895fb9ef43f9082daf82772a690c44b56358e36cdf12c9d49755c2ba72313137

Sharing

Copy URL Twitter E-mail

General

Target

895fb9ef43f9082daf82772a690c44b56358e36cdf12c9d49755c2ba72313137
Size

2.7MB
MD5

8f3d65d89002feb0a19a170ae70952c3
SHA1

5d666e8612e1757dd4a1d1f992b553819af4f396
SHA256

895fb9ef43f9082daf82772a690c44b56358e36cdf12c9d49755c2ba72313137
SHA512

0285553a442e97dde2b5e199503b9fb382ad765039394c62b68ae2ca0a64e63c7fec0688916bf7600778005789d4f6547d1dd6474b03ac6340f1055bf3db2e5b
SSDEEP

49152:ddSJti5h5DjGPwsys9nytReFoBMshz14qIId4Xjk8Yu43zOEQ1e:CJti5DyPKcnytReFkMqz14qIIdYbYX3V

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/IEscan/UPdate.exe	aspack_v212_v242

Files

895fb9ef43f9082daf82772a690c44b56358e36cdf12c9d49755c2ba72313137
.rar
IEscan/IEscan-key.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IEscan/IEscan.exe
.exe windows x86

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcatA
InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

2
Size: 284KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

4
Size: 46KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MCTeam
Size: 512B - Virtual size: 512B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IEscan/UPdate.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

0
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 41KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 44KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IEscan/使用说明.txt
IEscan/绿色下载站首页.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

code Size: - Virtual size: 40KB

text Size: 11KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 8KB

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

Imports

kernel32

user32

Sections

0 Size: 1KB - Virtual size: 4KB

1 Size: 512B - Virtual size: 4KB

2 Size: 284KB - Virtual size: 676KB

3 Size: 2KB - Virtual size: 4KB

4 Size: 46KB - Virtual size: 72KB

5 Size: 3KB - Virtual size: 4KB

6 Size: 7KB - Virtual size: 32KB

.MCTeam Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

0 Size: 2KB - Virtual size: 4KB

1 Size: 512B - Virtual size: 4KB

2 Size: 41KB - Virtual size: 48KB

3 Size: 3KB - Virtual size: 4KB

4 Size: 44KB - Virtual size: 72KB

5 Size: 1KB - Virtual size: 4KB

6 Size: 7KB - Virtual size: 32KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

code
Size: - Virtual size: 40KB

text
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 8KB

0
Size: 1KB - Virtual size: 4KB

1
Size: 512B - Virtual size: 4KB

2
Size: 284KB - Virtual size: 676KB

3
Size: 2KB - Virtual size: 4KB

4
Size: 46KB - Virtual size: 72KB

5
Size: 3KB - Virtual size: 4KB

6
Size: 7KB - Virtual size: 32KB

.MCTeam
Size: 512B - Virtual size: 512B

0
Size: 2KB - Virtual size: 4KB

1
Size: 512B - Virtual size: 4KB

2
Size: 41KB - Virtual size: 48KB

3
Size: 3KB - Virtual size: 4KB

4
Size: 44KB - Virtual size: 72KB

5
Size: 1KB - Virtual size: 4KB

6
Size: 7KB - Virtual size: 32KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB