d3430ae77feb92accbaee6d0949320b81213d483e97da323b4aa678d3a36e722

Sharing

Copy URL Twitter E-mail

General

Target

d3430ae77feb92accbaee6d0949320b81213d483e97da323b4aa678d3a36e722
Size

544KB
MD5

153296941cc9aa5de7ec2275b4fc158e
SHA1

b1544f32af46af04daf2c1941d793b46bd7dc6be
SHA256

d3430ae77feb92accbaee6d0949320b81213d483e97da323b4aa678d3a36e722
SHA512

69522d39a1828e2fe66985162ef90989d9e3e6073e75eb75832bc918f8367b9303151e0f1e43a74793e04c62e07c5abe744c9e9dd8a108d38c6a757fbe3de046
SSDEEP

12288:1tjYN0UosJOqYmTUqk6S8zhg8j9XOPsR3wkg6gJAht6l:XkToUzfaslBjUPsA6HY

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/FTPasRec.dll	aspack_v212_v242

Files

d3430ae77feb92accbaee6d0949320b81213d483e97da323b4aa678d3a36e722
.rar
1001下载乐园.url
.url
FTPasRec.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 205KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FTPasRec1.exe
.exe windows x86

df455b49b642738d35605d93306ce55b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegQueryValueA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create
InitCommonControls
ImageList_DrawIndirect
ImageList_AddMasked

gdi32

GetClipBox
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
GetDeviceCaps
CreatePen
CreatePatternBrush
SetRectRgn
GetTextMetricsA
PatBlt
CreateFontA
GetCharWidthA
CreatePalette
CreateDIBitmap
Ellipse
RealizePalette
DeleteObject
GetStockObject
SelectObject
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BeginPath
EndPath
StrokeAndFillPath
GetObjectA
GetTextExtentPoint32A
CreatePolygonRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetCurrentObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPointA
BitBlt

kernel32

GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GetProfileStringA
InterlockedExchange
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetCurrentThread
LocalFree
lstrcmpA
lstrcpynA
MulDiv
SetLastError
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SetCurrentDirectoryA
MultiByteToWideChar
GetVersion
CreateThread
Sleep
WaitForSingleObject
GetModuleFileNameA
CloseHandle
CreateMutexA
GetProcAddress
GetVersionExA
FindResourceA
LoadResource
SizeofResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
GlobalFree
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrcmpiA
SetStdHandle
GetProcAddress
lstrlen

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

shell32

ShellExecuteExA
ShellExecuteA
ShellExecuteEx

user32

IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetWindowDC
BeginPaint
EndPaint
WindowFromPoint
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageA
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
IsZoomed
DestroyMenu
CharUpperA
LoadStringA
GetClassNameA
GetSysColorBrush
SetRect
GetDCEx
LockWindowUpdate
SetParent
SetActiveWindow
SetFocus
AdjustWindowRectEx
GetTopWindow
MessageBoxA
IsChild
WinHelpA
wsprintfA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
SendDlgItemMessageA
SetForegroundWindow
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
DestroyAcceleratorTable
LoadMenuA
GetSubMenu
TranslateAcceleratorA
IsIconic
DrawIcon
LoadAcceleratorsA
LoadIconA
FindWindowA
GetDesktopWindow
RegisterWindowMessageA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
PostMessageA
CreateIconIndirect
CreateIconFromResource
DrawFocusRect
FrameRect
DrawStateA
DrawFrameControl
IsRectEmpty
GetFocus
RedrawWindow
EqualRect
CopyRect
UnionRect
LoadImageA
GetIconInfo
DestroyIcon
CopyIcon
GetDC
ReleaseDC
IsWindow
GetMessagePos
SetTimer
MessageBeep
SetWindowLongA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
CharNextA
IsWindowUnicode
LoadCursorA
KillTimer
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowRect
PtInRect
GetWindowLongA
SetCapture
GetParent
SetWindowsHookExA
UpdateWindow
GetCapture
ReleaseCapture
GetClipCursor
GetCursorPos
ClipCursor
SetCursor
GetSystemMetrics
ScreenToClient
ClientToScreen
OffsetRect
InvertRect
InvalidateRect
SetRectEmpty
GetSysColor
FillRect
SetWindowRgn
GetClientRect
SendMessageA
InflateRect
GetClassInfoA
DefWindowProcA
MapWindowPoints
PeekMessageA
GetForegroundWindow
DispatchMessageA
DestroyWindow
DestroyCursor

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 281KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
使用说明.txt
注册导入.reg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 205KB - Virtual size: 524KB

Size: 6KB - Virtual size: 16KB

Size: - Virtual size: 8KB

Size: 8KB - Virtual size: 12KB

Size: 512B - Virtual size: 4KB

Size: 20KB - Virtual size: 36KB

.rsrc Size: 11KB - Virtual size: 32KB

.data Size: 106KB - Virtual size: 108KB

.adata Size: - Virtual size: 4KB

df455b49b642738d35605d93306ce55b

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

oleaut32

shell32

user32

winspool.drv

comdlg32

ole32

Sections

.text Size: 281KB - Virtual size: 284KB

.data Size: 59KB - Virtual size: 60KB

Size: 23KB - Virtual size: 44KB

.rsrc Size: 60KB - Virtual size: 60KB

.idata Size: 8KB - Virtual size: 12KB

.rsrc
Size: 11KB - Virtual size: 32KB

.data
Size: 106KB - Virtual size: 108KB

.adata
Size: - Virtual size: 4KB

.text
Size: 281KB - Virtual size: 284KB

.data
Size: 59KB - Virtual size: 60KB

.rsrc
Size: 60KB - Virtual size: 60KB

.idata
Size: 8KB - Virtual size: 12KB