d4834817b9b90d3f6d758d864bc622c8936e5466f3357ff858b5f76288629ec7

Sharing

Copy URL Twitter E-mail

General

Target

d4834817b9b90d3f6d758d864bc622c8936e5466f3357ff858b5f76288629ec7
Size

20.5MB
MD5

bff4b4e3a36d09b453928331f93f052f
SHA1

4e389656d945be45dd64bdc3e6bce494f6748747
SHA256

d4834817b9b90d3f6d758d864bc622c8936e5466f3357ff858b5f76288629ec7
SHA512

eda3b777e1923f71acd13602d4e1a1eb6b4cc20c56f0b89a8a76cc2fd22866d2b5777541f1116b2dce976d084def4b0f0f898497345f08c6def12c886308d55f
SSDEEP

393216:LoklSbRkEH4V6NhStu0tQtrxXsatbF/LO+IpZ9xumIk46JWX1D3sFWgLw6I+V:cookEYV6Nh0u0tQt9sapF/fIpxjN46JD

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Daqiangm.dll	acprotect
static1/unpack001/Hexinmk.dll	acprotect
static1/unpack001/ect/Guanggao.dll	acprotect
static1/unpack001/ect/gonggaomk.dll	acprotect

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Daqiangm.dll	upx
static1/unpack001/Dengluq.dll	upx
static1/unpack001/Hexinmk.dll	upx
static1/unpack001/ect/Guanggao.dll	upx
static1/unpack001/ect/gonggaomk.dll	upx
static1/unpack001/无极千年.exe	upx

Files

d4834817b9b90d3f6d758d864bc622c8936e5466f3357ff858b5f76288629ec7
.rar
Daqiangm.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Men_1000da
��_��ж�

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 582KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 908KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dengluq.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 968KB - Virtual size: 967KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hexinmk.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

IsDebuggerPresent

Sections

UPX0
Size: - Virtual size: 1024KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 680KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dusk.bmp
dusk.map
duskobj.obj
duskrof.obj
dusktil.til
ect/Guanggao.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

�ӿ�_��_��ô��
�ӿ�_��_��Ϣ
ȡ�汾��Ϣ_D
ȡ�ӿ��Ϣ_D

Sections

UPX0
Size: - Virtual size: 776KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 321KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ect/gonggaomk.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

a_ks_gonggao
ks_gonggao

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 380KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
effect/_43.eft
effect/_48.eft
effect/_5000.eft
effect/_55.eft
effect/_7034.eft
effect/_7761.eft
item.atz
sprite/y40.Atz
tomb1.bmp
tomb2.bmp
无极千年.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 582KB - Virtual size: 584KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 908KB - Virtual size: 904KB

.rdata Size: 344KB - Virtual size: 341KB

.data Size: 108KB - Virtual size: 305KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 108KB - Virtual size: 105KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 3.9MB - Virtual size: 3.9MB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 968KB - Virtual size: 967KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 100KB - Virtual size: 370KB

.rsrc Size: 24KB - Virtual size: 23KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1024KB

UPX1 Size: 544KB - Virtual size: 544KB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 524KB - Virtual size: 521KB

.rdata Size: 680KB - Virtual size: 677KB

.data Size: 80KB - Virtual size: 227KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 84KB - Virtual size: 81KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 776KB

UPX1 Size: 321KB - Virtual size: 324KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 552KB - Virtual size: 548KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 72KB - Virtual size: 317KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 88KB - Virtual size: 87KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 380KB - Virtual size: 384KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 704KB - Virtual size: 703KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 72KB - Virtual size: 412KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 582KB - Virtual size: 584KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 908KB - Virtual size: 904KB

.rdata
Size: 344KB - Virtual size: 341KB

.data
Size: 108KB - Virtual size: 305KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 108KB - Virtual size: 105KB

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 3.9MB - Virtual size: 3.9MB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 968KB - Virtual size: 967KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 100KB - Virtual size: 370KB

.rsrc
Size: 24KB - Virtual size: 23KB

UPX0
Size: - Virtual size: 1024KB

UPX1
Size: 544KB - Virtual size: 544KB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: 524KB - Virtual size: 521KB

.rdata
Size: 680KB - Virtual size: 677KB

.data
Size: 80KB - Virtual size: 227KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 84KB - Virtual size: 81KB

UPX0
Size: - Virtual size: 776KB

UPX1
Size: 321KB - Virtual size: 324KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 552KB - Virtual size: 548KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 72KB - Virtual size: 317KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 88KB - Virtual size: 87KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 380KB - Virtual size: 384KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 704KB - Virtual size: 703KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 72KB - Virtual size: 412KB

.rsrc
Size: 72KB - Virtual size: 68KB

.reloc
Size: 100KB - Virtual size: 99KB

UPX0
Size: - Virtual size: 428KB

UPX1
Size: 5.3MB - Virtual size: 5.3MB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: 440KB - Virtual size: 437KB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 60KB - Virtual size: 208KB

.rsrc
Size: 24KB - Virtual size: 23KB