c48bb241122a3a332ca0b9841380d6304aac3aa999d9137a5826d4e26f2c16f1

Sharing

Copy URL

Twitter E-mail

General

Target

c48bb241122a3a332ca0b9841380d6304aac3aa999d9137a5826d4e26f2c16f1
Size

799KB
MD5

d66f96c85c798ef229defab01069a548
SHA1

b4dde000ff0b07b5512460ab8f512771ce443bab
SHA256

c48bb241122a3a332ca0b9841380d6304aac3aa999d9137a5826d4e26f2c16f1
SHA512

731bd07a1249f255c8ef86db2125f34b40a3577fa028e3a802b27d3e1c3ba06494bc901b91a801de1f3becf85e63e93b2377fe43eebfa77f993f1c3a0575ce6d
SSDEEP

24576:VZsNaBlJPQfxIjusVYbFP1VWSFEb/r96Zynyz/78Aqu:V9lJPQf4YbhOZx61T

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
aspackv2

Processes:

resource yara_rule

sample aspack_v212_v242

resource	yara_rule
sample	aspack_v212_v242

Files

c48bb241122a3a332ca0b9841380d6304aac3aa999d9137a5826d4e26f2c16f1
.dll windows x86

Code Sign

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01-03-2016 08:06

Not After

01-06-2019 08:06

Subject

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:d0:d1:7d:5a:9d:4b:3e:44:9c:13:26:ae:ae:67:e0:7e:fd:8d:30
Signer

Actual PE Digest

0c:d0:d1:7d:5a:9d:4b:3e:44:9c:13:26:ae:ae:67:e0:7e:fd:8d:30

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

30-03-2023 10:56
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CombiProfitMonitor
CombiRatioMonitor
CombiRatioWJZMonitor
ETFApplyRedeem
ETFApplyRedeemEx
ETFCashBalance
ETFOutApplyRedeem
ETFOutApplyRedeemEx
ETFRedeemApply
ETFReplaceBanlance
ETFSdTradeAmount
ETFStockAmount
ETFTradeAmount
ETFTradeAmountEx
ETFTradePrice
ETFTradeStatus
FundValueMonitor
FundValueRatioMtr
NavValueMonitor
PCFIMPRemind
ProfitValueMonitor
RemindCombiCostMonitor
RemindCombiFDYKMonitor
RemindCostMonitor
RemindCostMonitorYJZ
RemindGZQH1
RemindGZQH2
RemindGZQH3
RemindNavMonitor
StockRatioMonitor
WCDBBLMonitor

Sections

CODE
Size: 648KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 61KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

0c:d0:d1:7d:5a:9d:4b:3e:44:9c:13:26:ae:ae:67:e0:7e:fd:8d:30Signer

Signature Validations

Verification

30-03-2023 10:56 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 648KB - Virtual size: 1.9MB

DATA Size: 11KB - Virtual size: 40KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 12KB

.edata Size: 1024B - Virtual size: 4KB

.reloc Size: 61KB - Virtual size: 124KB

.rsrc Size: 63KB - Virtual size: 212KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

0c:d0:d1:7d:5a:9d:4b:3e:44:9c:13:26:ae:ae:67:e0:7e:fd:8d:30
Signer

30-03-2023 10:56
Valid: false

CODE
Size: 648KB - Virtual size: 1.9MB

DATA
Size: 11KB - Virtual size: 40KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 12KB

.edata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 61KB - Virtual size: 124KB

.rsrc
Size: 63KB - Virtual size: 212KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB