4a0215bc7ecd04f755b56c0bb349a2654ff4dfcb0b011b07837a8a0d17f3ae29

Sharing

Copy URL Twitter E-mail

General

Target

4a0215bc7ecd04f755b56c0bb349a2654ff4dfcb0b011b07837a8a0d17f3ae29
Size

249KB
MD5

ee39c818c29e1733f0c4f37648477aba
SHA1

ed15279d2a86d32ce5aa795661b8b94dea548b94
SHA256

4a0215bc7ecd04f755b56c0bb349a2654ff4dfcb0b011b07837a8a0d17f3ae29
SHA512

f97534f23acdb5b40dea3114dfc23c068c058cd4a6b9cc947c2b1a7b6a047946122943814b230070a991c86e8c9416511234ff4d9e08d6c3fce7ae08637e451e
SSDEEP

6144:WBYGzctNXSa7P6qD19zL4Po4JzlTBaS7JOf/j/BV+UdvrEFp7hKT:WBYGzctNXL7P6qD19P4Po4BlTwBBjvr9

Score

1^/10

Malware Config

Signatures

Files

4a0215bc7ecd04f755b56c0bb349a2654ff4dfcb0b011b07837a8a0d17f3ae29
.dll windows:5 windows x86

afb73ad19b64568bf2b8ff6bfd3894b2

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/01/2023, 06:40

Not After

06/01/2026, 06:40

Subject

CN=Shenzhen Aidapu Network Technology Co.\,Ltd.,O=Shenzhen Aidapu Network Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:cb:4a:dd:14:01:b7:2f:30:f9:0b:49:6b:94:70:12:ec:d4:34:8a
Signer

Actual PE Digest

a9:cb:4a:dd:14:01:b7:2f:30:f9:0b:49:6b:94:70:12:ec:d4:34:8a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
MultiByteToWideChar
GetLastError
GetProcAddress
FindClose
Process32Next
RemoveDirectoryW
GetSystemInfo
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
CloseHandle
CreateFileA
WideCharToMultiByte
SetFilePointer
DeleteVolumeMountPointA
GetLogicalDrives
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
DeviceIoControl
FindFirstVolumeA
FindNextVolumeA
CreateThread
MapViewOfFile
UnmapViewOfFile
GetTempPathW
CreateFileMappingA
WaitForSingleObject
CreateDirectoryW
Process32First
FindFirstFileW
DeleteFileW
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindVolumeClose
InitializeCriticalSection
DecodePointer
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
EncodePointer

advapi32

OpenSCManagerA
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
OpenServiceA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
CoCreateInstance

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

ws2_32

connect
accept
listen
send
closesocket
socket
bind
inet_addr
recv
setsockopt
htons
select
htonl

shlwapi

PathFileExistsW
StrStrIA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
CM_Get_Device_IDA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

libzip

zip_source_file_w
zip_fopen_index
zip_fread
zip_close
zip_open_w
zip_fclose
zip_get_num_entries
zip_file_add
zip_source_buffer
zip_source_free
zip_get_name
zip_file_rename

libplist2

plist_array_get_size
plist_array_append_item
plist_array_get_item
plist_new_string
plist_copy
plist_to_bin
plist_from_xml
plist_get_string_val
plist_from_bin
plist_new_uid
plist_new_real
plist_set_string_val
plist_get_data_ptr
plist_dict_new_iter
plist_dict_next_item
plist_get_node_type
plist_free
plist_get_uint_val
plist_to_xml
plist_new_uint
plist_new_dict
plist_get_data_val
plist_new_bool
plist_get_string_ptr
plist_dict_get_item
plist_new_data
plist_new_array
plist_dict_set_item
plist_get_bool_val

libcrypto-1_1

X509_set_version
ASN1_TIME_new
RSA_new
EVP_PKEY_free
BIO_s_mem
X509_set_serialNumber
ASN1_INTEGER_free
ASN1_INTEGER_new
PEM_read_bio_RSAPublicKey
X509_set1_notAfter
X509_set1_notBefore
BIO_push
BIO_free_all
SHA1
SHA256
OCSP_sendreq_new
BIO_test_flags
OCSP_cert_to_id
OCSP_REQUEST_new
CMS_add1_signer
OPENSSL_sk_num
SHA1_Update
CMS_sign
EVP_get_digestbyname
SHA1_Final
BIO_ctrl
ASN1_object_size
PKCS12_free
OCSP_REQ_CTX_add1_header
OCSP_REQ_CTX_free
PKCS12_parse
OPENSSL_sk_new_null
CMS_ContentInfo_free
SHA256_Update
OCSP_request_add0_id
OPENSSL_sk_value
ASN1_OCTET_STRING_free
d2i_X509_bio
X509_NAME_get_text_by_NID
X509_INFO_free
AUTHORITY_KEYID_free
PEM_X509_INFO_read_bio
d2i_CMS_bio
OCSP_RESPONSE_free
OCSP_response_get1_basic
OCSP_sendreq_nbio
ASN1_OCTET_STRING_new
OPENSSL_sk_push
SHA256_Init
d2i_PKCS12_bio
CMS_get0_content
OCSP_BASICRESP_free
OCSP_REQ_CTX_set1_req
OCSP_parse_url
OCSP_REQUEST_free
OPENSSL_sk_pop_free
CRYPTO_free
X509_get_ext_d2i
OBJ_nid2obj
i2d_ASN1_OCTET_STRING
ASN1_put_object
OBJ_ln2nid
ASN1_OCTET_STRING_set
OCSP_resp_find_status
X509_email_free
SHA1_Init
ASN1_TIME_free
CMS_final
i2d_CMS_ContentInfo
BIO_new_connect
i2d_ASN1_OBJECT
SHA256_Final
X509_get_subject_name
EVP_PKEY_new
BN_new
X509_set_pubkey
X509_new
X509_sign
ASN1_TIME_set
PEM_write_bio_X509
X509_add_ext
X509_EXTENSION_free
ASN1_INTEGER_set
BN_set_word
PEM_write_bio_PrivateKey
X509V3_EXT_cleanup
X509V3_set_ctx
EVP_PKEY_assign
RSA_generate_key_ex
X509V3_EXT_conf_nid
EVP_sha1
BN_free
X509_free
BIO_new
PEM_read_bio_RSAPrivateKey
BIO_new_mem_buf
BIO_int_ctrl
PEM_read_bio_X509
RSA_free
BIO_free
BIO_s_socket
X509_get1_ocsp
CMS_signed_add1_attr_by_txt

libssl-1_1

SSL_CTX_ctrl
SSL_CTX_use_certificate
SSL_set_bio
SSL_get_version
SSL_CTX_use_RSAPrivateKey
BIO_new_ssl
SSL_set_connect_state
SSL_CTX_set_options
SSL_read
SSL_CTX_free
SSL_free
SSL_write
SSL_CTX_new
SSL_get_current_cipher
SSL_shutdown
SSL_new
SSL_CIPHER_get_name
SSL_do_handshake
SSL_get_error
TLS_method
TLS_client_method
SSL_set_verify

msvcr100

_CxxThrowException
memcpy
memset
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?_wopen@@YAHPB_WHH@Z
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
sprintf
_close
_get_osfhandle
ldiv
_wrename
_itow
_wstat64
_fstat64i32
strtoul
strchr
_strnicmp
_wcsicmp
_wcsdup
fseek
ftell
fwrite
memchr
wcsncpy
strstr
rewind
calloc
_snwprintf
_mbsicmp
_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__iob_func
_time64
_strdup
_errno
strerror
fclose
realloc
fread
_snprintf
_wfopen
malloc
free
strncmp
__CxxFrameHandler3

Exports

Exports

AMDServiceIsRun
close_screenshotr
device_monitor
get_screenshotr
get_udisk_list
init_dll_other
init_screenshotr
ios_close_simulatelocation
ios_del_device
ios_get_device_id
ios_get_running_processes
ios_init_instruments
ios_init_simulatelocation
ios_kill_processes
ios_log_start
ios_log_stop
ios_log_wait
ios_new_device
ios_p12_mob_match_check
ios_p12_ocsp_check
ios_reset_simulatelocation
ios_set_simulatelocation
ios_sign_ipa
ios_sign_ipa2
iproxy
write_img_to_udisk
zip_add_from_buf
zip_add_from_file
zip_find_file
zip_read_small_file_index

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afb73ad19b64568bf2b8ff6bfd3894b2

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31Certificate

Extended Key Usages

Key Usages

a9:cb:4a:dd:14:01:b7:2f:30:f9:0b:49:6b:94:70:12:ec:d4:34:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

msvcp100

ws2_32

shlwapi

setupapi

libzip

libplist2

libcrypto-1_1

libssl-1_1

msvcr100

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

a9:cb:4a:dd:14:01:b7:2f:30:f9:0b:49:6b:94:70:12:ec:d4:34:8a
Signer

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB