449343bc9798fdfbada0094a51f6b3c4f587a265425fa79c38e222eefa48aea5

Sharing

Copy URL Twitter E-mail

General

Target

449343bc9798fdfbada0094a51f6b3c4f587a265425fa79c38e222eefa48aea5
Size

10.7MB
MD5

276c508d3bfdaba72d3d9dea87f2d454
SHA1

9a391a0033d87d3e32ff7f41eced7cd22a46acb2
SHA256

449343bc9798fdfbada0094a51f6b3c4f587a265425fa79c38e222eefa48aea5
SHA512

3ad1246fed733f00085a76360f63f49b6b03edf6f6ea9889ee72a54e196f7e449ca18d1d8101ae4358a68b74cfaf4e2485f8b7a3164efe813b12ea5748f7f7b4
SSDEEP

196608:XO51m8Hb8GboBB2gZjexp6WaR1IuoUHcXHilfhfRzmaL4FCQmsidjzh:XOGGbG9BQpTrGcXmzmPtmNdjzh

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/电子发票打印工具/PrintPDF.exe

Files

449343bc9798fdfbada0094a51f6b3c4f587a265425fa79c38e222eefa48aea5
.zip
电子发票打印工具/Microsoft.mshtml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:04:90:0e:61:14:98:12:78:23:70:00:00:00:00:04:90
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:47

Not After

11/05/2023, 20:47

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76
Signer

Actual PE Digest

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76

Digest Algorithm

sha256

PE Digest Matches

true

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76
Signer

Actual PE Digest

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
电子发票打印工具/PrintPDF.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
电子发票打印工具/PrintPDF.exe.config
.xml
电子发票打印工具/Spire.Pdf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:8c:36:28:f1:d3:07:d7:c3:86:b6:58:9f:2a:82:5d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/12/2019, 00:00

Not After

11/12/2022, 23:59

Subject

CN=Chengdu E-iceblue Technology Co.\, Ltd.,O=Chengdu E-iceblue Technology Co.\, Ltd.,POSTALCODE=610041,STREET=Room 601\, Building 5\, Kaile International Center\, 14 Jiuxing Street\, Wuhou District,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:42:72:fd:23:ce:39:90:c7:05:e4:c1:92:cd:b1:3d:16:d1:ab:22
Signer

Actual PE Digest

5d:42:72:fd:23:ce:39:90:c7:05:e4:c1:92:cd:b1:3d:16:d1:ab:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19.1MB - Virtual size: 19.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
电子发票打印工具/关注微信公众号：大飞哥软件自习室.png
.png
- http://weixin.qq.com/r/hEzg_GzEcTEOrSib9xmW
电子发票打印工具/大飞哥软件自习室您身边的软件学习小帮手.url
.url

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:04:90:0e:61:14:98:12:78:23:70:00:00:00:00:04:90Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76Signer

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 545KB - Virtual size: 544KB

.rsrc Size: 423KB - Virtual size: 423KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

fe:8c:36:28:f1:d3:07:d7:c3:86:b6:58:9f:2a:82:5dCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

5d:42:72:fd:23:ce:39:90:c7:05:e4:c1:92:cd:b1:3d:16:d1:ab:22Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 19.1MB - Virtual size: 19.1MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

33:00:00:04:90:0e:61:14:98:12:78:23:70:00:00:00:00:04:90
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76
Signer

97:5e:78:eb:b7:6a:c0:e8:e6:07:23:25:d4:44:1f:af:67:fe:ca:8c:52:a8:f0:52:b2:e8:7f:df:23:78:b3:76
Signer

.text
Size: 7.6MB - Virtual size: 7.6MB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 545KB - Virtual size: 544KB

.rsrc
Size: 423KB - Virtual size: 423KB

.reloc
Size: 512B - Virtual size: 12B

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

fe:8c:36:28:f1:d3:07:d7:c3:86:b6:58:9f:2a:82:5d
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

5d:42:72:fd:23:ce:39:90:c7:05:e4:c1:92:cd:b1:3d:16:d1:ab:22
Signer

.text
Size: 19.1MB - Virtual size: 19.1MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B