1de9ebd57b7a934e72be05d08e2921ff2afca6ae3bb87bd0e0f7feedeb25e982

Sharing

Copy URL Twitter E-mail

General

Target

1de9ebd57b7a934e72be05d08e2921ff2afca6ae3bb87bd0e0f7feedeb25e982
Size

20.2MB
MD5

ecbc77c631cf52177fdb6532916d106f
SHA1

5fc99ee0ab24f9a2c19cc222b904f8128e8ca210
SHA256

1de9ebd57b7a934e72be05d08e2921ff2afca6ae3bb87bd0e0f7feedeb25e982
SHA512

41e3c17d8a9039a1e4b2c1d0efc50396e68bd3167dc11d14f5fa1dbe1e37d5b81c3f243184cc4683cfec7723c874d7080c04c6aa547ba8db741d36471ecf498e
SSDEEP

393216:CZijoU7/37eTKkEn+JWxCL+mxvUykX/gWZgsbosAg8D5ERm0c3+0GNJBgFWK6Xj:rjo+37eTKk3Jmg+mxsl/gWZm5ERm0c3O

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Daqiangm.dll	acprotect
static1/unpack001/Hexinmk.dll	acprotect

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Daqiangm.dll	upx
static1/unpack001/Dengluq.dll	upx
static1/unpack001/Hexinmk.dll	upx
static1/unpack001/忆千年.exe	upx
static1/unpack001/忆千年云加速器.exe	upx

Files

1de9ebd57b7a934e72be05d08e2921ff2afca6ae3bb87bd0e0f7feedeb25e982
.rar
Daqiangm.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Men_1000da
��_��ж�

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 582KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 908KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dengluq.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 968KB - Virtual size: 967KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hexinmk.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

IsDebuggerPresent

Sections

UPX0
Size: - Virtual size: 1024KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 680KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dusk.bmp
dusk.map
dusk.smp
duskobj.obj
duskrof.obj
dusktil.til
item.atz
logdq.bmp
logon.bmp
selchrdaq.bmp
selectchar.bmp
small02.bmp
tomb1.bmp
tomb2.bmp
upbottom.bmp
忆千年.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
忆千年云加速器.exe
.exe windows x86

Code Sign

92:de:0a:e8:9a:62:d7:76:5a:bd:2c:07:56:82:2f:2a:6d:64:ae:a4
Signer

Actual PE Digest

92:de:0a:e8:9a:62:d7:76:5a:bd:2c:07:56:82:2f:2a:6d:64:ae:a4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 343KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
忆千年云加速器.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 582KB - Virtual size: 584KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 908KB - Virtual size: 904KB

.rdata Size: 344KB - Virtual size: 341KB

.data Size: 108KB - Virtual size: 304KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 108KB - Virtual size: 105KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 3.9MB - Virtual size: 3.9MB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 968KB - Virtual size: 967KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 100KB - Virtual size: 370KB

.rsrc Size: 24KB - Virtual size: 23KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1024KB

UPX1 Size: 544KB - Virtual size: 544KB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 524KB - Virtual size: 521KB

.rdata Size: 680KB - Virtual size: 677KB

.data Size: 80KB - Virtual size: 227KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 84KB - Virtual size: 81KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 420KB

UPX1 Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 440KB - Virtual size: 437KB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 60KB - Virtual size: 208KB

.rsrc Size: 24KB - Virtual size: 23KB

Code Sign

92:de:0a:e8:9a:62:d7:76:5a:bd:2c:07:56:82:2f:2a:6d:64:ae:a4Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 343KB - Virtual size: 344KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 582KB - Virtual size: 584KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 908KB - Virtual size: 904KB

.rdata
Size: 344KB - Virtual size: 341KB

.data
Size: 108KB - Virtual size: 304KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 108KB - Virtual size: 105KB

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 3.9MB - Virtual size: 3.9MB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 968KB - Virtual size: 967KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 100KB - Virtual size: 370KB

.rsrc
Size: 24KB - Virtual size: 23KB

UPX0
Size: - Virtual size: 1024KB

UPX1
Size: 544KB - Virtual size: 544KB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: 524KB - Virtual size: 521KB

.rdata
Size: 680KB - Virtual size: 677KB

.data
Size: 80KB - Virtual size: 227KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 84KB - Virtual size: 81KB

UPX0
Size: - Virtual size: 420KB

UPX1
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: 440KB - Virtual size: 437KB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 60KB - Virtual size: 208KB

.rsrc
Size: 24KB - Virtual size: 23KB

92:de:0a:e8:9a:62:d7:76:5a:bd:2c:07:56:82:2f:2a:6d:64:ae:a4
Signer

01/01/0001, 00:00
Valid: false

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 343KB - Virtual size: 344KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB