6b355822c4943e7f05118b78c7e95ace9fdcd5c39fdd94c81be2747b1b917bb9

Sharing

Copy URL Twitter E-mail

General

Target

6b355822c4943e7f05118b78c7e95ace9fdcd5c39fdd94c81be2747b1b917bb9
Size

10.3MB
MD5

6b209736d7499ae2b1f6aa395726a722
SHA1

f47d5cc345065e58d47061e52e95428ccbd00b22
SHA256

6b355822c4943e7f05118b78c7e95ace9fdcd5c39fdd94c81be2747b1b917bb9
SHA512

7bb5f39f867de39a5b241908a706702230df71da2782bfd8d850319727b88cfcb9e1b994ad75671f270ddd0d212bd6527c2c47fdd30dcf43746e112de848eee0
SSDEEP

196608:+RCpBnYkW1Fd9DYU3/aWHD9grNJqiQgoX2DHa8MvMmnI28Ov7Z:hp81bJYU3/aCRaNJHloMPmn1Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/魔兽注册表修复器.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SevenZipExtractor.dll
unpack001/x64/7z.dll
unpack001/x86/7z.dll
unpack001/海怪War3一键下载RPG地图+本地局域网建图工具.exe
unpack001/魔兽注册表修复器.exe

Files

6b355822c4943e7f05118b78c7e95ace9fdcd5c39fdd94c81be2747b1b917bb9
.zip
SevenZipExtractor.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/7z.dll
.dll windows:4 windows x64

690a5f89ac47af02792a4314ab879b34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW
CharPrevExA

advapi32

SystemFunction036

msvcrt

strcat
strcpy
memset
realloc
free
malloc
__CxxFrameHandler
strlen
strchr
strstr
_CxxThrowException
wcscmp
strcmp
memmove
memcpy
memcmp
_purecall
exit
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
SetEvent
GetModuleHandleW
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetOEMCP
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/7z.dll
.dll windows:4 windows x86

6a7be52633b01426b17d148203c82793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
strchr
strcat
strcpy
memset
realloc
free
malloc
strlen
wcscmp
strcmp
strstr
_CxxThrowException
memmove
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
FileTimeToLocalFileTime
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
支持库.7z
.7z
海怪War3一键下载RPG地图+本地局域网建图工具.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1017KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
魔兽注册表修复器.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 28KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

690a5f89ac47af02792a4314ab879b34

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 320KB - Virtual size: 319KB

.data Size: 1KB - Virtual size: 35KB

.pdata Size: 72KB - Virtual size: 72KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 12KB - Virtual size: 12KB

6a7be52633b01426b17d148203c82793

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 885KB - Virtual size: 885KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 1KB - Virtual size: 34KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 36KB - Virtual size: 36KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 1017KB - Virtual size: 1017KB

.sdata Size: 512B - Virtual size: 345B

.rsrc Size: 360KB - Virtual size: 359KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 360KB

UPX1 Size: 200KB - Virtual size: 204KB

.rsrc Size: 7KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 320KB - Virtual size: 319KB

.data
Size: 1KB - Virtual size: 35KB

.pdata
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 885KB - Virtual size: 885KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 1KB - Virtual size: 34KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 36KB - Virtual size: 36KB

.text
Size: 1017KB - Virtual size: 1017KB

.sdata
Size: 512B - Virtual size: 345B

.rsrc
Size: 360KB - Virtual size: 359KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 360KB

UPX1
Size: 200KB - Virtual size: 204KB

.rsrc
Size: 7KB - Virtual size: 8KB