Overview

overview

7

Static

static

7

量子IP�...��.exe

windows7-x64

量子IP�...��.exe

windows10-2004-x64

量子IP�...��.exe

windows7-x64

量子IP�...��.exe

windows10-2004-x64

量子IP�...��.exe

windows7-x64

量子IP�...��.exe

windows10-2004-x64

量子IP�...��.exe

windows7-x64

量子IP�...��.exe

windows10-2004-x64

量子IP�...��.exe

windows7-x64

量子IP�...��.exe

windows10-2004-x64

量子IP�....6.exe

windows7-x64

量子IP�....6.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    46a8a8ced2c5d40dddbabbdc3e23d9e5

  • Size

    12.8MB

  • MD5

    46a8a8ced2c5d40dddbabbdc3e23d9e5

  • SHA1

    ad9f79375ca8a89c2e58870fcc55fdd8ca5e77a2

  • SHA256

    7bed742f28df10406da7dd77d9e93fb84925bfc2747ee8262dc3007ae72d37e8

  • SHA512

    19d7164a76e8adc551de0369e73b65b9d96bf4ccf138eb0fb9a73645b685f3e12161f1378ad3165225386e4a1ab37016013089a18d10ff00784fdfb0d736acff

  • SSDEEP

    196608:iqScEU0OaLftit+2k+dRM2+/66Ov0KjZlphT/pBsW0hmC1Xxm0g99ju4LnA0Dy:NSclG2k6RMtUv0UndghmKI99S6nY

Score
7/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • 46a8a8ced2c5d40dddbabbdc3e23d9e5
    .zip
  • 量子IP—9.9.6/售后工具/360断网急救箱.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • 量子IP—9.9.6/售后工具/LSP修复.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • 量子IP—9.9.6/售后工具/Win10_winsock重置.exe
    .exe windows:5 windows x64 arch:x64

    4ba7a917cd48cd066bb165f7f6ce51a7


    Headers

    Imports

    Sections

  • 量子IP—9.9.6/售后工具/一键开启关闭Win10杀毒.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 量子IP—9.9.6/售后工具/售后远程工具——把本机识别码发给售后.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 量子IP—9.9.6/量子IP 9.9.6.exe
    .exe windows:4 windows x86 arch:x86

    4e6abff63f16b04aa7f649ff34295fd5


    Headers

    Imports

    Sections