4d57e3e172f37d6052f9ab2f8e8a9848

Sharing

Copy URL

Twitter E-mail

General

Target

4d57e3e172f37d6052f9ab2f8e8a9848
Size

236KB
MD5

4d57e3e172f37d6052f9ab2f8e8a9848
SHA1

a7aba3c314546357966fe09e019a1deca0c22c15
SHA256

9896728773929d7dc5811d412afc65beee94151e5d0769c7e7a3fba23e7d774c
SHA512

01c6b18946f89afe347d202959960cd00eb45e9377919ebe4f3d77e7beea46d5fb7f76e80af1aa8883146709e18becb289968bc2ff5032d32102fddd2848526a
SSDEEP

3072:/JpxC+HrqPnj5wrMs5QbSm+mTKDjQ+XH/qgOrtGzGfD7X/QkZKtNFPm51DLGN1nQ:/xw5wt5QGmg/yMzWHX4kZsLIJLGN0qw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Imeitu.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Imeitu.exe
unpack002/out.upx
unpack001/小云工作室最新版本.exe

Files

4d57e3e172f37d6052f9ab2f8e8a9848
.rar
Imeitu.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gnsdk_musicid.dll
.dll windows:5 windows x86 arch:x86

b11a018220abf4b406688c480d55c8b1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:15:4b:5a:c5:a7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16-12-2003 13:00

Not After

28-01-2028 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:28:1f:ce:1a:a2
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

21-04-2010 10:00

Not After

21-04-2020 10:00

Subject

CN=Gracenote Root CA,O=Gracenote Inc

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:d1:77:45:00:01:00:00:0e:da
Certificate

Issuer

CN=Gracenote Corporate Issuing CA,O=Gracenote Inc

Not Before

15-07-2011 19:54

Not After

14-07-2012 19:54

Subject

CN=Gracenote Inc

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:ec:aa:5b:00:01:00:00:00:09
Certificate

Issuer

CN=Gracenote Corporate Policy CA,O=Gracenote Inc

Not Before

13-05-2010 22:37

Not After

13-05-2015 07:05

Subject

CN=Gracenote Corporate Issuing CA,O=Gracenote Inc

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:9a:28:af:00:00:00:00:00:08
Certificate

Issuer

CN=Gracenote Root CA,O=Gracenote Inc

Not Before

13-05-2010 06:55

Not After

13-05-2015 07:05

Subject

CN=Gracenote Corporate Policy CA,O=Gracenote Inc

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:ba:7c:fe:6c:73:f5:a3:4e:d4:5f:85:79:77:2f:02:51:69:b5:bf
Signer

Actual PE Digest

7f:ba:7c:fe:6c:73:f5:a3:4e:d4:5f:85:79:77:2f:02:51:69:b5:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gnsdk_sdkmanager

ord12
ord4
ord1
ord11
ord10
ord6
ord5
ord7
ord3
ord8
ord9
ord2

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
TlsAlloc
TlsFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
Sleep
GetCurrentThreadId
TlsGetValue
TlsSetValue
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
DecodePointer
GetCommandLineA
GetSystemTimeAsFileTime
GetLastError
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
SetLastError
GetProcAddress
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
GetStringTypeW
HeapSize

Exports

Exports

gnsdk_musicid_get_build_date
gnsdk_musicid_get_version
gnsdk_musicid_initialize
gnsdk_musicid_load_locale
gnsdk_musicid_query_add_toc_offset
gnsdk_musicid_query_create
gnsdk_musicid_query_find_albums
gnsdk_musicid_query_find_lyrics
gnsdk_musicid_query_find_tracks
gnsdk_musicid_query_fingerprint_begin
gnsdk_musicid_query_fingerprint_end
gnsdk_musicid_query_fingerprint_write
gnsdk_musicid_query_get_fp_data
gnsdk_musicid_query_option_get
gnsdk_musicid_query_option_set
gnsdk_musicid_query_release
gnsdk_musicid_query_resolve
gnsdk_musicid_query_set_fp_data
gnsdk_musicid_query_set_gdo
gnsdk_musicid_query_set_text
gnsdk_musicid_query_set_toc_string
gnsdk_musicid_shutdown

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
小云工作室最新版本.exe
.exe windows:4 windows x86 arch:x86

fca56812962689d834a775d1be247639

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
__vbaFileCloseAll
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord610
__vbaVarDup
ord617
__vbaR8IntI2
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
查看最新版本.url
.url
运行不了请看这里.url
防掉线过SX非法+23错误补丁.reg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 84KB

UPX1 Size: 43KB - Virtual size: 44KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 5KB - Virtual size: 4KB

b11a018220abf4b406688c480d55c8b1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:15:4b:5a:c5:a7Certificate

Key Usages

04:00:00:00:00:01:28:1f:ce:1a:a2Certificate

Key Usages

48:d1:77:45:00:01:00:00:0e:daCertificate

Extended Key Usages

Key Usages

4f:ec:aa:5b:00:01:00:00:00:09Certificate

Key Usages

4c:9a:28:af:00:00:00:00:00:08Certificate

Key Usages

7f:ba:7c:fe:6c:73:f5:a3:4e:d4:5f:85:79:77:2f:02:51:69:b5:bfSigner

Headers

DLL Characteristics

File Characteristics

Imports

gnsdk_sdkmanager

kernel32

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 32KB - Virtual size: 35KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 13KB - Virtual size: 13KB

fca56812962689d834a775d1be247639

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 36KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 84KB

UPX1
Size: 43KB - Virtual size: 44KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 5KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:15:4b:5a:c5:a7
Certificate

04:00:00:00:00:01:28:1f:ce:1a:a2
Certificate

48:d1:77:45:00:01:00:00:0e:da
Certificate

4f:ec:aa:5b:00:01:00:00:00:09
Certificate

4c:9a:28:af:00:00:00:00:00:08
Certificate

7f:ba:7c:fe:6c:73:f5:a3:4e:d4:5f:85:79:77:2f:02:51:69:b5:bf
Signer

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 32KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB