Xiaomi_PC_Suite_3[.]2[.]1[.]3111[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Xiaomi_PC_Suite_3.2.1.3111.exe
Size

40.1MB
MD5

0dd5989068ebe10da47c10c61a199b65
SHA1

97410aa51eedbf7dd7e6dc65d43747cc840e940f
SHA256

66e115746cf2c7781ea0e517ca4710995849bf504637c6895052376bbd608882
SHA512

58ae16e958ef79bf980ae30a21757c6e6467d219a30652d2b58766b65113cb79a3d60b2586fa99824c044245e92c006c54821dc1a5e6cd13fcc8e00a5b6e55f4
SSDEEP

786432:SKwXg3c93rCfhSVZudTlMpBMokG0lIe7Na9OdtiojJl3GVAs92UCW8SAWIKfX:TSGKBMoslnomEaGVAs92/YAo

Score

1^/10

Malware Config

Signatures

Files

Xiaomi_PC_Suite_3.2.1.3111.exe
.exe windows:5 windows x86 arch:x86

2a63f2294bc35156a6e37994d5da5546

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/07/2015, 00:00

Not After

27/07/2018, 23:59

Subject

CN=Xiaomi Technology Inc,O=Xiaomi Technology Inc,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:bf:cf:ef:ca:30:17:ff:2e:ed:24:86:85:54:51:65:34:1a:f7:01
Signer

Actual PE Digest

06:bf:cf:ef:ca:30:17:ff:2e:ed:24:86:85:54:51:65:34:1a:f7:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TeamCity_WorkSpace\Global\src\ReleaseLib\MiSetup.pdb

Imports

wininet

InternetGetConnectedState

kernel32

ReadConsoleInputA
SetConsoleMode
LoadLibraryW
FreeLibrary
RemoveDirectoryW
TerminateProcess
GetFileAttributesW
GetExitCodeProcess
GetTickCount
SetDllDirectoryW
FreeResource
FindNextFileW
FindClose
FindFirstFileW
LocalFree
DeleteFileW
DeleteCriticalSection
OpenEventW
FreeEnvironmentStringsW
DecodePointer
CreateEventW
GetLocalTime
GetProcAddress
RaiseException
CopyFileW
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
OutputDebugStringW
SetEvent
GetEnvironmentStringsW
GetDriveTypeW
GetCurrentProcessId
GetTempFileNameW
GetCommandLineW
GetLastError
GetStartupInfoW
Sleep
ExpandEnvironmentStringsA
VerifyVersionInfoW
SleepEx
VerSetConditionMask
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetVersion
SetEnvironmentVariableA
WriteConsoleW
GetTimeZoneInformation
ReadConsoleW
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
UnhandledExceptionFilter
RtlUnwind
GetCPInfo
SetConsoleCtrlHandler
ExitThread
AreFileApisANSI
ExitProcess
GetFileType
SetStdHandle
GetConsoleMode
GetConsoleCP
GetFullPathNameW
IsProcessorFeaturePresent
EncodePointer
GetStringTypeW
MulDiv
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
WaitForSingleObject
CreateProcessW
LockResource
GetTempPathW
SizeofResource
LoadResource
FindResourceW
CloseHandle
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
FileTimeToLocalFileTime
GetNativeSystemInfo
GetUserDefaultLangID
InitializeCriticalSection
GetUserDefaultUILanguage
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchange
GetQueuedCompletionStatus
SetUnhandledExceptionFilter
WaitForMultipleObjects
GlobalFree
GetDiskFreeSpaceExW
PeekNamedPipe
MoveFileExW
GetCurrentProcess
GetLogicalDriveStringsW
CreateDirectoryW
GetCurrentDirectoryW
SetLastError
CreateFileMappingW
GetFileAttributesExW
GetVolumeInformationW
InterlockedExchangeAdd
InterlockedCompareExchange
CreateMutexW
FormatMessageA
GetModuleFileNameW
GetModuleHandleA
ReleaseMutex
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
OpenProcess
FindFirstFileExW
GetVersionExW
GetCurrentThreadId
IsDebuggerPresent
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
TlsGetValue
InterlockedIncrement
TlsSetValue
TlsAlloc
TlsFree
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileAttributesW
TerminateThread
GetExitCodeThread

user32

SetRectEmpty
GetWindowRect
GetMessageW
IsIconic
SetLayeredWindowAttributes
ShowWindow
MessageBoxW
GetSysColor
ClientToScreen
SetCaretPos
IntersectRect
GetWindow
GetPropW
IsWindow
GetSystemMetrics
PostMessageW
LoadIconW
SetClassLongW
SetCursor
CharNextA
EndPaint
UpdateLayeredWindow
BeginPaint
SetForegroundWindow
TranslateMessage
GetWindowLongW
SystemParametersInfoW
SetWindowLongW
SetWindowPos
GetDesktopWindow
SetWindowTextW
MapWindowPoints
DispatchMessageW
HideCaret
GetProcessWindowStation
GetUserObjectInformationW
ShowCaret
GetActiveWindow
SendMessageW
LoadStringW
GetKeyState
DefWindowProcW
CreateWindowExW
PeekMessageW
RegisterClassExW
KillTimer
PostQuitMessage
SetTimer
DestroyWindow
SetPropW
GetClassInfoExW
LoadCursorW
CharNextW
IsRectEmpty
PtInRect
SetRect
CharPrevW
DrawIconEx
FillRect
DrawFocusRect
GetParent
IsWindowVisible
EnableWindow
InvalidateRect
SetActiveWindow
MsgWaitForMultipleObjects
GetClientRect
SetFocus
MoveWindow
RegisterWindowMessageW
GetDC
ReleaseDC
SetCapture
ReleaseCapture
GetFocus
GetCursorPos
ScreenToClient
CreateCaret

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
GetUserNameW
CryptAcquireContextW

shell32

ord680
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
PropVariantClear
CoCreateInstance
OleInitialize
CoInitialize
OleUninitialize

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathAppendW
SHStrDupW
PathCombineW
PathFileExistsW

winmm

timeGetTime

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

setupapi

CMP_WaitNoPendingInstallEvents

netapi32

NetWkstaTransportEnum
NetApiBufferFree

iphlpapi

GetAdaptersInfo

gdiplus

GdipSetClipHrgn
GdipCreateRegionHrgn
GdipDeleteRegion
GdipGetFontCollectionFamilyCount
GdipDrawImageRectRectI
GdipCloneFontFamily
GdipNewInstalledFontCollection
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipGetFamilyName
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipDrawImageI
GdipDisposeImageAttributes
GdipMeasureString
GdipDeleteFont
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawImagePointRectI
GdipLoadImageFromStream
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawString
GdipFillRegion
GdipFillRectangleI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorKeys
GdipDeleteFontFamily

comctl32

ord17
ImageList_Destroy
ImageList_Create
_TrackMouseEvent

msimg32

TransparentBlt

riched20

ord4

imm32

ImmGetContext
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContextEx

ws2_32

listen
recvfrom
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
accept
send
recv
WSASetLastError
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
select
sendto
ioctlsocket
gethostname
getaddrinfo
shutdown
freeaddrinfo
bind

gdi32

SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CreateRectRgn
GetDeviceCaps
GetRgnBox
GetDIBits
RestoreDC
SaveDC
CreateSolidBrush
CreateCompatibleBitmap
ExtTextOutW
GetBkColor
RectInRegion
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectType
BitBlt
StretchBlt
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetTextMetricsW
SelectObject
CreateFontIndirectW
GetObjectW
DeleteObject
GetStockObject
EnumFontFamiliesExW
CombineRgn
GetClipRgn

oleaut32

SysFreeString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a63f2294bc35156a6e37994d5da5546

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

06:bf:cf:ef:ca:30:17:ff:2e:ed:24:86:85:54:51:65:34:1a:f7:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

psapi

version

shlwapi

winmm

wtsapi32

winhttp

setupapi

netapi32

iphlpapi

gdiplus

comctl32

msimg32

riched20

imm32

ws2_32

gdi32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 419KB - Virtual size: 418KB

.data Size: 47KB - Virtual size: 81KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 232KB - Virtual size: 232KB

.reloc Size: 86KB - Virtual size: 85KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

06:bf:cf:ef:ca:30:17:ff:2e:ed:24:86:85:54:51:65:34:1a:f7:01
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 419KB - Virtual size: 418KB

.data
Size: 47KB - Virtual size: 81KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 232KB - Virtual size: 232KB

.reloc
Size: 86KB - Virtual size: 85KB