2c197bee007a58978b64a68bb5c9d9e561965076d78e38aafb5eb2dd6101b5af

Sharing

Copy URL

Twitter E-mail

General

Target

2c197bee007a58978b64a68bb5c9d9e561965076d78e38aafb5eb2dd6101b5af
Size

112KB
MD5

93d799214cd1d7a41ebce5c5cfb405a1
SHA1

be3f6c1b798e63100c832f9ade14ea13a627ed6d
SHA256

2c197bee007a58978b64a68bb5c9d9e561965076d78e38aafb5eb2dd6101b5af
SHA512

8abcea65a688a838e42e7692620b0471b8dd044a945ee054506327ef777fb22a858c12f744d163a1e553748118eaf603d868b2b25589bf529bc1ead617349790
SSDEEP

1536:9P2t6l+OKJWMM9TZTYcKNED+mrarZGtHusiWUB+XCUdubTGS:Ut6l+OcWPZTYpbmyZGtOzWCUdNS

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
aspackv2

Processes:

resource yara_rule

sample aspack_v212_v242

resource	yara_rule
sample	aspack_v212_v242

Files

2c197bee007a58978b64a68bb5c9d9e561965076d78e38aafb5eb2dd6101b5af
.dll windows x86

Code Sign

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01-03-2016 08:06

Not After

01-06-2019 08:06

Subject

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08-08-2012 01:00

Not After

08-08-2027 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:ef:0c:54:0f:30:ac:cd:fc:70:4f:17:ad:3a:0c:47:eb:ec:8d:5d
Signer

Actual PE Digest

7c:ef:0c:54:0f:30:ac:cd:fc:70:4f:17:ad:3a:0c:47:eb:ec:8d:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@$xp$29Hsformtaskquery@TfrmTaskQuery
@$xp$35Hsformtasklogquery@TfrmTaskLogQuery
@$xp$45Hsverifyauditinginterface@TVerifyAuditingInfo
@$xp$53Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit
@$xp$53Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList
@$xp$55Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery
@$xp$67Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit
@GetPackageInfoTable
@Hsformorganverifyauditingbatchedit@Finalization$qqrv
@Hsformorganverifyauditingbatchedit@LoadOrganVerifyAuditingBatchEdit$qqrrx28Hsglobalvariable@TModuleInfo28Hsglobalvariable@TActionKind
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@CheckData$qqrv
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@CustomOnChange$qqrp14System@TObject
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@ExecSubmitClick$qqrp14System@TObject
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@FormCloseQuery$qqrp14System@TObjectro
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@Init$qqrv
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@SubmitData$qqrr17System@AnsiStringt1
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@edtFromOrganAltBtnClick$qqrp14System@TObject
@Hsformorganverifyauditingbatchedit@TfrmOrganVerifyAuditingBatchEdit@edtToOrganAltBtnClick$qqrp14System@TObject
@Hsformorganverifyauditingbatchedit@frmOrganVerifyAuditingBatchEdit
@Hsformorganverifyauditingbatchedit@initialization$qqrv
@Hsformtasklogquery@Finalization$qqrv
@Hsformtasklogquery@LoadTaskLogQuery$qqrrx28Hsglobalvariable@TModuleInfo28Hsglobalvariable@TActionKind
@Hsformtasklogquery@TfrmTaskLogQuery@
@Hsformtasklogquery@TfrmTaskLogQuery@CheckCondition$qqrv
@Hsformtasklogquery@TfrmTaskLogQuery@DownLoadDataFile$qqrr17System@AnsiString
@Hsformtasklogquery@TfrmTaskLogQuery@ExecDisplayClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@ExecExportClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@ExecFlowClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@ExecPrintClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@ExecQueryClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@FormShow$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@Init$qqrv
@Hsformtasklogquery@TfrmTaskLogQuery@LoadTradeList$qqrr17System@AnsiStringt1
@Hsformtasklogquery@TfrmTaskLogQuery@LoadUserList$qqrr17System@AnsiStringt1
@Hsformtasklogquery@TfrmTaskLogQuery@PackRecord$qqrr17System@AnsiString
@Hsformtasklogquery@TfrmTaskLogQuery@QueryData$qqrr17System@AnsiStringt1
@Hsformtasklogquery@TfrmTaskLogQuery@edtCorpNameAltBtnClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@edtOrganNameAltBtnClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@grdListDblClick$qqrp14System@TObject
@Hsformtasklogquery@TfrmTaskLogQuery@tbnDetailClick$qqrp14System@TObject
@Hsformtasklogquery@frmTaskLogQuery
@Hsformtasklogquery@initialization$qqrv
@Hsformtaskquery@Finalization$qqrv
@Hsformtaskquery@LoadTaskQuery$qqrrx28Hsglobalvariable@TModuleInfo28Hsglobalvariable@TActionKind
@Hsformtaskquery@TfrmTaskQuery@
@Hsformtaskquery@TfrmTaskQuery@CheckCondition$qqrv
@Hsformtaskquery@TfrmTaskQuery@DownLoadDataFile$qqrr17System@AnsiString
@Hsformtaskquery@TfrmTaskQuery@ExecDisplayClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@ExecEditClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@ExecExportClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@ExecFlowClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@ExecPrintClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@ExecQueryClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@ExecSubmitClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@FormCreate$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@FormShow$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@Init$qqrv
@Hsformtaskquery@TfrmTaskQuery@LoadTradeCodeList$qqrr17System@AnsiStringt1
@Hsformtaskquery@TfrmTaskQuery@PackRecord$qqrr17System@AnsiString
@Hsformtaskquery@TfrmTaskQuery@QueryData$qqrr17System@AnsiStringt1
@Hsformtaskquery@TfrmTaskQuery@cbbTaskStatusChange$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@grdListDblClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnAbortClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnAuditingClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnCheckClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnDetailClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnSelClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnUnAuditingClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnUnCheckClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnUnSelClick$qqrp14System@TObject
@Hsformtaskquery@TfrmTaskQuery@tbnUndoClick$qqrp14System@TObject
@Hsformtaskquery@frmTaskQuery
@Hsformtaskquery@initialization$qqrv
@Hsformverifyauditinglogquery@Finalization$qqrv
@Hsformverifyauditinglogquery@LoadVerifyAuditingLogQuery$qqrrx28Hsglobalvariable@TModuleInfo28Hsglobalvariable@TActionKind
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@CheckCondition$qqrv
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@DownLoadDataFile$qqrr17System@AnsiString
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@ExecDisplayClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@ExecExportClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@ExecFlowClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@ExecPrintClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@ExecQueryClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@FormShow$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@Init$qqrv
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@LoadTradeList$qqrr17System@AnsiStringt1
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@LoadUserList$qqrr17System@AnsiStringt1
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@PackRecord$qqrr17System@AnsiString
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@QueryData$qqrr17System@AnsiStringt1
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@edtCorpNameAltBtnClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@edtOrganNameAltBtnClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@grdListDblClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@TfrmVerifyAuditingLogQuery@tbnDetailClick$qqrp14System@TObject
@Hsformverifyauditinglogquery@frmVerifyAuditingLogQuery
@Hsformverifyauditinglogquery@initialization$qqrv
@Hsformverifyauditingsetedit@Finalization$qqrv
@Hsformverifyauditingsetedit@LoadVerifyAuditingSetEdit$qqr17System@AnsiStringt1r45Hsverifyauditinginterface@TVerifyAuditingInfo28Hsglobalvariable@TActionKind
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@CheckData$qqrv
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@Init$qqrv
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@InitTradeCode$qqrr17System@AnsiStringt1
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@PackRecord$qqrv
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@UnPackRecord$qqrv
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@btnSaveClick$qqrp14System@TObject
@Hsformverifyauditingsetedit@TfrmVerifyAuditingSetEdit@edtTradeCodeExit$qqrp14System@TObject
@Hsformverifyauditingsetedit@frmVerifyAuditingSetEdit
@Hsformverifyauditingsetedit@initialization$qqrv
@Hsformverifyauditingsetlist@Finalization$qqrv
@Hsformverifyauditingsetlist@LoadVerifyAuditingSetList$qqrrx28Hsglobalvariable@TModuleInfo28Hsglobalvariable@TActionKind
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@CheckCondition$qqrv
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@CheckData$qqrv
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecAddClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecDeleteClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecDisplayClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecEditClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecExportClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecPrintClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecQueryClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@ExecSubmitClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@FormCloseQuery$qqrp14System@TObjectro
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@FormCreate$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@FormShow$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@Init$qqrv
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@PackRecord$qqrv
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@QueryData$qqrr17System@AnsiStringt1
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@QueryTradeCodeList$qqr17System@AnsiStringr17System@AnsiStringt2t2
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@SaveTradeDataToFile$qqrr17System@AnsiStringt1
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@SubmitData$qqrr17System@AnsiStringt1
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@edtCorpNameAltBtnClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@edtOrganNameAltBtnClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@grdListDblClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@TfrmVerifyAuditingSetList@tbnCopyClick$qqrp14System@TObject
@Hsformverifyauditingsetlist@frmVerifyAuditingSetList
@Hsformverifyauditingsetlist@initialization$qqrv
@Hsverifyauditing@@GetPackageInfoTable$qqrv
@Hsverifyauditing@@PackageLoad$qqrv
@Hsverifyauditing@@PackageUnload$qqrv
@Hsverifyauditing@initialization$qqrv
@Hsverifyauditinginterface@Finalization$qqrv
@Hsverifyauditinginterface@LoadModule$qqsp28Hsglobalvariable@TModuleInforo
@Hsverifyauditinginterface@initialization$qqrv
Finalize
Initialize
LoadModule

Sections

CODE
Size: 28KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Hspack
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

7c:ef:0c:54:0f:30:ac:cd:fc:70:4f:17:ad:3a:0c:47:eb:ec:8d:5dSigner

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 28KB - Virtual size: 132KB

DATA Size: 512B - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 12KB - Virtual size: 64KB

.edata Size: 12KB - Virtual size: 12KB

.reloc Size: 6KB - Virtual size: 12KB

.rsrc Size: 9KB - Virtual size: 80KB

.Hspack Size: 38KB - Virtual size: 40KB

.adata Size: - Virtual size: 4KB

23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:6d:f8:a7
Certificate

7c:ef:0c:54:0f:30:ac:cd:fc:70:4f:17:ad:3a:0c:47:eb:ec:8d:5d
Signer

CODE
Size: 28KB - Virtual size: 132KB

DATA
Size: 512B - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 64KB

.edata
Size: 12KB - Virtual size: 12KB

.reloc
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 9KB - Virtual size: 80KB

.Hspack
Size: 38KB - Virtual size: 40KB

.adata
Size: - Virtual size: 4KB