1366ba2649ba6c9724c477551991d03f3829f85cf554580f6d817215b45b1a80

Sharing

Copy URL Twitter E-mail

General

Target

1366ba2649ba6c9724c477551991d03f3829f85cf554580f6d817215b45b1a80
Size

1.5MB
MD5

7fe32dd14f9aa68158c71664d171f0bb
SHA1

439f2cea611c9235216a24d051341fdafa30728c
SHA256

1366ba2649ba6c9724c477551991d03f3829f85cf554580f6d817215b45b1a80
SHA512

de277071ff0982e38404d79c823f83d2875e0979db4c29cbd8c8a9977226c2f0ec8565d9c2f553db615364c69880d5cb758531c83fb92e334147b3c652fa146d
SSDEEP

24576:lNweGnRgiff6mz3/IDfj6fNViWo5nqyTeVwj8owUJ5iXL9IXb:3bfO6mz3+hWoNqyTCwj8ozJ5yL9IXb

Score

1^/10

Malware Config

Signatures

Files

1366ba2649ba6c9724c477551991d03f3829f85cf554580f6d817215b45b1a80
.exe windows:5 windows x86 arch:x86

62fee017accd2fa5954ce1e2cc403675

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:9b:9a:9e:96:e5:94:8b:1b:94:50:1d:86:bd:b2:02:db:fa:36:44:67:7b:52:6a:08:88:00:01:8e:1c:44:03
Signer

Actual PE Digest

5e:9b:9a:9e:96:e5:94:8b:1b:94:50:1d:86:bd:b2:02:db:fa:36:44:67:7b:52:6a:08:88:00:01:8e:1c:44:03

Digest Algorithm

sha256

PE Digest Matches

false

ab:eb:98:6b:2a:ab:11:54:48:06:9c:37:b5:d1:80:17:4e:35:41:a2
Signer

Actual PE Digest

ab:eb:98:6b:2a:ab:11:54:48:06:9c:37:b5:d1:80:17:4e:35:41:a2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\zhanlue\haocompress\bin\Win32\Release\pdb\HaoCompressUpdate.pdb

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
Sleep
SetErrorMode
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
QueryDosDeviceW
GetCurrentProcess
OpenProcess
ResumeThread
WaitForMultipleObjects
LocalFree
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
GetFileAttributesW
InitializeCriticalSection
FindNextFileW
FindClose
ReadFile
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
GetFileSize
GetFileTime
CreateDirectoryW
GetFullPathNameW
lstrlenW
RemoveDirectoryW
GetTempPathW
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GetWindowsDirectoryW
MoveFileExW
CopyFileW
GetTempFileNameW
MoveFileW
HeapFree
GetVersionExW
GetComputerNameExW
HeapAlloc
GetProcessHeap
GetSystemInfo
GetLogicalDriveStringsW
CreateEventW
SetEvent
ResetEvent
InterlockedExchangeAdd
ExpandEnvironmentStringsW
LoadLibraryA
lstrcatW
lstrcpyW
GetFileSizeEx
FormatMessageW
GetComputerNameW
GetTickCount
GetACP
GlobalMemoryStatusEx
InterlockedExchange
TerminateProcess
LeaveCriticalSection
WideCharToMultiByte
LockResource
GetStdHandle
GetSystemTimeAsFileTime
GetEnvironmentVariableW
FileTimeToSystemTime
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapSize
GetFileType
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
DeviceIoControl
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
GetModuleHandleW
DeleteCriticalSection
DecodePointer
FindResourceW
LoadResource
RaiseException
GetLastError
GetPrivateProfileStringW
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
SetLastError
WritePrivateProfileStringW
SizeofResource
MulDiv
FreeLibrary
GetProcAddress
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
GetCurrentThreadId
LoadLibraryW

user32

CreateWindowExW
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
GetWindowRect
GetWindow
DefWindowProcW
CopyRect
DialogBoxParamW
GetClassInfoExW
TranslateMessage
CharNextW
ShowWindow
DispatchMessageW
GetActiveWindow
UnregisterClassW
MessageBoxW
GetMessageW
EndPaint
BeginPaint
InvalidateRect
GetDlgItem
GetClientRect
MapWindowPoints
GetMonitorInfoW
SetWindowTextW
IsWindowEnabled
RegisterClassExW
PeekMessageW
IsWindow
IsRectEmpty
LoadCursorW
SetWindowLongW
GetParent
ReleaseDC
GetWindowLongW
EndDialog
GetLastActivePopup
GetWindowThreadProcessId
GetClassNameW
SetForegroundWindow
GetForegroundWindow
IsIconic
SetTimer
CallWindowProcW
PostMessageW
FillRect
PostQuitMessage
OffsetRect
SystemParametersInfoW
PtInRect
MonitorFromWindow
SendMessageW
AttachThreadInput

gdi32

BitBlt
DeleteDC
CreateSolidBrush
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC

advapi32

RegDeleteKeyW
RegOpenKeyExW
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontW
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDeleteFont
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipCloneImage
GdipDeleteBrush
GdipDrawImageRectRectI
GdipDisposeImage
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipFree
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeleteGraphics
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipAlloc

imm32

ImmDisableIME

Exports

Exports

CheckSigner

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62fee017accd2fa5954ce1e2cc403675

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5e:9b:9a:9e:96:e5:94:8b:1b:94:50:1d:86:bd:b2:02:db:fa:36:44:67:7b:52:6a:08:88:00:01:8e:1c:44:03Signer

ab:eb:98:6b:2a:ab:11:54:48:06:9c:37:b5:d1:80:17:4e:35:41:a2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 217KB - Virtual size: 216KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 77KB - Virtual size: 77KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5e:9b:9a:9e:96:e5:94:8b:1b:94:50:1d:86:bd:b2:02:db:fa:36:44:67:7b:52:6a:08:88:00:01:8e:1c:44:03
Signer

ab:eb:98:6b:2a:ab:11:54:48:06:9c:37:b5:d1:80:17:4e:35:41:a2
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 77KB - Virtual size: 77KB