f5a03e11577722cf1ae0cd8a000550fb06ea0acd35e95ad76bf087d5b06baca5

Sharing

Copy URL Twitter E-mail

General

Target

f5a03e11577722cf1ae0cd8a000550fb06ea0acd35e95ad76bf087d5b06baca5
Size

5.2MB
MD5

ff949167a90c613f64e44e8d0751557d
SHA1

c63b15d562c68d8ec5a9ba8ed1ae615db8a73ead
SHA256

f5a03e11577722cf1ae0cd8a000550fb06ea0acd35e95ad76bf087d5b06baca5
SHA512

72b442e9022b47c6533fe6291de682f757b4c6c109770685c6380bc62db6204955cf47f6b1298a375131f747883b25614ebadea272d168b367546e2d62c630eb
SSDEEP

98304:JJQCAuYCEaeDmHZQT0mtPIzReB22e5kbYrnqtFcuTGepC1ZMp6KTMOUUTYdAa:JeCpYbm6T0PzRGLerAFcuTHCQp6KdUUo

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/tsdzbaibian/HtmlView.fne	acprotect
static1/unpack001/tsdzbaibian/eSkin.fne	acprotect
static1/unpack001/tsdzbaibian/krnln.fnr	acprotect

Files

f5a03e11577722cf1ae0cd8a000550fb06ea0acd35e95ad76bf087d5b06baca5
.rar
tsdzbaibian/1001下载乐园.url
.url
tsdzbaibian/HtmlView.fne
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetNewInf

Sections

.CQSN
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CQSN
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CQSN
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tsdzbaibian/eSkin.fne
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetNewInf

Sections

.CQSN
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CQSN
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CQSN
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tsdzbaibian/krnln.fnr
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetNewInf
GetNewSock

Sections

.CQSN
Size: - Virtual size: 776KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CQSN
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CQSN
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tsdzbaibian/skins/101.an
tsdzbaibian/skins/15.an
tsdzbaibian/skins/17.an
tsdzbaibian/skins/19.an
tsdzbaibian/skins/20.an
tsdzbaibian/skins/21.an
tsdzbaibian/skins/22.an
tsdzbaibian/skins/23.an
tsdzbaibian/skins/24.an
tsdzbaibian/skins/25.an
tsdzbaibian/skins/26.an
tsdzbaibian/skins/27.an
tsdzbaibian/skins/28.an
tsdzbaibian/skins/29.an
tsdzbaibian/skins/3.an
tsdzbaibian/skins/30.an
tsdzbaibian/skins/31.an
tsdzbaibian/skins/32.an
tsdzbaibian/skins/34.an
tsdzbaibian/skins/35.an
tsdzbaibian/skins/36.an
tsdzbaibian/skins/37.an
tsdzbaibian/skins/38.an
tsdzbaibian/skins/39.an
tsdzbaibian/skins/4.an
tsdzbaibian/skins/40.an
tsdzbaibian/skins/41.an
tsdzbaibian/skins/42.an
tsdzbaibian/skins/44.an
tsdzbaibian/skins/45.an
tsdzbaibian/skins/46.an
tsdzbaibian/skins/47.an
tsdzbaibian/skins/48.an
tsdzbaibian/skins/49.an
tsdzbaibian/skins/51.an
tsdzbaibian/skins/52.an
tsdzbaibian/skins/53.an
tsdzbaibian/skins/54.an
tsdzbaibian/skins/55.an
tsdzbaibian/skins/56.an
tsdzbaibian/skins/58.an
tsdzbaibian/skins/60.an
tsdzbaibian/skins/63.an
tsdzbaibian/skins/64.an
tsdzbaibian/skins/65.an
tsdzbaibian/skins/66.an
tsdzbaibian/skins/67.an
tsdzbaibian/skins/68.an
tsdzbaibian/skins/69.an
tsdzbaibian/skins/7.an
tsdzbaibian/skins/70.an
tsdzbaibian/skins/71.an
tsdzbaibian/skins/74.an
tsdzbaibian/skins/75.an
tsdzbaibian/skins/78.an
tsdzbaibian/skins/79.an
tsdzbaibian/skins/8.an
tsdzbaibian/skins/82.an
tsdzbaibian/skins/83.an
tsdzbaibian/skins/88.an
tsdzbaibian/skins/93.an
tsdzbaibian/skins/95.an
tsdzbaibian/skins/97.an
tsdzbaibian/skins/98.an
tsdzbaibian/skins/99.an
tsdzbaibian/skins/XP风格（橡皮）.an
tsdzbaibian/skins/XP风格（水晶）.an
tsdzbaibian/skins/XP风格（红）.an
tsdzbaibian/skins/XP风格（绿）.an
tsdzbaibian/skins/XP风格（蓝）.an
tsdzbaibian/skins/iTunes.an
tsdzbaibian/skins/macos.an
tsdzbaibian/skins/mxp05.an
tsdzbaibian/skins/mxp1.an
tsdzbaibian/skins/mxp2.an
tsdzbaibian/skins/mxp3.an
tsdzbaibian/skins/mxskin03.an
tsdzbaibian/skins/mxskin10.an
tsdzbaibian/skins/mxskin11.an
tsdzbaibian/skins/mxskin14.an
tsdzbaibian/skins/mxskin15.an
tsdzbaibian/skins/mxskin17.an
tsdzbaibian/skins/mxskin18.an
tsdzbaibian/skins/mxskin2.an
tsdzbaibian/skins/mxskin20.an
tsdzbaibian/skins/mxskin24.an
tsdzbaibian/skins/mxskin25.an
tsdzbaibian/skins/mxskin26.an
tsdzbaibian/skins/mxskin30.an
tsdzbaibian/skins/mxskin31.an
tsdzbaibian/skins/mxskin32.an
tsdzbaibian/skins/mxskin33.an
tsdzbaibian/skins/mxskin8.an
tsdzbaibian/skins/mxskin9.an
tsdzbaibian/skins/vista(绿色).an
tsdzbaibian/skins/vista(银白).an
tsdzbaibian/skins/单线（good2）.an
tsdzbaibian/skins/单线（异型）.an
tsdzbaibian/skins/单线（醒目）.an
tsdzbaibian/skins/另类（1）.an
tsdzbaibian/skins/另类（good）.an
tsdzbaibian/skins/另类（双色）.an
tsdzbaibian/skins/另类（右上标）.an
tsdzbaibian/skins/另类（右竖标）.an
tsdzbaibian/skins/另类（左右标）.an
tsdzbaibian/skins/另类（左带点）.an
tsdzbaibian/skins/另类（橡皮）.an
tsdzbaibian/skins/另类（灰）.an
tsdzbaibian/skins/另类（雕刻）.an
tsdzbaibian/skins/平面（1）.an
tsdzbaibian/skins/橡皮软按钮.an
tsdzbaibian/skins/橡皮软按钮（好）.an
tsdzbaibian/skins/橡皮（平面G）.an
tsdzbaibian/skins/橡皮（异性）.an
tsdzbaibian/skins/橡皮（微平）.an
tsdzbaibian/skins/橡皮（超软）.an
tsdzbaibian/skins/橡皮（醒目2）.an
tsdzbaibian/skins/橡皮（阴影）.an
tsdzbaibian/skins/水晶按钮1.an
tsdzbaibian/skins/水晶按钮2.an
tsdzbaibian/skins/水晶（方）.an
tsdzbaibian/skins/水晶（灯光）.an
tsdzbaibian/skins/水晶（琥珀）.an
tsdzbaibian/skins/玻璃（梯形）.an
tsdzbaibian/skins/玻璃（白）.an
tsdzbaibian/skins/玻璃（醒目）.an
tsdzbaibian/skins/翡翠水晶1.an
tsdzbaibian/skins/金属风格（银灰）.an
tsdzbaibian/skins/金属（烤蓝）.an
tsdzbaibian/skins/阴影（蓝灰）.an
tsdzbaibian/sys/Untitled.htm
.html
tsdzbaibian/sys/loev.gif
tsdzbaibian/sys/setup.dat
tsdzbaibian/使用说明.txt
tsdzbaibian/百变按钮 2.1.exe
.exe windows x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tsdzbaibian/绿色软件.reg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.CQSN Size: - Virtual size: 148KB

.CQSN Size: 87KB - Virtual size: 88KB

.CQSN Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.CQSN Size: - Virtual size: 356KB

.CQSN Size: 204KB - Virtual size: 208KB

.CQSN Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

.CQSN Size: - Virtual size: 776KB

.CQSN Size: 400KB - Virtual size: 400KB

.CQSN Size: 7KB - Virtual size: 8KB

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 404B

.data Size: 108KB - Virtual size: 108KB

.rsrc Size: 53KB - Virtual size: 52KB

.CQSN
Size: - Virtual size: 148KB

.CQSN
Size: 87KB - Virtual size: 88KB

.CQSN
Size: 3KB - Virtual size: 4KB

.CQSN
Size: - Virtual size: 356KB

.CQSN
Size: 204KB - Virtual size: 208KB

.CQSN
Size: 5KB - Virtual size: 8KB

.CQSN
Size: - Virtual size: 776KB

.CQSN
Size: 400KB - Virtual size: 400KB

.CQSN
Size: 7KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 404B

.data
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 53KB - Virtual size: 52KB