:74:50Certificate

Extended Key Usages

Key Usages

ba:7b:31:ac:a2:57:f0:c0:50:b1:7d:7c:6c:ec:5a:6e:16:db:6e:f0Signer

Signature Validations

Verification

22/04/2023, 06:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

bcrypt

gdiplus

wldap32

gdi32

Sections

.text Size: 472KB - Virtual size: 472KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 18KB - Virtual size: 17KB

07bfd3b34fd54d28ac3612fcdee900cf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

dd:ef:4c:47:22:60:6e:c9:69:42:96:68:df:9d:9c:e0Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

33:9c:68:dd:80:57:48:b0:b9:08:e5:fb:23:66:1a:5b:b0:05:b0:1eSigner

Signature Validations

Verification

22/04/2023, 06:34 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

iphlpapi

ws2_32

wldap32

Sections

.text Size: 884KB - Virtual size: 884KB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 12KB - Virtual size: 36KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 40KB - Virtual size: 40KB

Code Sign

02:d4:f2:de:42:3a:b4:b4:70:c1:ef:16:33:db:74:50
Certificate

ba:7b:31:ac:a2:57:f0:c0:50:b1:7d:7c:6c:ec:5a:6e:16:db:6e:f0
Signer

22/04/2023, 06:34
Valid: false

.text
Size: 472KB - Virtual size: 472KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 18KB - Virtual size: 17KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

dd:ef:4c:47:22:60:6e:c9:69:42:96:68:df:9d:9c:e0
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

33:9c:68:dd:80:57:48:b0:b9:08:e5:fb:23:66:1a:5b:b0:05:b0:1e
Signer

22/04/2023, 06:34
Valid: true

.text
Size: 884KB - Virtual size: 884KB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 12KB - Virtual size: 36KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 40KB - Virtual size: 40KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:ad:0c:d8:93:70:b7:fd:aa:67:58:fc:36:b6:7c:21:8e:f5:97:64:72:88:7f:85:8f:05:0a:3f:7f:90:b9:47
Signer

07/04/2023, 01:07
Valid: true

4c:07:d4:21:89:34:04:d0:b2:cc:c5:dd:af:43:45:1a:7d:46:fe:a8
Signer

07/04/2023, 01:07
Valid: true

UPX0
Size: - Virtual size: 1.9MB

UPX1
Size: 4.9MB - Virtual size: 4.9MB

.rsrc
Size: 71KB - Virtual size: 72KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

f0:2e:0d:46:07:df:33:21:31:03:84:e3:19:bc:89:8d
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

3b:b7:c4:4c:27:20:33:35:90:e3:bc:e5:30:7d:d1:74:b2:74:cb:73:b8:85:1b:0f:18:c0:ce:37:72:70:35:ae
Signer