45147b4f15914be56d76d40bfc59881c

Sharing

Copy URL Twitter E-mail

General

Target

45147b4f15914be56d76d40bfc59881c
Size

1.0MB
MD5

45147b4f15914be56d76d40bfc59881c
SHA1

e185c4d10ca800b75214b53e392ab25e10374aa5
SHA256

26c03f72a3321fb103647ee6bc0e5260207a3cfacc888fa65525b4035b235fd1
SHA512

bf321ed48fad70e6a00a6a95ad113184371bf368a422bf596f67c5ae1eb8b4de6154b6c6507f46ef9c41de47773c362d3ebe1dfad5667eb63bfb851cb50ba457
SSDEEP

24576:o/S74MvT1p9UuT8u5dVlO1LtGl1GEt3G3:o/W4op9Iu5dVY1k1GES

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/a_friend.exe	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a_friend.exe
unpack001/csrss.exe
unpack001/instsrv.exe
unpack001/sup.exe
unpack001/svchost.exe

Files

45147b4f15914be56d76d40bfc59881c
.rar
Desktop.ini
a.reg
a_friend.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 286KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 39KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
aliases.ini
control.ini
csrss.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 578KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fullname.txt
instsrv.exe
.exe windows:5 windows x86 arch:x86

53d338fb5ceeb033459bc873d466d86d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceA
DeleteService
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
CloseServiceHandle

kernel32

GetLastError
CreateFileA
GetDriveTypeA
lstrcmpiA
lstrlenA
lstrcpyA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
Sleep
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle
CloseHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mirc.ico
mirc.ini
popups.txt
remote.ini
script.ini
.ps1
servers.ini
sup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
svchost.exe
.exe windows:5 windows x86 arch:x86

42cccb59fb52078015be74288575c424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
GetDesktopWindow

kernel32

GetLastError
ExitThread
Sleep
CreateProcessA
SetCurrentDirectoryA
ExitProcess
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
CloseHandle
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
_open
_read
_lseek
_close
_except_handler3
strncmp
_stricmp
malloc
free
__initenv

advapi32

SetServiceStatus
RegCloseKey
RegQueryValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
users.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 286KB - Virtual size: 604KB

.rdata Size: 18KB - Virtual size: 44KB

.data Size: 39KB - Virtual size: 832KB

.data1 Size: 512B - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 88KB

.aspack Size: 55KB - Virtual size: 56KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

MEW Size: - Virtual size: 1.7MB

�uۊ�� Size: 578KB - Virtual size: 636KB

53d338fb5ceeb033459bc873d466d86d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 97KB - Virtual size: 97KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 30KB - Virtual size: 30KB

42cccb59fb52078015be74288575c424

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

msvcrt

advapi32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 132B

.text
Size: 286KB - Virtual size: 604KB

.rdata
Size: 18KB - Virtual size: 44KB

.data
Size: 39KB - Virtual size: 832KB

.data1
Size: 512B - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 88KB

.aspack
Size: 55KB - Virtual size: 56KB

.adata
Size: - Virtual size: 4KB

MEW
Size: - Virtual size: 1.7MB

�uۊ��
Size: 578KB - Virtual size: 636KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 8KB

CODE
Size: 97KB - Virtual size: 97KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 132B