ab4b18926f257b73cd707004147e7bd21bfc19c7b36c30cdab19a5ed5c4de628

Sharing

Copy URL

Twitter E-mail

General

Target

ab4b18926f257b73cd707004147e7bd21bfc19c7b36c30cdab19a5ed5c4de628
Size

9.5MB
MD5

8e23409ec904fb398a4af2a5c30e96de
SHA1

15dfb34b0edbf006815e9323a1de36b42c49c216
SHA256

ab4b18926f257b73cd707004147e7bd21bfc19c7b36c30cdab19a5ed5c4de628
SHA512

fa8df1ca533543fdc98a90cd503e4d8c05ae9677c64479c3d93db5ca9665956ea724d4f6516982da8152aaf1f23d3283fc34b079cd85a8df2ee2c83db6b9d311
SSDEEP

196608:kXuiN6Xxnb6cmJRzk3Cc2rw4yXmleyDfpvK1w06QDB2eo5bfOkAZZw:pxxyzkyHM4esfmwKIeWbf+Lw

Score

8^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/滻ϷĿ¼ͬļmir3.dat/Mir3.dat	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Mir3Bot.dll	vmprotect

Files

ab4b18926f257b73cd707004147e7bd21bfc19c7b36c30cdab19a5ed5c4de628
.zip
Mir3Bot.dll
.dll windows x86

c0254dfbd60c91c030665721c41812b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA

kernel32

FindResourceExW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetTimer

ole32

CLSIDFromString

oleaut32

VariantClear

shlwapi

PathFindExtensionA

gdi32

TextOutA

gdiplus

GdiplusStartup

msvcp100

?_Xlength_error@std@@YAXPBD@Z

winmm

mciSendCommandA

netapi32

Netbios

comctl32

ord17

ws2_32

inet_addr

msvcr100

memcpy

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Readme-˵.html
TeYou.dll
.dll regsvr32 windows x86

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord518
ord662
ord593
ord594
ord595
ord598
ord631
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord569
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord716
ord717
ProcCallEngine
ord535
ord644
ord570
ord648
ord571
ord573
ord578
ord685
ord101
ord102
ord103
ord104
ord610
ord105
ord612
ord617
ord619
ord546

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/BOSS.mp3
config/PK.mp3
config/default.ini
config/˽.mp3
config/Ѳߵ.txt
config/.mp3
config/.dat
config/.mp3
config/سƷ.dat
config/ű.mp3
config/Ʒ.dat
config/֤.mp3
eyou.dll
.dll regsvr32 windows x86

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord518
ord662
ord593
ord594
ord595
ord598
ord631
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord569
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord716
ord717
ProcCallEngine
ord535
ord644
ord570
ord648
ord571
ord573
ord578
ord685
ord101
ord102
ord103
ord104
ord610
ord105
ord612
ord617
ord619
ord546

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ʹͼƬ˵̳/0¼.jpg
.jpg
ʹͼƬ˵̳/10ͼѲߵ.jpg
.jpg
ʹͼƬ˵̳/11.jpg
.jpg
ʹͼƬ˵̳/12Ʒ.jpg
.jpg
ʹͼƬ˵̳/13űս.jpg
.jpg
ʹͼƬ˵̳/1HOEM.jpg
.jpg
ʹͼƬ˵̳/2ѡ.jpg
.jpg
ʹͼƬ˵̳/3.JPG
.jpg
ʹͼƬ˵̳/4ʿְҵ.jpg
.jpg
ʹͼƬ˵̳/5սʿְҵ.jpg
.jpg
ʹͼƬ˵̳/6ʦְҵ.jpg
.jpg
ʹͼƬ˵̳/7սʿ.jpg
.jpg
ʹͼƬ˵̳/8ʦ.JPG
.jpg
ʹͼƬ˵̳/9ʿ.JPG
.jpg
ʹͼƬ˵̳/Aôѹby.jpg
.jpg
ʹͼƬ˵̳/Bɱ˳.jpg
.jpg
ʹͼƬ˵̳/Thumbs.db
ͼʹý˵.docx
.docx office2007
߻Ұװ.exe
.exe windows x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d
Signer

Actual PE Digest

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

19-03-2010 16:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3ֹ.docx
.docx office2007
¼.exe
.exe windows x86

0ab09e00f1e0dfc44d4ffc7cbf61a451

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
CloseHandle
GetModuleFileNameA
LoadLibraryA
GetPrivateProfileStringA
OutputDebugStringA
CreateProcessA
VirtualAllocEx
WriteProcessMemory
Sleep
CreateRemoteThread
VirtualFreeEx
ResumeThread
WideCharToMultiByte
CreateMutexA
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetStringTypeW
LCMapStringW
WritePrivateProfileStringA
MultiByteToWideChar
RtlUnwind
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetFileType
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
FlushFileBuffers

user32

GetWindowTextA
LoadIconA
SendMessageA
DialogBoxParamA
wsprintfA
SetForegroundWindow
SetWindowTextA
FindWindowA
MessageBoxA
ShowWindow
EndDialog
SetWindowPos
GetSystemMetrics
GetWindowRect
GetDlgItem
SetDlgItemTextA

comdlg32

GetOpenFileNameA

shell32

DragFinish
DragQueryFileA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathFileExistsA

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
滻ϷĿ¼ͬļmir3.dat/Mir3.dat
.exe windows x86

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-07-2011 00:00

Not After

13-09-2012 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:5e:02:18:ca:e8:8e:3f:ea:4e:43:df:8d:5c:05:d0:85:cc:20:ac
Signer

Actual PE Digest

7b:5e:02:18:ca:e8:8e:3f:ea:4e:43:df:8d:5c:05:d0:85:cc:20:ac

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

19-05-2012 12:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 603KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ϸ˵.txt
Ϸ滻汾ͼƬ˵/Thumbs.db
Ϸ滻汾ͼƬ˵/ճ3Ŀ¼.jpg
.jpg
Ϸ滻汾ͼƬ˵/߻Ұװ.jpg
.jpg
Ϸ滻汾ͼƬ˵/mir3.datļ.jpg
.jpg
Ϸ滻汾ͼƬ˵/ҵ3Ŀ¼.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

c0254dfbd60c91c030665721c41812b1

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

kernel32

user32

ole32

oleaut32

shlwapi

gdi32

gdiplus

msvcp100

winmm

netapi32

comctl32

ws2_32

msvcr100

dbghelp

Sections

.text Size: - Virtual size: 382KB

.rdata Size: - Virtual size: 56KB

.data Size: - Virtual size: 33KB

.rsrc Size: 5KB - Virtual size: 20KB

.vmp0 Size: - Virtual size: 33KB

.vmp1 Size: - Virtual size: 1.7MB

.vmp2 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 512B - Virtual size: 64B

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.data Size: - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

6b070756e4dc7f07221bc74d3c190636

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.data Size: - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3dSigner

Signature Validations

Verification

19-03-2010 16:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: - Virtual size: 382KB

.rdata
Size: - Virtual size: 56KB

.data
Size: - Virtual size: 33KB

.rsrc
Size: 5KB - Virtual size: 20KB

.vmp0
Size: - Virtual size: 33KB

.vmp1
Size: - Virtual size: 1.7MB

.vmp2
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 512B - Virtual size: 64B

.text
Size: 44KB - Virtual size: 41KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 41KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d
Signer

19-03-2010 16:38
Valid: false

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 4.8MB - Virtual size: 5KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 196KB - Virtual size: 195KB

.reloc
Size: 6KB - Virtual size: 6KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

75:ce:6e:67:4d:4b:d1:f2:98:b2:00:ba:6a:1d:a0:79
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:5e:02:18:ca:e8:8e:3f:ea:4e:43:df:8d:5c:05:d0:85:cc:20:ac
Signer

19-05-2012 12:51
Valid: false

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 603KB - Virtual size: 604KB

.rsrc
Size: 16KB - Virtual size: 16KB