b2b9b97ee97f9c32f9f870a521d9f553181ff004a6aaea931b3c13f8050ab829

Sharing

Copy URL

Twitter E-mail

General

Target

b2b9b97ee97f9c32f9f870a521d9f553181ff004a6aaea931b3c13f8050ab829
Size

2.5MB
MD5

123dd76054ffb16de01f86ebc7143af1
SHA1

cd0b30f449ee240bc2a12d1d63bf44b9f086f3a1
SHA256

b2b9b97ee97f9c32f9f870a521d9f553181ff004a6aaea931b3c13f8050ab829
SHA512

24cfa3ebab7b4988e4ff3b2ccb121a536e3494a1f1528f7b9d0230f5e73f8dee7aeba344735300a4f831960d91cfae3448cebe1ced174f2af0f99f0df9830b0f
SSDEEP

49152:VgxQAyKvAhBRjBUBC0QpnuSEBDLRmHBS9NkjG/YEIP/mWd+2k9txHNTb9FXzKuwQ:V0QAyqAhnjBWC00n/EUIW+3S+dtTBFXf

Score

9^/10

upx vmprotect

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
static1/unpack001/momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/jedata.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/jedata.dll	upx
static1/unpack001/momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/米乐营销 - 旺旺状态检测测试版.exe	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/补丁.exe	vmprotect

Files

b2b9b97ee97f9c32f9f870a521d9f553181ff004a6aaea931b3c13f8050ab829
.rar
momicAlar_gpxz/!)支持我们的网站.cmd
momicAlar_gpxz/@使用帮助.cmd
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/BaiDu_谷普下载.url
.url
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/ConfigCenter.dll
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/config.ini
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/jedata.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/皮肤.she
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/米乐营销 - 旺旺状态检测测试版.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 920KB - Virtual size: 919KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 936KB - Virtual size: 933KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/补丁.exe
.exe windows x86

7afc9b2527694ffb252d1d65f886c198

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadCursorA

gdi32

ScaleViewportExtEx

winmm

waveOutReset

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ord17

ws2_32

recv

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
momicAlar_gpxz/哥乖.url
.url
momicAlar_gpxz/在线游戏.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 920KB - Virtual size: 919KB

.rdata Size: 936KB - Virtual size: 933KB

.data Size: 68KB - Virtual size: 362KB

.rsrc Size: 40KB - Virtual size: 38KB

7afc9b2527694ffb252d1d65f886c198

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 431KB

.rdata Size: - Virtual size: 162KB

.data Size: - Virtual size: 133KB

.vmp0 Size: - Virtual size: 864KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 920KB - Virtual size: 919KB

.rdata
Size: 936KB - Virtual size: 933KB

.data
Size: 68KB - Virtual size: 362KB

.rsrc
Size: 40KB - Virtual size: 38KB

.text
Size: - Virtual size: 431KB

.rdata
Size: - Virtual size: 162KB

.data
Size: - Virtual size: 133KB

.vmp0
Size: - Virtual size: 864KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 8KB - Virtual size: 4KB