Behavioral task
behavioral1
Sample
皇者千年.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
皇者千年.exe
Resource
win10v2004-20221111-en
General
-
Target
d3caa78b2507739e54ab9050a9e165f3228f859f30fd08d0ed84314bb706c31f
-
Size
6.0MB
-
MD5
b94b7abf9d3f7302a7b7153cf21e2912
-
SHA1
411faec01b5e181c8ea9e99cdde86912959fce54
-
SHA256
d3caa78b2507739e54ab9050a9e165f3228f859f30fd08d0ed84314bb706c31f
-
SHA512
71ab02254234e425d5742d662c1e6628414ab5b847e071abbc9ce525aead52c9be9e0308903fc9b8548749ccf5bcc71511bf357e8df0e5612015746da44dc7b0
-
SSDEEP
196608:u1WsJZi151tH6Lyh2AoSiw9reXx0giQZO:uRTW9Z9CB0gfZO
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/皇者千年.exe upx
Files
-
d3caa78b2507739e54ab9050a9e165f3228f859f30fd08d0ed84314bb706c31f.rar
-
logdq.bmp
-
logon.bmp
-
selchrdaq.bmp
-
selectchar.bmp
-
华信互联.txt
-
皇者千年.exe.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 360KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 5.4MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 440KB - Virtual size: 437KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 60KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ