c46fac609d2f425e5ead4a9495e3610a18e4ea22385d358883f59b5a43aa0640

Sharing

Copy URL Twitter E-mail

General

Target

c46fac609d2f425e5ead4a9495e3610a18e4ea22385d358883f59b5a43aa0640
Size

2.5MB
MD5

000c46865408696e1b3453654bff15af
SHA1

2b1c4b50aaf03f1aa7713897933c0af410249f47
SHA256

c46fac609d2f425e5ead4a9495e3610a18e4ea22385d358883f59b5a43aa0640
SHA512

583a53174bdbb301ed78afa212648ab7a60d59ed0a081e79fde727dc3a2be1da487b87cedb6bdd923f1b0d30303f7216133dfaeec5fb2d16a0a284af929a80d1
SSDEEP

49152:mWjJxeKuSvH2RSFBQq6ao7vIfgQKNaFpzBj5i9ZF0fQJjEYB:5xeKuSeqovlQKMzBjAZi4Jwo

Score

9^/10

upx aspackv2

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/HugeCalc.dll	acprotect
static1/unpack001/tools//HugeCalc.dll	acprotect
static1/unpack001/tools/ѧ/ghirirsa.dll	acprotect
static1/unpack001/tools/ѧ/md.dll	acprotect
static1/unpack001/tools/ѧ/ripemd.dll	acprotect

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/tools/Ƽ/fycalcb13.exe	aspack_v212_v242
static1/unpack001/tools//CalcVoice.exe	aspack_v212_v242

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/tools//HugeCalc.dll	upx
static1/unpack001/tools/ѧ/cryptocal.exe	upx
static1/unpack001/tools/ѧ/ghirirsa.dll	upx
static1/unpack001/tools/ѧ/md.dll	upx
static1/unpack001/tools/ѧ/ripemd.dll	upx

Files

c46fac609d2f425e5ead4a9495e3610a18e4ea22385d358883f59b5a43aa0640
.zip
HugeCalc.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

HC_enableTimer
HC_gcd
HC_gcdEx
HC_gcd_v32
HC_getExportFunNums
HC_getLastError
HC_getLicenseLevel
HC_getPrime
HC_getPrimeCount
HC_getPrimeList
HC_getPrimePi
HC_getSNA
HC_getSNW
HC_getTimer
HC_getTimerStrA
HC_getTimerStrW
HC_getVerA
HC_getVerW
HC_invertMod
HC_isPrime
HC_isTerminated
HC_lcm
HC_nextPrime
HC_powMod
HC_previousPrime
HC_resetTimer
HC_seedRandom
HC_setTerminate
HI_abs
HI_add
HI_add_u32
HI_bitAnd
HI_bitLShift
HI_bitOr
HI_bitRShift
HI_bitXor
HI_ceil
HI_combination
HI_compareAbs_hi
HI_compareAbs_s32
HI_compareAbs_u32
HI_compare_hi
HI_compare_s32
HI_compare_u32
HI_decLShift
HI_decRShift
HI_delete
HI_divRem
HI_div_s32
HI_factorial
HI_factorial2
HI_fibonacci
HI_floor
HI_freeStrBuffer
HI_gcd
HI_gcdEx
HI_gcd_vhi
HI_generatePrime
HI_getBits
HI_getCount
HI_getDigits
HI_getHexStrA
HI_getHexStrW
HI_getSign
HI_getStrA
HI_getStrRadixA
HI_getStrRadixW
HI_getStrW
HI_getTailDecZeros
HI_get_s32
HI_get_s64
HI_get_u32
HI_get_u64
HI_invertMod
HI_invertMod_u32
HI_isAbsOne
HI_isEven
HI_isOdd
HI_isPrime
HI_isZero
HI_lcm
HI_lcm_v32
HI_lcm_vhi
HI_log
HI_log_u32
HI_lucas
HI_mod
HI_modPowTen
HI_mul
HI_mulMod
HI_mul_u32
HI_negate
HI_new
HI_nextPrime
HI_permutation
HI_pow
HI_powMod
HI_powMod_u32
HI_powMod_u32_u32
HI_previousPrime
HI_primeFactorial
HI_primorial
HI_product_v32
HI_product_vhi
HI_random
HI_rootRem
HI_setHexStrA
HI_setHexStrW
HI_set_hi
HI_set_hx
HI_set_rc
HI_set_s32
HI_set_s64
HI_set_strA
HI_set_strW
HI_set_u32
HI_set_u64
HI_sub
HI_sub_u32
HI_sumsOfLikePowers_v32
HI_sumsOfLikePowers_vhi
HI_swap
HI_testPrimality
HI_truncate
HX_abs
HX_add
HX_add_u32
HX_bitAnd
HX_bitLShift
HX_bitOr
HX_bitRShift
HX_bitXor
HX_ceil
HX_combination
HX_compareAbs_hx
HX_compareAbs_s32
HX_compareAbs_u32
HX_compare_hx
HX_compare_s32
HX_compare_u32
HX_delete
HX_divRem
HX_div_s32
HX_factorial
HX_factorial2
HX_fibonacci
HX_floor
HX_freeStrBuffer
HX_gcd
HX_gcdEx
HX_gcd_vhx
HX_generatePrime
HX_getBits
HX_getCount
HX_getDigits
HX_getHexStrA
HX_getHexStrW
HX_getSign
HX_getStrA
HX_getStrRadixA
HX_getStrRadixW
HX_getStrW
HX_getTailBitZeros
HX_getTextA
HX_getTextW
HX_get_s32
HX_get_s64
HX_get_u32
HX_get_u64
HX_invertMod
HX_invertMod_u32
HX_isAbsOne
HX_isBitOne
HX_isEven
HX_isOdd
HX_isPrime
HX_isZero
HX_lcm
HX_lcm_v32
HX_lcm_vhx
HX_log
HX_log_u32
HX_lucas
HX_mod
HX_modPowTwo
HX_mul
HX_mulMod
HX_mul_u32
HX_negate
HX_new
HX_nextPrime
HX_permutation
HX_pow
HX_powMod
HX_powMod_u32
HX_powMod_u32_u32
HX_previousPrime
HX_primeFactorial
HX_primorial
HX_product_v32
HX_product_vhx
HX_random
HX_rootRem
HX_setHexStrA
HX_setHexStrW
HX_setTextA
HX_setTextW
HX_set_hi
HX_set_hx
HX_set_rc
HX_set_s32
HX_set_s64
HX_set_strA
HX_set_strW
HX_set_u32
HX_set_u64
HX_sub
HX_sub_u32
HX_sumsOfLikePowers_v32
HX_sumsOfLikePowers_vhx
HX_swap
HX_testPrimality
HX_truncate
RC_clearVector
RC_convert2Radix
RC_delete
RC_getCount
RC_getRadix
RC_getSign
RC_getVector
RC_get_s32
RC_get_s64
RC_get_u32
RC_get_u64
RC_new
RC_new_strA
RC_new_strW
RC_resetRadix
RC_resetSign
RC_resetVector
RC_set_hi
RC_set_hx
RC_set_rc
RC_set_s32
RC_set_s64
RC_set_u32
RC_set_u64
RC_sumOfDigits

Sections

GxQ0
Size: - Virtual size: 6.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GxQ1
Size: 351KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cfunc.dll
.dll windows x86

d752e294794bde96faeb4ce0eb29fe2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
GetSystemTimeAsFileTime
GetStartupInfoA
GetFileType
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetCommandLineA
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
VirtualAlloc
VirtualQuery

Exports

Exports

BinToExtended

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mycalc.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

_'�{0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_'�{1
Size: 469KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_'�{2
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/32λ16Ƽ/Calc17.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

��t
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��c
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/ʵü/calc.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 34KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools//HugeCalc.chm
.chm
tools//HugeCalc.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

HC_enableTimer
HC_gcd
HC_gcdEx
HC_gcd_v32
HC_getExportFunNums
HC_getLastError
HC_getLicenseLevel
HC_getPrime
HC_getPrimeCount
HC_getPrimeList
HC_getPrimePi
HC_getSNA
HC_getSNW
HC_getTimer
HC_getTimerStrA
HC_getTimerStrW
HC_getVerA
HC_getVerW
HC_invertMod
HC_isPrime
HC_isTerminated
HC_lcm
HC_nextPrime
HC_powMod
HC_previousPrime
HC_resetTimer
HC_seedRandom
HC_setTerminate
HI_abs
HI_add
HI_add_u32
HI_bitAnd
HI_bitLShift
HI_bitOr
HI_bitRShift
HI_bitXor
HI_ceil
HI_combination
HI_compareAbs_hi
HI_compareAbs_s32
HI_compareAbs_u32
HI_compare_hi
HI_compare_s32
HI_compare_u32
HI_decLShift
HI_decRShift
HI_delete
HI_divRem
HI_div_s32
HI_factorial
HI_factorial2
HI_fibonacci
HI_floor
HI_freeStrBuffer
HI_gcd
HI_gcdEx
HI_gcd_vhi
HI_generatePrime
HI_getBits
HI_getCount
HI_getDigits
HI_getHexStrA
HI_getHexStrW
HI_getSign
HI_getStrA
HI_getStrRadixA
HI_getStrRadixW
HI_getStrW
HI_getTailDecZeros
HI_get_s32
HI_get_s64
HI_get_u32
HI_get_u64
HI_invertMod
HI_invertMod_u32
HI_isAbsOne
HI_isEven
HI_isOdd
HI_isPrime
HI_isZero
HI_lcm
HI_lcm_v32
HI_lcm_vhi
HI_log
HI_log_u32
HI_lucas
HI_mod
HI_modPowTen
HI_mul
HI_mulMod
HI_mul_u32
HI_negate
HI_new
HI_nextPrime
HI_permutation
HI_pow
HI_powMod
HI_powMod_u32
HI_powMod_u32_u32
HI_previousPrime
HI_primeFactorial
HI_product_v32
HI_product_vhi
HI_random
HI_rootRem
HI_setHexStrA
HI_setHexStrW
HI_set_hi
HI_set_hx
HI_set_rc
HI_set_s32
HI_set_s64
HI_set_strA
HI_set_strW
HI_set_u32
HI_set_u64
HI_sub
HI_sub_u32
HI_sumsOfLikePowers_v32
HI_sumsOfLikePowers_vhi
HI_swap
HI_testPrimality
HI_truncate
HX_abs
HX_add
HX_add_u32
HX_bitAnd
HX_bitLShift
HX_bitOr
HX_bitRShift
HX_bitXor
HX_ceil
HX_combination
HX_compareAbs_hx
HX_compareAbs_s32
HX_compareAbs_u32
HX_compare_hx
HX_compare_s32
HX_compare_u32
HX_delete
HX_divRem
HX_div_s32
HX_factorial
HX_factorial2
HX_fibonacci
HX_floor
HX_freeStrBuffer
HX_gcd
HX_gcdEx
HX_gcd_vhx
HX_generatePrime
HX_getBits
HX_getCount
HX_getDigits
HX_getHexStrA
HX_getHexStrW
HX_getSign
HX_getStrA
HX_getStrRadixA
HX_getStrRadixW
HX_getStrW
HX_getTailBitZeros
HX_getTextA
HX_getTextW
HX_get_s32
HX_get_s64
HX_get_u32
HX_get_u64
HX_invertMod
HX_invertMod_u32
HX_isAbsOne
HX_isBitOne
HX_isEven
HX_isOdd
HX_isPrime
HX_isZero
HX_lcm
HX_lcm_v32
HX_lcm_vhx
HX_log
HX_log_u32
HX_lucas
HX_mod
HX_modPowTwo
HX_mul
HX_mulMod
HX_mul_u32
HX_negate
HX_new
HX_nextPrime
HX_permutation
HX_pow
HX_powMod
HX_powMod_u32
HX_powMod_u32_u32
HX_previousPrime
HX_primeFactorial
HX_product_v32
HX_product_vhx
HX_random
HX_rootRem
HX_setHexStrA
HX_setHexStrW
HX_setTextA
HX_setTextW
HX_set_hi
HX_set_hx
HX_set_rc
HX_set_s32
HX_set_s64
HX_set_strA
HX_set_strW
HX_set_u32
HX_set_u64
HX_sub
HX_sub_u32
HX_sumsOfLikePowers_v32
HX_sumsOfLikePowers_vhx
HX_swap
HX_testPrimality
HX_truncate
RC_clearVector
RC_convert2Radix
RC_delete
RC_getCount
RC_getRadix
RC_getSign
RC_getVector
RC_get_s32
RC_get_s64
RC_get_u32
RC_get_u64
RC_new
RC_new_strA
RC_new_strW
RC_resetRadix
RC_resetSign
RC_resetVector
RC_set_hi
RC_set_hx
RC_set_rc
RC_set_s32
RC_set_s64
RC_set_u32
RC_set_u64
RC_sumOfDigits

Sections

UPX0
Size: - Virtual size: 5.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools//HugeCalc.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

GxQ0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GxQ1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/Ƽ/fycalcb13.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 90KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools//fpu10.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

��t
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��c
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/㹤/calcfac.exe
.exe windows x86

fac2931069331aaf9f914f9bbdde8ab7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ReleaseCapture
SetCapture
GetClientRect
SetCursor
RedrawWindow
IsWindow
GetFocus
SendMessageA
PtInRect
LoadImageA
LoadCursorA
UpdateWindow
EnableWindow

mfc42

ord4219
ord6385
ord5265
ord4376
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord535
ord4853
ord4224
ord6334
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord6438
ord1199
ord1247
ord1168
ord3092
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1920
ord4262
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6055
ord1776
ord5240
ord5290
ord3748
ord1725
ord4432
ord517
ord784
ord5260
ord2086
ord4464
ord6131
ord6216
ord4723
ord4508
ord5981
ord3610
ord1771
ord6366
ord2413
ord2024
ord1576
ord2581
ord4401
ord3402
ord3639
ord656
ord567
ord692
ord2367
ord2302
ord3719
ord793
ord2362
ord3619
ord2864
ord1641
ord3089
ord3626
ord3663
ord2414
ord809
ord556
ord2340
ord2574
ord3572
ord2575
ord4396
ord3574
ord3571
ord609
ord1088
ord2122
ord4148
ord6241
ord5802
ord924
ord3097
ord4202
ord2614
ord3708
ord781
ord2289
ord6199
ord939
ord2818
ord5937
ord6136
ord3061
ord5856
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2301
ord926
ord6283
ord6282
ord3317
ord858
ord537
ord941
ord3721
ord795
ord4275
ord5875
ord2379
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord4427
ord807
ord686
ord674
ord554
ord384
ord366
ord1768
ord2862
ord2096
ord4163
ord6625
ord4457
ord5252
ord1087
ord2408
ord5282
ord6877
ord2298
ord2582
ord4402
ord3370
ord3640
ord693
ord3996
ord665
ord6907
ord3998
ord1979
ord3318
ord5442
ord5186
ord3499
ord2515
ord354
ord355
ord3301

msvcrt

_exit
_controlfp
__CxxFrameHandler
strchr
atof
strtok
isalpha
sprintf
atoi
_atoi64
isdigit
_fpclass
ceil
floor
sscanf
_CIacos
_CIasin
_CIpow
_CIfmod
tolower
free
malloc
_ftol
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_setmbcp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

kernel32

TerminateThread
GetStartupInfoA
GetModuleHandleA
ExitThread
CreateThread

gdi32

GetStockObject
CreateFontA

shell32

ShellExecuteA

comctl32

ImageList_Add

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tools/ѧ/cryptocal.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 592KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 217KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/ѧ/ghirirsa.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ghRSAexp

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/ѧ/md.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetVersion
MD2
MD4
MD5

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/ѧ/ripemd.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetVersion
RIPEMD
RIPEMD128
RIPEMD160
RIPEMD256
RIPEMD320

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools//CalcVoice.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 259KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.url.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

GxQ0 Size: - Virtual size: 6.5MB

GxQ1 Size: 351KB - Virtual size: 352KB

.rsrc Size: 48KB - Virtual size: 52KB

d752e294794bde96faeb4ce0eb29fe2e

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 484B

Headers

File Characteristics

Sections

_'�{0 Size: - Virtual size: 1.6MB

_'�{1 Size: 469KB - Virtual size: 473KB

_'�{2 Size: 9KB - Virtual size: 8KB

Headers

File Characteristics

Sections

����t Size: - Virtual size: 28KB

����c Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 34KB - Virtual size: 104KB

.rdata Size: 5KB - Virtual size: 20KB

.data Size: 3KB - Virtual size: 2.1MB

.rsrc Size: 27KB - Virtual size: 92KB

.aspack Size: 17KB - Virtual size: 20KB

.data Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 5.8MB

UPX1 Size: 294KB - Virtual size: 296KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

File Characteristics

Sections

GxQ0 Size: - Virtual size: 48KB

GxQ1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 90KB - Virtual size: 796KB

.data Size: 512B - Virtual size: 100KB

.rsrc Size: 512B - Virtual size: 8KB

.aspack Size: 8KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

����t Size: - Virtual size: 16KB

����c Size: 6KB - Virtual size: 8KB

fac2931069331aaf9f914f9bbdde8ab7

Headers

File Characteristics

Imports

user32

mfc42

msvcrt

kernel32

GxQ0
Size: - Virtual size: 6.5MB

GxQ1
Size: 351KB - Virtual size: 352KB

.rsrc
Size: 48KB - Virtual size: 52KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 484B

_'�{0
Size: - Virtual size: 1.6MB

_'�{1
Size: 469KB - Virtual size: 473KB

_'�{2
Size: 9KB - Virtual size: 8KB

��t
Size: - Virtual size: 28KB

��c
Size: 10KB - Virtual size: 12KB

.text
Size: 34KB - Virtual size: 104KB

.rdata
Size: 5KB - Virtual size: 20KB

.data
Size: 3KB - Virtual size: 2.1MB

.rsrc
Size: 27KB - Virtual size: 92KB

.aspack
Size: 17KB - Virtual size: 20KB

.data
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 5.8MB

UPX1
Size: 294KB - Virtual size: 296KB

.rsrc
Size: 14KB - Virtual size: 16KB

GxQ0
Size: - Virtual size: 48KB

GxQ1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 12KB

.text
Size: 90KB - Virtual size: 796KB

.data
Size: 512B - Virtual size: 100KB

.rsrc
Size: 512B - Virtual size: 8KB

.aspack
Size: 8KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

��t
Size: - Virtual size: 16KB

��c
Size: 6KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 2.8MB

.rsrc
Size: 724KB - Virtual size: 723KB

UPX0
Size: - Virtual size: 592KB

UPX1
Size: 217KB - Virtual size: 220KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 25KB - Virtual size: 28KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 259KB - Virtual size: 680KB

DATA
Size: 5KB - Virtual size: 12KB

BSS
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 44KB

.rsrc
Size: 240KB - Virtual size: 492KB

.aspack
Size: 3KB - Virtual size: 8KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB