1160391b1ba1240486aea760257e27ceb6432b0f11598cca0db56615d243853f

Sharing

Copy URL Twitter E-mail

General

Target

1160391b1ba1240486aea760257e27ceb6432b0f11598cca0db56615d243853f
Size

816KB
MD5

66cb92a705e9e9d759fa252138ad4631
SHA1

916700c03a732f9306527791c7bdf152ca609afe
SHA256

1160391b1ba1240486aea760257e27ceb6432b0f11598cca0db56615d243853f
SHA512

44674994f8abe261b1ae09e5730c2f16c05a3a70f5fde0ce978937f507677debd5d05635823dab70662c2cec46bd25eefcb1ce1c53fde448a93aae700400bc2a
SSDEEP

24576:HgcedDncHvYKyDq/Uuo4QihMWGLCne1n7HITcRHvdwjouE:H9ocPYLDZKb3OVncAFvdwjouE

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/401hkЧ3306/libmySQL.dll	acprotect
static1/unpack001/401hkЧ3306/udf.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/401hkЧ3306/BaoPo.exe	upx
static1/unpack001/401hkЧ3306/libmySQL.dll	upx
static1/unpack001/401hkЧ3306/udf.dll	upx

Files

1160391b1ba1240486aea760257e27ceb6432b0f11598cca0db56615d243853f
.zip
401hkЧ3306/401̳3306Ч.exe
.exe windows x86

1c66af57c40be9194e50f7852c391ba4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharPrevA
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualQuery
SizeofResource
SetFilePointer
SetFileAttributesA
SetEvent
SetEnvironmentVariableA
SetEndOfFile
ResetEvent
ReadFile
LockResource
LoadResource
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetVersionExA
GetThreadLocale
GetTempFileNameA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCommandLineA
GetCPInfo
FreeResource
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LC
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
401hkЧ3306/BaoPo.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
401hkЧ3306/dat.exe
.exe windows x86

80129452aa57fbe98ce6651c0aacb1e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA
GetSystemMetrics
ExitWindowsEx

kernel32

CreatePipe
GetStartupInfoA
CreateProcessA
CreateThread
TerminateThread
PeekNamedPipe
ReadFile
GetExitCodeProcess
WriteFile
GetVersionExA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
Sleep
WaitForSingleObject
CreateFileA
WritePrivateProfileStringA
GetTempPathA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatusEx
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetShortPathNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
CreateMutexA
GetModuleHandleA
LCMapStringA

ws2_32

inet_ntoa
gethostbyname
gethostname
WSACleanup
getpeername
send
getsockopt
select
recvfrom
sendto
recv
connect
inet_addr
htons
socket
closesocket
WSAStartup
ioctlsocket

advapi32

RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
SetServiceStatus
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
ChangeServiceConfigA
DeleteService
RegisterServiceCtrlHandlerA
RegOpenKeyA
StartServiceCtrlDispatcherA

msvcrt

sprintf
??3@YAXPAX@Z
__CxxFrameHandler
_CIfmod
strncpy
_ftol
??2@YAPAXI@Z
tolower
strtod
strchr
free
malloc
memmove
modf
_strnicmp
strncmp
strrchr
atoi

shlwapi

PathFileExistsA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
401hkЧ3306/libmySQL.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_get_ssl_cipher
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
401hkЧ3306/pass.txt
401hkЧ3306/reg.reg
401hkЧ3306/s.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsrc
Size: 204B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
401hkЧ3306/system.ini
401hkЧ3306/udf.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ShellExe
ShellExe_deinit
ShellExe_init

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
401hkЧ3306/user.txt
401hkЧ3306/˵.txt

Sharing

General

Malware Config

Signatures

Files

1c66af57c40be9194e50f7852c391ba4

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Sections

.text Size: 66KB - Virtual size: 65KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 31KB - Virtual size: 30KB

.LC Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 100KB

UPX1 Size: 22KB - Virtual size: 24KB

UPX2 Size: 512B - Virtual size: 4KB

80129452aa57fbe98ce6651c0aacb1e5

Headers

File Characteristics

Imports

user32

kernel32

ws2_32

advapi32

msvcrt

shlwapi

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 51KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 704KB - Virtual size: 704KB

UPX2 Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

code Size: - Virtual size: 100KB

text Size: 6KB - Virtual size: 8KB

rsrc Size: 204B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 13KB - Virtual size: 16KB

UPX2 Size: 512B - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 65KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 31KB - Virtual size: 30KB

.LC
Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 100KB

UPX1
Size: 22KB - Virtual size: 24KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 51KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 704KB - Virtual size: 704KB

UPX2
Size: 4KB - Virtual size: 8KB

code
Size: - Virtual size: 100KB

text
Size: 6KB - Virtual size: 8KB

rsrc
Size: 204B - Virtual size: 4KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 13KB - Virtual size: 16KB

UPX2
Size: 512B - Virtual size: 4KB