稻壳阅读器安装程序[.]zip

Resubmissions

21/02/2024, 03:01

240221-dhwd9saf98 1

Sharing

Copy URL Twitter E-mail

General

Target

稻壳阅读器安装程序.zip
Size

4.8MB
MD5

baadf53bf0589d8cc799cc235d577d06
SHA1

9fade27e7cec2eb0285508ff7fa0ec96b640246c
SHA256

8b2082eefff38afd872eb0cbc618d068776a965cd8517a7c547c378b2a77fba5
SHA512

266a7bb81f8dacd9a484542905f69eeec85e7dc516f2dd248c172fc2827ef50efa6157226600ee60aa783941994b308b2433b2973a43a67852c03e95ecb92f58
SSDEEP

98304:252/4KtSkV7SQhOQsmabNUorHsf1AhpPoaX7QhF/Q2k:252wKtV1E2or1xXEhFo2k

Score

1^/10

Malware Config

Signatures

Files

稻壳阅读器安装程序.zip
.zip

Password: Gates@123
稻壳阅读器安装程序.exe
.exe windows:5 windows x86 arch:x86

Password: Gates@123

6d809f46dc6b775922aa5eb6c81aa8bc

Code Sign

0b:8c:7b:25:56:ac:07:2c:77:13:de:2e:3e:0e:8c:24
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/07/2020, 00:00

Not After

12/07/2023, 12:00

Subject

CN=Beijing Zhike Online Technology Co.\, Ltd.,O=Beijing Zhike Online Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c3:5d:f4:34:25:84:83:76:ef:21:95:0d:98:6f:85
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/07/2020, 00:00

Not After

12/07/2023, 12:00

Subject

CN=Beijing Zhike Online Technology Co.\, Ltd.,O=Beijing Zhike Online Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:ad:92:b7:00:b9:eb:36:bb:63:34:c4:db:f2:e6:55:3b:10:cb:9d:96:e4:95:e4:64:f0:6c:e6:d6:0e:84:f9
Signer

Actual PE Digest

a8:ad:92:b7:00:b9:eb:36:bb:63:34:c4:db:f2:e6:55:3b:10:cb:9d:96:e4:95:e4:64:f0:6c:e6:d6:0e:84:f9

Digest Algorithm

sha256

PE Digest Matches

true

fe:eb:8c:3a:31:ef:e8:37:14:5c:c5:73:5d:1d:89:26:a4:30:44:9b
Signer

Actual PE Digest

fe:eb:8c:3a:31:ef:e8:37:14:5c:c5:73:5d:1d:89:26:a4:30:44:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\DocBoxReader\rel\Installer.pdb

Imports

comctl32

ord410
ord413
ord412
InitCommonControlsEx

gdiplus

GdipDeletePen
GdipCreatePen1
GdipGetImageHeight
GdipDrawLineI
GdipSetPenEndCap
GdipDrawImageRectRect
GdipFillEllipse
GdipFillEllipseI
GdipDrawImageRectRectI
GdipSetStringFormatAlign
GdipDrawImagePointRectI
GdipTranslateWorldTransform
GdipDeleteFont
GdipSetCompositingMode
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipRotateWorldTransform
GdipSetTextRenderingHint
GdipFillRectangle
GdipDrawRectangle
GdipSetPenWidth
GdipAddPathLine2I
GdipCreateBitmapFromHBITMAP
GdipFillPath
GdipCreatePath
GdipGetPixelOffsetMode
GdipDeletePath
GdipSetPenStartCap
GdipMeasureString
GdipGetImageWidth
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteFontFamily
GdipSetCompositingQuality
GdipCreateFontFamilyFromName
GdipCloneImage
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipSetSmoothingMode
GdipSetStringFormatLineAlign
GdipCreateFont
GdipSetInterpolationMode
GdipCreateSolidFill
GdipSetPixelOffsetMode
GdipSetPageUnit
GdipGetGenericFontFamilySansSerif
GdipFree
GdipDrawString
GdipResetWorldTransform
GdipCreateFromHDC
GdipDrawEllipseI

shlwapi

PathIsRelativeW
PathAppendW
SHSetValueW
SHDeleteKeyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

FlushFileBuffers
GetStringTypeW
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
LCMapStringW
HeapSize
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
SetConsoleCtrlHandler
GetFileType
SetFilePointerEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
ExitProcess
InitializeCriticalSectionAndSpinCount
FreeLibrary
CreateProcessW
GetWindowsDirectoryW
GetStdHandle
WriteConsoleW
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetLastError
SetEvent
CloseHandle
ResetEvent
HeapCreate
HeapFree
GetCurrentProcess
OutputDebugStringA
TerminateProcess
GetEnvironmentVariableA
GetCurrentThreadId
GetVersionExW
GetLocaleInfoA
CreateToolhelp32Snapshot
CreateEventW
HeapReAlloc
GetSystemInfo
CreateThread
HeapAlloc
Module32FirstW
HeapDestroy
GetCurrentProcessId
GlobalMemoryStatusEx
Module32NextW
SetUnhandledExceptionFilter
GetUserDefaultUILanguage
SizeofResource
FindFirstFileW
GetCommandLineW
FindNextFileW
GetModuleFileNameW
SetErrorMode
FindClose
OpenProcess
Sleep
Process32NextW
LockResource
QueryPerformanceFrequency
GlobalAlloc
Process32FirstW
GlobalFree
LoadResource
FindResourceW
GetLocalTime
GlobalLock
GetModuleHandleW
QueryPerformanceCounter
GlobalUnlock
MulDiv
LoadLibraryW
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameA
Thread32Next
Thread32First
CreateFileW
SuspendThread
ResumeThread
GetModuleHandleA
GetCurrentThread
GetThreadContext
FormatMessageA
VirtualQuery
OpenThread
OutputDebugStringW
WriteFile
SetFileTime
CreateDirectoryW
ReadFile
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
GetTempPathW
GetFileInformationByHandle
GetFileAttributesExW
DeleteFileW
SetEndOfFile
LocalFree
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetSystemDirectoryW
GetStartupInfoW
DecodePointer

user32

GetClientRect
FindWindowW
LoadIconW
TranslateMessage
SetFocus
PeekMessageW
GetMonitorInfoW
IsDialogMessageW
SetTimer
DispatchMessageW
ShowWindow
GetWindowPlacement
RegisterClassExW
MsgWaitForMultipleObjects
SetWindowTextW
CreateWindowExW
MonitorFromWindow
MessageBoxW
SetWindowPos
GetDC
GetWindowRect
DefWindowProcW
wsprintfW
GetParent
GetWindowThreadProcessId
DestroyWindow
SetWindowLongW
SetCursor
GetWindowDC
LoadCursorW
MoveWindow
MapWindowPoints
MonitorFromRect
GetWindowLongW
TrackMouseEvent
SetWindowRgn
GetMessageExtraInfo
RedrawWindow
GetScrollInfo
GetWindowRgn
PostMessageW
SendMessageW
GetSystemMetrics
SystemParametersInfoW
wsprintfA
EnableWindow
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
UpdateWindow
GetDesktopWindow
PostQuitMessage
KillTimer
GetDlgItem
GetKeyState

gdi32

GetDeviceCaps
SetWorldTransform
CreateFontIndirectW
DeleteObject
SetBkMode
GetTextExtentPoint32W
DeleteDC
SetGraphicsMode
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
CreateSolidBrush
SetBkColor
SetTextColor
PtInRegion
CreateRectRgn

advapi32

BuildExplicitAccessWithNameW
RegCloseKey
GetTokenInformation
DuplicateTokenEx
CheckTokenMembership
FreeSid
OpenProcessToken
ImpersonateLoggedOnUser
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteKeyW
RevertToSelf
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoInitialize
CreateStreamOnHGlobal
CoUninitialize

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: Gates@123

Password: Gates@123

6d809f46dc6b775922aa5eb6c81aa8bc

Code Sign

0b:8c:7b:25:56:ac:07:2c:77:13:de:2e:3e:0e:8c:24Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:c3:5d:f4:34:25:84:83:76:ef:21:95:0d:98:6f:85Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a8:ad:92:b7:00:b9:eb:36:bb:63:34:c4:db:f2:e6:55:3b:10:cb:9d:96:e4:95:e4:64:f0:6c:e6:d6:0e:84:f9Signer

fe:eb:8c:3a:31:ef:e8:37:14:5c:c5:73:5d:1d:89:26:a4:30:44:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

shlwapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 9KB - Virtual size: 9KB

0b:8c:7b:25:56:ac:07:2c:77:13:de:2e:3e:0e:8c:24
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c3:5d:f4:34:25:84:83:76:ef:21:95:0d:98:6f:85
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a8:ad:92:b7:00:b9:eb:36:bb:63:34:c4:db:f2:e6:55:3b:10:cb:9d:96:e4:95:e4:64:f0:6c:e6:d6:0e:84:f9
Signer

fe:eb:8c:3a:31:ef:e8:37:14:5c:c5:73:5d:1d:89:26:a4:30:44:9b
Signer

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 9KB - Virtual size: 9KB