7f01a143014e54fea66d7b40186842b78a421a52ca02a616f06d84c9274651cf

Sharing

Copy URL

Twitter E-mail

General

Target

7f01a143014e54fea66d7b40186842b78a421a52ca02a616f06d84c9274651cf
Size

380KB
MD5

373b43d5bd25ceb2789cc4653b7377b5
SHA1

1d38d0c189cd32eb4d936cb7ae292e44544547b9
SHA256

7f01a143014e54fea66d7b40186842b78a421a52ca02a616f06d84c9274651cf
SHA512

9bdd5d36a3dccc97e08446d9a55a3bfc716117f6d4dd8fc824ab8991135b123be789dd17bde1513eab588aeb563d52a104ebf5ffc0c880e35964ebfa74f9b77d
SSDEEP

6144:1K30pk+Gl6xqWM3t4xnmIc4T/zwEPvRg/i3wobnjuU31NPsse:lpk+7qW44R17zjqaAofh5sse

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/g.exe	aspack_v212_v242

Files

7f01a143014e54fea66d7b40186842b78a421a52ca02a616f06d84c9274651cf
.rar
LetGo.exe
.exe windows x86

c29c6ca45e329d9c2c0adecf5410be05

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
GetCurrentProcessId
FreeLibrary
WinExec
GetProcAddress
LoadLibraryA
CreateThread
CloseHandle
WaitForSingleObject
GetModuleFileNameA
ExitProcess
GetLastError
CreateMutexA
lstrlenA
lstrcpyA
CopyFileA
lstrcatA
GetSystemDirectoryA
GetModuleHandleA
GetSystemInfo
GetVersionExA
GetSystemDefaultUILanguage
LocalAlloc
InterlockedExchange
RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
LCMapStringW

Exports

Exports

AxMessageBox

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NewRat.exe
.exe windows x86

d55e6f6a33a0644b40039759a458f449

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
Sleep
ExitProcess
OutputDebugStringA
ReleaseMutex
GetTempPathA
WaitForSingleObject
GetLastError
CreateMutexA
GetStartupInfoA
GlobalMemoryStatusEx
GetSystemInfo
lstrcpyA
GetSystemDefaultUILanguage
GetSystemDirectoryA
ExitThread
CloseHandle
FreeLibrary
LoadLibraryA
GetProcAddress
OpenMutexA
lstrcatA

user32

wsprintfA
GetDesktopWindow

advapi32

RegOpenKeyExA
StartServiceCtrlDispatcherA
CreateServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegQueryValueExA

shell32

ShellExecuteA

msvcrt

strchr
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy
realloc
malloc
atoi
strncpy
strcspn
strstr
exit
sprintf
__CxxFrameHandler
_CxxThrowException
free
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

ws2_32

send
WSAStartup
select
__WSAFDIsSet
closesocket
recv
setsockopt
WSAIoctl
sendto
inet_addr
htons
socket
connect
shutdown
gethostbyname
WSACleanup

netapi32

NetUserAdd
NetLocalGroupAddMembers

shlwapi

SHDeleteKeyA

iphlpapi

GetIfTable

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WEBserver.exe
.exe windows x86

c04cac77e8138c0c83d28165e5d5784a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetStartupInfoA

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_XcptFilter
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_adjust_fdiv

Sections

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
g.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

BBB
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 48KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AAA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TTT
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.998652
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
smss.exe
.exe windows x86

0c95b116df2c95c4e820e230bc565c90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_onexit
_lock
_decode_pointer
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__dllonexit
_strnicmp
?terminate@@YAXXZ
_stricmp
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_beginthreadex
realloc
strncat
_errno
strncmp
atoi
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
malloc
strchr
memmove
ceil
strstr
memcpy
memset
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z

shlwapi

SHDeleteKeyA

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
Sleep
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CancelIo
lstrcpyA
lstrlenA
lstrcatA
FreeLibrary
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
GetModuleFileNameA
SetLastError
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
OpenProcess
ExitProcess
SetFileAttributesA
MoveFileExA
GetTickCount
GetTempPathA
GetLocalTime
HeapFree
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GetSystemInfo
DefineDosDeviceA
LocalSize
Process32Next
lstrcmpiA
GetCurrentThreadId

user32

SetProcessWindowStation
SetRect
GetDC
ReleaseDC
GetCursorInfo
SystemParametersInfoA
GetWindowThreadProcessId
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
DestroyCursor
GetKeyState
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
GetUserObjectInformationA
PostMessageA
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
CloseClipboard
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
GetWindowTextA
GetAsyncKeyState
LoadCursorA

gdi32

CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC
DeleteObject

advapi32

DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
LookupAccountSidA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
ControlService
QueryServiceStatus
OpenServiceA
RegSetValueExA
RegCreateKeyA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegSetKeySecurity
InitializeSecurityDescriptor
AddAccessAllowedAce

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveInStart
waveInPrepareHeader
waveOutClose
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

getpeername
accept
listen
__WSAFDIsSet
gethostname
recvfrom
sendto
bind
getsockname
ntohs
inet_addr
inet_ntoa
socket
gethostbyname
htons
connect
WSAIoctl
select
recv
send
setsockopt
closesocket
WSAStartup
WSACleanup

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

BBB
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TTT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.998652
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svshost.exe
.exe windows x86

06e00b0d891c42466a00d45ef2ce76ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
FreeLibrary
GetModuleHandleA
GetStartupInfoA

msvcrt

__CxxFrameHandler
_CxxThrowException
memset
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memcpy
??3@YAXPAX@Z

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c29c6ca45e329d9c2c0adecf5410be05

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 32KB - Virtual size: 32KB

d55e6f6a33a0644b40039759a458f449

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

netapi32

shlwapi

iphlpapi

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

c04cac77e8138c0c83d28165e5d5784a

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.data Size: 87KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 916B

Headers

DLL Characteristics

File Characteristics

Sections

BBB Size: 1KB - Virtual size: 4KB

.text Size: 48KB - Virtual size: 100KB

AAA Size: 1024B - Virtual size: 4KB

TTT Size: 3KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 16KB

.998652 Size: 512B - Virtual size: 4KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

0c95b116df2c95c4e820e230bc565c90

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

msvcp90

ws2_32

wininet

avicap32

msvfw32

psapi

wtsapi32

Sections

BBB Size: 2KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.data
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 916B

BBB
Size: 1KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 100KB

AAA
Size: 1024B - Virtual size: 4KB

TTT
Size: 3KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 16KB

.998652
Size: 512B - Virtual size: 4KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

BBB
Size: 2KB - Virtual size: 2KB

.text
Size: 98KB - Virtual size: 97KB

AAA
Size: 1KB - Virtual size: 1KB

TTT
Size: 5KB - Virtual size: 4KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 13KB - Virtual size: 12KB

.998652
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 170KB - Virtual size: 170KB

.rsrc
Size: 1024B - Virtual size: 1004B