9d308022f229e2a8220f5550403bdf65a7f8aa8d244c27d64acd419a107d1211

Sharing

Copy URL Twitter E-mail

General

Target

9d308022f229e2a8220f5550403bdf65a7f8aa8d244c27d64acd419a107d1211
Size

6.4MB
MD5

a287edd66262d69936a856c1b7794315
SHA1

3815f33f3c613f4fd223660dc32beb7f9705fa7d
SHA256

9d308022f229e2a8220f5550403bdf65a7f8aa8d244c27d64acd419a107d1211
SHA512

59516c7d0118795d333c89ac5dd30b2c8bf73c038494fab3fcc857f2e7609f5be96668c97381b3731705e226256508a9c1a526959b0101ccf0217cb9110b5c10
SSDEEP

98304:TSmpJb+KjigSf7UAoyfROg1YSX0cv0aFDXTkQtB9XzbBVgl/SFa/JijWhOs8aw:FawSfRw7eDXl1VISI/JiMOlr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-Windows-32位系统版.exe	upx
static1/unpack001/1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-Windows-64位系统版.exe	upx
static1/unpack001/1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-linux-386	upx
static1/unpack001/1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-linux-amd64	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-Windows-32位系统版.exe
unpack001/1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-Windows-64位系统版.exe

Files

9d308022f229e2a8220f5550403bdf65a7f8aa8d244c27d64acd419a107d1211
.zip
1 密码：（www.jb51.net）/jb51.net.txt
1 密码：（www.jb51.net）/使用声明.txt
1 密码：（www.jb51.net）/关注公众号获取更多惊喜资源.jpg
.jpg
1 密码：（www.jb51.net）/去脚本之家看看.url
1 密码：（www.jb51.net）/服务器软件.url
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/kgm.mask
.xz
kgm
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-Windows-32位系统版.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 715KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-Windows-64位系统版.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 740KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-linux-386
.elf linux x86
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/unlock-kugou-linux-amd64
.elf linux x64
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/使用教程.txt
1 密码：（www.jb51.net）/酷狗KGM转MP3或者FLAC/示范歌曲.kgma

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 715KB - Virtual size: 716KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.8MB

UPX1 Size: 740KB - Virtual size: 744KB

UPX2 Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 715KB - Virtual size: 716KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.8MB

UPX1
Size: 740KB - Virtual size: 744KB

UPX2
Size: 512B - Virtual size: 4KB