bbe61392bb367795458d1817e8b2c52c1c61632797babe981a2f0a3b57c30f60

Sharing

Copy URL

Twitter E-mail

General

Target

bbe61392bb367795458d1817e8b2c52c1c61632797babe981a2f0a3b57c30f60
Size

292KB
MD5

58967081a2a9d40e185836e73d3e7c10
SHA1

5697833b058d9cb82a2ae53063214e330d757946
SHA256

bbe61392bb367795458d1817e8b2c52c1c61632797babe981a2f0a3b57c30f60
SHA512

2fa31352d9b23febb0f6c63f3240a2c9671a141c3349f6c14176cd407f54dcbbe8ca60cbf40060a223912c36bc18b692fef97251540784e4cf2381f0e226e36c
SSDEEP

6144:YJYXyRMIlatja4WZJF3kjrdCDAm+S+PnRzZFiMTrQUsscH2CeYFztd:YJxRlPzZQr2AmPsMYesVCeYFz3

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
aspackv2

Processes:

resource yara_rule

sample aspack_v212_v242

resource	yara_rule
sample	aspack_v212_v242

Files

bbe61392bb367795458d1817e8b2c52c1c61632797babe981a2f0a3b57c30f60
.dll windows x86

Code Sign

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01-03-2016 08:06

Not After

01-06-2019 08:06

Subject

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:fd:45:38:64:59:be:1a:a7:44:b7:b7:21:f8:75:5b:5d:11:94:ca
Signer

Actual PE Digest

31:fd:45:38:64:59:be:1a:a7:44:b7:b7:21:f8:75:5b:5d:11:94:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

30-03-2023 11:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Balance_Negative
Balance_Over
FundApprove
FundStockValueRatio
Future_MarginKind
Future_MarginNone
Future_MarginTotal
Future_YesterdayPostion
GuZhi_DepositRatio
GuoZhai_DepositRatio
GuoZhai_DepositRatio2
NewBondsBalanceAva
NewSharesBalanceAva
RemindAvailableBalance
RemindCovLockTar
RemindETFRatio
RemindNSDate
RemindOptBalanceAva
RemindOptTargetAva
ShangPin_DepositRatio
ShangPin_DepositRatio2
ZJSFuture_DepositRatio

Sections

CODE
Size: 244KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

31:fd:45:38:64:59:be:1a:a7:44:b7:b7:21:f8:75:5b:5d:11:94:caSigner

Signature Validations

Verification

30-03-2023 11:03 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 244KB - Virtual size: 668KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.edata Size: 1024B - Virtual size: 4KB

.reloc Size: 24KB - Virtual size: 44KB

.rsrc Size: 6KB - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

31:fd:45:38:64:59:be:1a:a7:44:b7:b7:21:f8:75:5b:5d:11:94:ca
Signer

30-03-2023 11:03
Valid: false

CODE
Size: 244KB - Virtual size: 668KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.edata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 24KB - Virtual size: 44KB

.rsrc
Size: 6KB - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB