0e92265775d3bbe2e306c907954a478dcfccce4668f948553345eb8351ba6ad5

Sharing

Copy URL Twitter E-mail

General

Target

0e92265775d3bbe2e306c907954a478dcfccce4668f948553345eb8351ba6ad5
Size

2.2MB
MD5

46273edaacff935c4be79be1510fac52
SHA1

5fc0fc8b9f49837aea60f07ef81ee6528cfaed09
SHA256

0e92265775d3bbe2e306c907954a478dcfccce4668f948553345eb8351ba6ad5
SHA512

e5b07078f84c5c7fd0ad4b421621f3b2719d1a67ffe3969ad615e8eef180ac3c67b25322cec7dba2fc2a1f2b4c3d5f002350313a020ce4d1a62e9c4569584beb
SSDEEP

49152:JPSufAstSpKLJzx+v9ZEWcX1zp9RxnELMqt4+/VXtA1:nIscpcw9ZEWIjHnGhttA1

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/17lexiaoyao.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/17lexiaoyao.dll	upx

Files

0e92265775d3bbe2e306c907954a478dcfccce4668f948553345eb8351ba6ad5
.zip
17lexiaoyao.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 836KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 787KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Wu,e=-v1
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

d"DlE.(t
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SWJQFv)V
Size: 28KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4%HV?hD%
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

b9!Q(!x)
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bOu0.*[8
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MWK4V^w[
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plug365.dll
.dll regsvr32 windows x86

6f9b79e18b894ae2dbed432774b3877f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLineInputStr
__vbaAptOffset
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaStrCat
__vbaVarCmpNe
ord660
ord553
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaNameFile
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaExitProc
__vbaVarForInit
ord593
__vbaFileCloseAll
ord594
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaStrFixstr
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
__vbaVarTstLt
__vbaRefVarAry
__vbaFpR8
_CIsin
__vbaErase
ord631
__vbaVarZero
__vbaVargVarMove
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarAbs
__vbaGet3
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
ord710
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
__vbaVarDiv
__vbaR8ErrVar
ord608
ord716
ord531
__vbaFPException
ord717
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
ord536
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaVarCmpLt
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaVarTstGe
__vbaFpI4
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord619
__vbaStrVarCopy
__vbaForEachVar
ord542
ord543
ord650
_allmul
ord544
__vbaVarLateMemCallSt
ord545
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord580
__vbaI4ErrVar
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dm.dll
.dll regsvr32 windows x86

9b1df1a739adbaa456f9091f71f54c03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord567

msvcrt

_ftol

user32

SetWindowsHookExA

gdi32

DeleteDC

advapi32

AdjustTokenPrivileges

shell32

SHGetPathFromIDListW

ole32

CoSetProxyBlanket

oleaut32

SysFreeString

version

GetFileVersionInfoSizeA

ws2_32

htonl

winmm

timeGetTime

imm32

ImmInstallIMEA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 585KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
img/d.bmp
img/h.bmp
img/h1.bmp
img/l.bmp
img/m.bmp
img/r.bmp
img/u.bmp
lxy.dll
.dll regsvr32 windows x86

1c58fa39c8903d207d9bd1de7c8e6dbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaVarCmpNe
__vbaError
__vbaSetSystemError
ord661
__vbaHresultCheckObj
ord662
ord557
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaExitProc
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
_adj_fdivr_m16i
ord304
__vbaVarIndexLoad
ord520
ord309
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaVargVarMove
ord632
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaAryConstruct2
__vbaDateR8
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
ord310
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord312
ord711
ord712
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaVarCmpLe
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaInStr
__vbaVar2Vec
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord610
ord105
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaVarMod
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
ord617
__vbaVarSetObjAddref
_CIatan
__vbaI2ErrVar
__vbaStrMove
ord619
ord650
_allmul
__vbaLenVarB
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ϲϴ.exe
.exe windows x86

27fd204274719266d05749fb0922c8bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaVarIndexStore
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
__vbaError
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaBoolVarNull
__vbaRefVarAry
__vbaVarTstLt
_CIsin
__vbaErase
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaVarOr
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaRedimVar
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord645
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaFreeVarg
__vbaVarMod
__vbaFpI4
__vbaVarCopy
__vbaVarTstGe
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
__vbaLenVarB
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 836KB

UPX1 Size: 787KB - Virtual size: 788KB

.rsrc Size: 42KB - Virtual size: 44KB

Headers

File Characteristics

Exports

Exports

Sections

Wu,e=-v1 Size: 912KB - Virtual size: 910KB

d"DlE.(t Size: 84KB - Virtual size: 81KB

SWJQFv)V Size: 28KB - Virtual size: 108KB

4%HV?hD% Size: 44KB - Virtual size: 40KB

b9!Q(!x) Size: 48KB - Virtual size: 45KB

bOu0.*[8 Size: 352KB - Virtual size: 349KB

MWK4V^w[ Size: 40KB - Virtual size: 38KB

6f9b79e18b894ae2dbed432774b3877f

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 9KB

9b1df1a739adbaa456f9091f71f54c03

Headers

File Characteristics

Imports

kernel32

mfc42

msvcrt

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

ws2_32

winmm

imm32

Exports

Exports

Sections

.text Size: 585KB - Virtual size: 1.3MB

.rsrc Size: 52KB - Virtual size: 56KB

.reloc Size: 512B - Virtual size: 4KB

1c58fa39c8903d207d9bd1de7c8e6dbb

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

27fd204274719266d05749fb0922c8bb

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 836KB

UPX1
Size: 787KB - Virtual size: 788KB

.rsrc
Size: 42KB - Virtual size: 44KB

Wu,e=-v1
Size: 912KB - Virtual size: 910KB

d"DlE.(t
Size: 84KB - Virtual size: 81KB

SWJQFv)V
Size: 28KB - Virtual size: 108KB

4%HV?hD%
Size: 44KB - Virtual size: 40KB

b9!Q(!x)
Size: 48KB - Virtual size: 45KB

bOu0.*[8
Size: 352KB - Virtual size: 349KB

MWK4V^w[
Size: 40KB - Virtual size: 38KB

.text
Size: 104KB - Virtual size: 103KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 585KB - Virtual size: 1.3MB

.rsrc
Size: 52KB - Virtual size: 56KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 25KB