c9824baf1396b21231a12a9a5645914827a778895d2c28bfdcc59769ce7e9008

Sharing

Copy URL

Twitter E-mail

General

Target

c9824baf1396b21231a12a9a5645914827a778895d2c28bfdcc59769ce7e9008
Size

2.8MB
MD5

be623ac7e2b9a70931367542e268605c
SHA1

e322d8cec5aa3d931ba8fe1c70d1b3fdc88160fa
SHA256

c9824baf1396b21231a12a9a5645914827a778895d2c28bfdcc59769ce7e9008
SHA512

07b061a165bf457332cd816ff8d8f46395f7624acad2923f36a4a43a452b19518eae8fc978f83a951653abacb1fe5d43d6254e725ab503e3db240957a2dc0636
SSDEEP

49152:lcCwdwu5cvDu+n1e2D+oO6Njyio8xaZduBnXk8eIVZpdY982v7jV6uQ:lKdwu5aDDn1XtO6JyHlczfpaF7jV6uQ

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 6 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ɽ 2005 PRO ɫЯ/Cjktab32.dll	acprotect
static1/unpack001/ɽ 2005 PRO ɫЯ/ECTrans.dll	acprotect
static1/unpack001/ɽ 2005 PRO ɫЯ/Imcs.dll	acprotect
static1/unpack001/ɽ 2005 PRO ɫЯ/Mcs32.dll	acprotect
static1/unpack001/ɽ 2005 PRO ɫЯ/Mcskrl.dll	acprotect
static1/unpack001/ɽ 2005 PRO ɫЯ/XImage32.dll	acprotect

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ɽ 2005 PRO ɫЯ/Cjktab32.dll	upx
static1/unpack001/ɽ 2005 PRO ɫЯ/ECTrans.dll	upx
static1/unpack001/ɽ 2005 PRO ɫЯ/Imcs.dll	upx
static1/unpack001/ɽ 2005 PRO ɫЯ/Mcs32.dll	upx
static1/unpack001/ɽ 2005 PRO ɫЯ/Mcskrl.dll	upx
static1/unpack001/ɽ 2005 PRO ɫЯ/XImage32.dll	upx

Files

c9824baf1396b21231a12a9a5645914827a778895d2c28bfdcc59769ce7e9008
.zip
ɽ 2005 PRO ɫЯ/AITButtons.ini
ɽ 2005 PRO ɫЯ/Cjktab32.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GBF2GBJ
GBJ2GBF
ctCodeDetect
ctConvertFromUnicode
ctConvertString
ctConvertToUnicode
ctLookupPhonet

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/ECTrans.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CloseDiction
OpenDiction
SetProfDictID
SetUserDict
TranslateMenu
TranslateSentence
TranslateUIText

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/Imcs.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CancelComptrans32
ClearHooks32
DoHooks32
EnableHook32
GetCode32
GetFontType32
GetInterfaceType32
GetProcName
GetTransFlag32
InitHooks32
LeftrightComptrans32
SetChnEngMenu32
SetCode32
SetCompatibleFlag32
SetFontType32
SetInterfaceType32
SetProfDictID32
SetTransFlag32
SetUserDict32
UnHooks32
UpdownComptrans32

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/KingTransAbout.BMP
ɽ 2005 PRO ɫЯ/LIB/OLD.DCT
ɽ 2005 PRO ɫЯ/LIB/newcsec.dct
ɽ 2005 PRO ɫЯ/Mcs32.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CancelComptrans32
ClearHooks32
DoHooks32
EnableHook32
GetCode32
GetFontType32
GetInterfaceType32
GetProcName
GetTransFlag32
InitHooks32
LeftrightComptrans32
SetChnEngMenu32
SetCode32
SetCompatibleFlag32
SetFontType32
SetInterfaceType32
SetProfDictID32
SetTransFlag32
SetUserDict32
UnHooks32
UpdownComptrans32

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/Mcskrl.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CancelComptrans32
ClearHooks32
DoHooks32
EnableHook32
GetCode32
GetFontType32
GetInterfaceType32
GetProcName
GetTransFlag32
InitHooks32
LeftrightComptrans32
SetChnEngMenu32
SetCode32
SetCompatibleFlag32
SetFontType32
SetInterfaceType32
SetProfDictID32
SetTransFlag32
SetUserDict32
UnHooks32
UpdownComptrans32

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/Mcsnt.dll
.dll windows x86

624366e2e78cbabe0b7e4f1a4e6bf5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
IsBadReadPtr
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetACP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
WideCharToMultiByte
IsBadWritePtr
CreateFileA
GetFileSize
CloseHandle
ReadFile
VirtualProtect
InitializeCriticalSection
GetModuleFileNameA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualUnlock
IsBadCodePtr
GetModuleHandleA
GetProcAddress
VirtualLock
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
LoadLibraryA

user32

TrackPopupMenuEx
TrackPopupMenu
DrawStateW
DrawStateA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
WindowFromDC
IsWindowUnicode
GetClassNameW
GetClassNameA
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
IsWindow
GetWindowLongA
GetMenu
CallNextHookEx
DrawMenuBar
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageTimeoutA
UnhookWindowsHookEx

gdi32

GetCurrentObject
GetObjectA
GetStockObject
CreateFontIndirectA
GetTextExtentPoint32W
GetTextExtentPointW
GetTextExtentPointA
GetTextExtentPoint32A
ExtTextOutA
SelectObject
TextOutW
TextOutA
DeleteObject
GetTextMetricsA
ExtTextOutW

cjktab32

ctCodeDetect

Exports

Exports

ksHookThread
ksSetMenuState
ksUnhookThread

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ɽ 2005 PRO ɫЯ/XImage32.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

XBMP_DrawFile
XBMP_DrawFile32
XBMP_DrawMemFile
XBMP_GetFileInfo
XBMP_GetMemFileInfo
XDIB_Draw
XDIB_DrawFile
XDIB_DrawPattern
XDIB_DrawTransparent
XDIB_GetFileInfo
XDIB_GetInfo
XDIB_MergeDraw
XGIF_DrawFile
XGIF_GetFileInfo

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/themes/Default/StatusButtons.bmp
ɽ 2005 PRO ɫЯ/themes/Default/back.BMP
ɽ 2005 PRO ɫЯ/themes/Default/background.bmp
ɽ 2005 PRO ɫЯ/themes/Default/borders.bmp
ɽ 2005 PRO ɫЯ/themes/Default/capbutton.bmp
ɽ 2005 PRO ɫЯ/themes/Default/captionbar.bmp
ɽ 2005 PRO ɫЯ/themes/Default/captionbar2.bmp
ɽ 2005 PRO ɫЯ/themes/Default/default.ini
ɽ 2005 PRO ɫЯ/themes/Default/menus.BMP
ɽ 2005 PRO ɫЯ/themes/Default/next.BMP
ɽ 2005 PRO ɫЯ/themes/Default/prev.BMP
ɽ 2005 PRO ɫЯ/themes/Default/preview.bmp
ɽ 2005 PRO ɫЯ/ɽ.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 239KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ɽ 2005 PRO ɫЯ/ʹ˵.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 68KB

UPX1 Size: 149KB - Virtual size: 152KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 17KB - Virtual size: 20KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 9KB - Virtual size: 12KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 10KB - Virtual size: 12KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 12KB - Virtual size: 16KB

UPX2 Size: 1024B - Virtual size: 4KB

624366e2e78cbabe0b7e4f1a4e6bf5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

cjktab32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.sdata Size: 4KB - Virtual size: 16B

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 20KB - Virtual size: 20KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

MEW Size: - Virtual size: 692KB

�uۊ�� Size: 239KB - Virtual size: 300KB

UPX0
Size: - Virtual size: 68KB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 17KB - Virtual size: 20KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 9KB - Virtual size: 12KB

UPX2
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 10KB - Virtual size: 12KB

UPX2
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 12KB - Virtual size: 16KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.sdata
Size: 4KB - Virtual size: 16B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 20KB - Virtual size: 20KB

UPX2
Size: 1024B - Virtual size: 4KB

MEW
Size: - Virtual size: 692KB

�uۊ��
Size: 239KB - Virtual size: 300KB