ec07d835f08c24f25c4cf22188c9d7fe7bd6fe9408ce51d5db656fc4d0151f95

Sharing

Copy URL

Twitter E-mail

General

Target

ec07d835f08c24f25c4cf22188c9d7fe7bd6fe9408ce51d5db656fc4d0151f95
Size

2.7MB
MD5

27f39e0e83a794968fa2dc3d581567f0
SHA1

de73ea0bcd1e12c1df42dca5de2555a279102668
SHA256

ec07d835f08c24f25c4cf22188c9d7fe7bd6fe9408ce51d5db656fc4d0151f95
SHA512

e84736fa07ebcc2ab367e9ec6e74319180f76ef301b0c04dc2ae18284611a74f78c7c4dda5b464b2897e5347767bda0f887d1b292ad47b6a72ef5e2e7c058460
SSDEEP

49152:JQVN5oDTMjoN22V3Vr37LW9IZtB0heJmVND/9YLrTFSOy+nBGo:GVN5QiotvfZtB0oJMNb2LrZS/9o

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/SoSoksqd20190417/SoSo-20190417/images/Ļͼ1.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SoSoksqd20190417/SoSo-20190417/SoSo.exe
unpack001/SoSoksqd20190417/SoSo-20190417/images/Ļͼ1.exe

Files

ec07d835f08c24f25c4cf22188c9d7fe7bd6fe9408ce51d5db656fc4d0151f95
.zip .ps1
SoSoksqd20190417/SoSo-20190417/SoSo.exe
.exe windows:4 windows x86

cdd0e049eeff810ff97d8658c35b1a8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaI2Abs
__vbaCopyBytes
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord556
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaExitProc
__vbaForEachCollObj
ord593
ord594
__vbaOnError
__vbaStrLike
ord595
__vbaObjSet
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord599
__vbaStrFixstr
ord520
__vbaBoolVar
__vbaVarTstLt
__vbaBoolVarNull
__vbaRefVarAry
__vbaFpR8
__vbaVargVar
_CIsin
__vbaErase
ord524
ord632
__vbaVarZero
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaVarLikeVar
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
ord567
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStrUI1
ord710
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
ord531
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord535
__vbaLsetFixstrFree
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
ord689
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaStrMove
__vbaForEachVar
ord619
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoSoksqd20190417/SoSo-20190417/images/CHEVRON - .jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/CHEVRON.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/Dirve.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/Folder.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/Folder1.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/Folder2.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/REMINDER.WAV
SoSoksqd20190417/SoSo-20190417/images/SoSo.ico
SoSoksqd20190417/SoSo-20190417/images/SoSo.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/backup.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/calc.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/calendar.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/check.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/check1-1.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/check1.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/check11-1.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/check11.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/cmd.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/control.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/edit.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/err.gif
.gif
SoSoksqd20190417/SoSo-20190417/images/exit.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/explain.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/help.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/help1.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/html.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/htmls.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/link.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/list.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/notepad.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/t1.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/ͼ.bmp
SoSoksqd20190417/SoSo-20190417/images/С 괩͸.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/С ٹرմ.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/С հ׿ת.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/С ı򵯳ò˵.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/Ļͼ.exe
.exe windows:5 windows x86

a92d309b273ebabc03b6668d5fcc8ea3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69
Signer

Actual PE Digest

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetSaveFileNameW
GetOpenFileNameW

kernel32

FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetDriveTypeW
MoveFileExW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
ReadFile
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
Sleep
SetErrorMode
GetThreadLocale
SetThreadLocale
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
CreateRemoteThread
lstrcpyW
GetProcessId
Module32FirstW
Module32NextW
SetFileTime
GetFileTime
GetCurrentProcessId
RaiseException
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetFileType
SetHandleCount
GetTimeZoneInformation
FatalAppExitA
HeapCreate
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
GetFileAttributesW
GetStartupInfoA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
LockResource
LoadResource
FindResourceW
FindResourceExW
GetVersionExW
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
WriteProcessMemory
CloseHandle
VirtualAllocEx
OpenProcess
ReadProcessMemory
CreateDirectoryA
lstrcatA
CreateDirectoryW
lstrcatW
FlushInstructionCache
GetCurrentProcess
FreeResource
GlobalFree
GlobalUnlock
GetFileSizeEx
SetFilePointer
MapViewOfFile
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
DeviceIoControl
CreateProcessW
WritePrivateProfileStringW
GetTempFileNameW
GetVolumeInformationW
GetLongPathNameW
DeleteFileW
WideCharToMultiByte
lstrlenA
lstrcmpW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetProcAddress
FreeLibrary
LoadLibraryW
CreateMutexW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
LocalFree
CreateFileW
WriteFile
LocalAlloc
MulDiv
WaitForSingleObject
CreateEventW
SetEvent
GetProfileIntW
GetTempPathW
lstrcpynW
GetTickCount
GetPrivateProfileIntW
GetLocalTime
GetPrivateProfileStringW
lstrlenW
SetLastError
GetCurrentThreadId
TerminateProcess
GlobalAlloc
GlobalLock
VirtualFreeEx

user32

DestroyCursor
TrackMouseEvent
GetMessagePos
PrintWindow
wsprintfW
IntersectRect
EnumChildWindows
OffsetRect
UpdateWindow
UnregisterClassA
InvalidateRect
ShowWindow
GetParent
SetWindowLongW
LoadMenuW
LoadAcceleratorsW
CharNextW
GetDesktopWindow
SetLayeredWindowAttributes
MsgWaitForMultipleObjects
TranslateMessage
SystemParametersInfoW
GetWindowLongW
BeginPaint
EndPaint
SetCursor
SetFocus
DestroyWindow
GetSysColorBrush
SetRect
GetClientRect
SetWindowPos
GetDC
ReleaseDC
FillRect
InflateRect
SetClassLongW
CopyRect
DrawTextW
PtInRect
FindWindowExW
FindWindowW
GetSystemMetrics
IsRectEmpty
IsWindowVisible
GetWindowRect
GetWindow
CreatePopupMenu
AppendMenuW
EqualRect
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetCapture
OpenClipboard
IsWindow
GetClassInfoExW
LoadCursorW
CloseClipboard
SetClipboardData
EmptyClipboard
TrackPopupMenu
DefWindowProcW
CallWindowProcW
GetCursorPos
DrawIconEx
WindowFromPoint
GetWindowThreadProcessId
ClientToScreen
SetRectEmpty
GetCapture
RegisterClassExW
CreateWindowExW
TranslateAcceleratorW
MapWindowPoints
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
LoadStringW
PostQuitMessage
LoadStringA
TrackPopupMenuEx
SendMessageW
GetDlgItem
GetDCEx
GetMessageW
DispatchMessageW
ScreenToClient
SetMenuItemBitmaps
LoadImageW
SetForegroundWindow
ReleaseCapture
PostMessageW
CreateDialogParamW
PeekMessageW
MessageBeep

gdi32

GetTextColor
GetClipBox
SetStretchBltMode
TextOutW
GetTextExtentPoint32W
CreateFontIndirectW
SetPixel
GetDIBits
CreateDIBSection
GetDeviceCaps
SetROP2
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
GetPixel
StretchBlt
SaveDC
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
RestoreDC
SetBitmapBits
GetBitmapBits
GetObjectW
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
GetStockObject
CreateSolidBrush
CreatePen
SelectObject
Rectangle
EnumFontFamiliesExW
CreateFontW
DeleteObject
DeleteDC
MoveToEx
Polygon
LineTo

advapi32

AllocateAndInitializeSid
RegDeleteValueW
RegCloseKey
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
GetFileSecurityW
OpenProcessToken
DuplicateToken
MapGenericMask
AccessCheck
DuplicateTokenEx
FreeSid
CheckTokenMembership
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW

shell32

SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
ord165
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysStringLen
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocStringLen
VarUI4FromStr
GetErrorInfo
SetErrorInfo
SysAllocString
CreateErrorInfo
VariantCopy
VariantClear
VariantInit
SysFreeString
VarBstrCmp

shlwapi

SHSetValueW
PathRemoveBackslashW
ord176
StrFormatByteSizeW
PathIsDirectoryW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathIsRootW
PathFileExistsW
SHGetValueW
StrCmpIW
PathAddBackslashW
StrCpyNW
PathAppendW

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
InitCommonControlsEx
ImageList_Create

msimg32

AlphaBlend

gdiplus

GdipCloneBrush
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipDrawPath
GdipDrawLineI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathEllipseI
GdipAddPathLineI
GdipSetPenBrushFill
GdipSetPenCustomEndCap
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateSolidFill
GdipDeleteGraphics
GdipSetCustomLineCapWidthScale
GdipSetCustomLineCapStrokeCaps
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CertGetNameStringW
CryptBinaryToStringA
CryptStringToBinaryA

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash

imagehlp

ImageNtHeader

psapi

GetModuleFileNameExW

Sections

.text
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoSoksqd20190417/SoSo-20190417/images/Ļͼ1.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 190KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SoSoksqd20190417/SoSo-20190417/images/ɾ.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/images/.hta
.html .js
SoSoksqd20190417/SoSo-20190417/images/ҳ.jpg
.jpg
SoSoksqd20190417/SoSo-20190417/.ini
SoSoksqd20190417/SoSo-20190417/˵.txt
SoSoksqd20190417/SoSo-20190417/򿪳עһ¿ؼ/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86

fe3e00b55ce38538da3f709132445d8e

Code Sign

33:00:00:00:8d:40:3b:3c:2f:ad:c6:7b:b8:00:00:00:00:00:8d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

06/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:ae:6a:c2:f2:04:9d:ac:64:d4:c5:65:12:76:d6:f3:9f:35:46:f8
Signer

Actual PE Digest

89:ae:6a:c2:f2:04:9d:ac:64:d4:c5:65:12:76:d6:f3:9f:35:46:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
MulDiv
GetTickCount
LocalReAlloc
GetProfileIntA
RtlMoveMemory
lstrcatA
LocalSize
Sleep
GetCurrentProcessId
GetSystemDefaultLCID
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
lstrcpynA
lstrcpyA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
InterlockedExchange
lstrlenA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
lstrlenW
WideCharToMultiByte
HeapFree
FreeLibrary
DeleteCriticalSection
FreeResource
InitializeCriticalSection

user32

GetDesktopWindow
EnumChildWindows
GetDoubleClickTime
CopyRect
DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
SetRectEmpty
AdjustWindowRectEx
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
CharNextExA
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
GetDCEx
DeferWindowPos
BeginDeferWindowPos
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
LoadStringA
SendMessageA
CopyImage
GetSystemMetrics
LoadIconA
InvalidateRect
RegisterClassA
GetClassInfoA
ReleaseCapture
GetCapture
GetKeyState
DrawTextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
SendDlgItemMessageA
DrawIconEx
UnregisterClassA
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
CreateAcceleratorTableA
CharNextA
RedrawWindow
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
SetParent
IsWindowVisible
EndDeferWindowPos
FillRect
InflateRect
GetDlgItemTextA
GetDlgItemInt
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
CharUpperA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegQueryValueA

oleaut32

VariantClear
SafeArrayCopy
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
SysAllocString

comdlg32

GetOpenFileNameA

gdi32

DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA
GetCharWidthA
GetTextExtentPointA
Arc
Ellipse
LineTo
MoveToEx
GetTextMetricsA
CombineRgn
GetTextColor
OffsetRgn
SetTextAlign
GetTextAlign
Polyline
GetTextExtentPointW
ExtTextOutW
OffsetWindowOrgEx

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 676KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoSoksqd20190417/SoSo-20190417/򿪳עһ¿ؼ/Thumbs.db
SoSoksqd20190417/SoSo-20190417/򿪳עһ¿ؼ/Win10עؼ.png
.png
SoSoksqd20190417/SoSo-20190417/򿪳עһ¿ؼ/עؼWIN7߰汾ҼԹԱУ.bat
.bat .vbs
SoSoksqd20190417/SoSo-20190417/򿪳עһ¿ؼ/ֶע᷽.txt
久友下载站首页_9upk.com.url
.url
使用必读.url
使用说明.txt
解压密码：www.9upk.com.txt

Sharing

General

Malware Config

Signatures

Files

cdd0e049eeff810ff97d8658c35b1a8b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 292KB - Virtual size: 289KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 1.1MB - Virtual size: 1.0MB

a92d309b273ebabc03b6668d5fcc8ea3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

crypt32

wintrust

imagehlp

psapi

Sections

.text Size: 704KB - Virtual size: 703KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 87KB - Virtual size: 101KB

.rsrc Size: 45KB - Virtual size: 45KB

Headers

File Characteristics

Sections

.text Size: 190KB - Virtual size: 420KB

.rdata Size: 46KB - Virtual size: 124KB

.data Size: 3KB - Virtual size: 24KB

.rsrc Size: 18KB - Virtual size: 136KB

.aspack Size: 10KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

fe3e00b55ce38538da3f709132445d8e

Code Sign

33:00:00:00:8d:40:3b:3c:2f:ad:c6:7b:b8:00:00:00:00:00:8dCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

89:ae:6a:c2:f2:04:9d:ac:64:d4:c5:65:12:76:d6:f3:9f:35:46:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 292KB - Virtual size: 289KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 1.1MB - Virtual size: 1.0MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8d:80:3d:8f:a3:22:fe:f9:79:9d:8a:57:7c:8a:c5:92:f6:25:cb:69
Signer

.text
Size: 704KB - Virtual size: 703KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 87KB - Virtual size: 101KB

.rsrc
Size: 45KB - Virtual size: 45KB

.text
Size: 190KB - Virtual size: 420KB

.rdata
Size: 46KB - Virtual size: 124KB

.data
Size: 3KB - Virtual size: 24KB

.rsrc
Size: 18KB - Virtual size: 136KB

.aspack
Size: 10KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

33:00:00:00:8d:40:3b:3c:2f:ad:c6:7b:b8:00:00:00:00:00:8d
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

89:ae:6a:c2:f2:04:9d:ac:64:d4:c5:65:12:76:d6:f3:9f:35:46:f8
Signer

.text
Size: 676KB - Virtual size: 674KB

.data
Size: 28KB - Virtual size: 31KB

.rsrc
Size: 284KB - Virtual size: 281KB

.reloc
Size: 44KB - Virtual size: 41KB