eed98d558a09395a8f6e82e5211a779ccea1a53e0b11a43fd1e7fd043a258bac

Sharing

Copy URL Twitter E-mail

General

Target

eed98d558a09395a8f6e82e5211a779ccea1a53e0b11a43fd1e7fd043a258bac
Size

6.0MB
MD5

533a2cf199a60a3a262f6c0c9283fd60
SHA1

d2bca25765dffe3601a348e83dbbc7f087dfdc2a
SHA256

eed98d558a09395a8f6e82e5211a779ccea1a53e0b11a43fd1e7fd043a258bac
SHA512

70f2d55bd30a6e3bbd2cfbbec7a25066a9b0ac4535dae44dac061ce2f0a2e3b232e745a1166329c47318d5c2ef416841fe3148737bc91bd5f3df7dd9e9e96ee4
SSDEEP

98304:B0GJB+EihrTa828366JiRIHpTh4Bvw/GEumy3gijFBGbGGM0G8QrNQ4SN+UpqV7T:B0GJBQQVRmpN4aPy3gEGiGNOPUfqVQnk

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/MonoCloud_V1.3.6.exe	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MonoCloud/gzip.dll
unpack001/MonoCloud/sysproxy.exe
unpack001/MonoCloud_Mix.bin
unpack001/MonoCloud_V1.3.6.exe

Files

eed98d558a09395a8f6e82e5211a779ccea1a53e0b11a43fd1e7fd043a258bac
.zip
MonoCloud/Core-rule.txt
MonoCloud/Country.mmdb
MonoCloud/Pac-rule.txt
MonoCloud/gzip.dll
.dll windows x86

808ef01b1df8ccc7e620508eacbf5713

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
LocalFree

Exports

Exports

Compress
CreateCompression
CreateDecompression
DeInitCompression
DeInitDecompression
Decompress
DestroyCompression
DestroyDecompression
InitCompression
InitDecompression
ResetCompression
ResetDecompression

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MonoCloud/sysproxy.exe
.exe windows x64

fab070037efad15d6ea85ef3c8fe31a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
FormatMessageW
GetLastError
GlobalFree
HeapAlloc
GetProcessHeap
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
SetStdHandle
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

rasapi32

RasEnumEntriesW

wininet

InternetQueryOptionW
InternetSetOptionW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MonoCloud/user.rule
MonoCloud_Mix.bin
.exe windows x86

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MonoCloud_V1.3.6.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 301KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 197KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MonoC
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

808ef01b1df8ccc7e620508eacbf5713

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 368B

fab070037efad15d6ea85ef3c8fe31a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rasapi32

wininet

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 327KB - Virtual size: 522KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 191KB - Virtual size: 191KB

.symtab Size: 512B - Virtual size: 4B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 301KB - Virtual size: 788KB

.rdata Size: 197KB - Virtual size: 1.8MB

.data Size: 20KB - Virtual size: 152KB

.rsrc Size: 1KB - Virtual size: 120KB

.reloc Size: 25KB - Virtual size: 84KB

.MonoC Size: 120KB - Virtual size: 120KB

.adata Size: - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 368B

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 327KB - Virtual size: 522KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 191KB - Virtual size: 191KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 301KB - Virtual size: 788KB

.rdata
Size: 197KB - Virtual size: 1.8MB

.data
Size: 20KB - Virtual size: 152KB

.rsrc
Size: 1KB - Virtual size: 120KB

.reloc
Size: 25KB - Virtual size: 84KB

.MonoC
Size: 120KB - Virtual size: 120KB

.adata
Size: - Virtual size: 4KB