00cce5cdba17d9c173c576d35582dfb6

Sharing

Copy URL

Twitter E-mail

General

Target

00cce5cdba17d9c173c576d35582dfb6
Size

1.6MB
MD5

00cce5cdba17d9c173c576d35582dfb6
SHA1

3093507aad772b556866a80650825d939527952a
SHA256

23324b1f281195d7f8877d935b1b2d59203c040f2f255632bc5fb6facf672537
SHA512

224c0da06d909868d1d5936ccafbf8156b59990e873e52ba403a464e50ff5477468fa3559ee40eba9b4480f9a21cf8275d6e8c48689e86f79cf045c11e4c45a0
SSDEEP

49152:hKNdfLbHJAU2tMWWW8g190/IkCojoTrW+Qkc:AzfBl2WWWWD0arWNkc

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/注册机/f4cg/kEYGEN.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/注册机/brd/Keygen.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe
unpack001/注册机/Gen.exe
unpack001/注册机/LnDL/Keymaker.exe
unpack001/注册机/brd/Keygen.exe
unpack002/out.upx
unpack001/注册机/f4cg/kEYGEN.exe

Files

00cce5cdba17d9c173c576d35582dfb6
.rar
setup.exe
.exe windows:4 windows x86 arch:x86

2255cfcda5fa5b97562e1e888aa64e4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

FindFirstFileA
CloseHandle
SetFileTime
CompareFileTime
GetFileAttributesA
GetTempFileNameA
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
CreateDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
Sleep
CopyFileA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
lstrcpynA
GetCommandLineA
DeleteFileA
GetTickCount
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
FindNextFileA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
WaitForSingleObject
GetPrivateProfileStringA
GetExitCodeProcess
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
ExitProcess
WritePrivateProfileStringA
GetTempPathA

user32

SetTimer
DestroyWindow
CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
IsWindowEnabled
EndDialog
SetFocus
SetWindowPos
ScreenToClient
GetWindowLongA
EnableWindow
SetClassLongA
GetSysColor
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
SetWindowTextA
PostQuitMessage
ShowWindow
SetForegroundWindow
CharNextA
wsprintfA
CharPrevA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
GetWindowRect
LoadImageA
GetDC
PeekMessageA
ExitWindowsEx
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
SetRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
DispatchMessageA

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateSolidBrush
DeleteObject
CreateFontA
SetBkMode
SetTextColor
GetStockObject
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
注册机/Gen.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 306KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
注册机/LnDL/Keymaker.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 64KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
注册机/LnDL/LnDL.nfo
注册机/LnDL/file_id.diz
注册机/brd/Keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 233KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
注册机/brd/brd.nfo
注册机/brd/file_id.diz
注册机/f4cg/f4cg.nfo
注册机/f4cg/file_id.diz
注册机/f4cg/kEYGEN.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 139KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2255cfcda5fa5b97562e1e888aa64e4f

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 142KB

.rsrc Size: 7KB - Virtual size: 8KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 306KB - Virtual size: 816KB

.rsrc Size: 54KB - Virtual size: 56KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 64KB - Virtual size: 328KB

.rsrc Size: 102KB - Virtual size: 104KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 352KB

UPX1 Size: 233KB - Virtual size: 236KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 406KB - Virtual size: 405KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 25KB - Virtual size: 24KB

.rsrc Size: 108KB - Virtual size: 108KB

Headers

File Characteristics

Sections

CODE Size: 139KB - Virtual size: 328KB

DATA Size: 2KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 24KB

.rsrc Size: 90KB - Virtual size: 92KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 142KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 306KB - Virtual size: 816KB

.rsrc
Size: 54KB - Virtual size: 56KB

.text
Size: 64KB - Virtual size: 328KB

.rsrc
Size: 102KB - Virtual size: 104KB

UPX0
Size: - Virtual size: 352KB

UPX1
Size: 233KB - Virtual size: 236KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 406KB - Virtual size: 405KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 108KB - Virtual size: 108KB

CODE
Size: 139KB - Virtual size: 328KB

DATA
Size: 2KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 24KB

.rsrc
Size: 90KB - Virtual size: 92KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB