041748b817e5c30960e344e380a63442

Sharing

Copy URL

Twitter E-mail

General

Target

041748b817e5c30960e344e380a63442
Size

803KB
MD5

041748b817e5c30960e344e380a63442
SHA1

42bbe670f20dac07b9bb05a7d04f761474f27506
SHA256

37508b28d5504049eb86b5b438da64d1e4fda554ae475644aa342b04e7ace972
SHA512

572caaa4bc1cde02e441e30b7ad91a1c17d833cc11ea2e16a54210eb60cda50b8643c19c6d1a5573a11e17305ddbda81ec760e4ef09286bc6d828a8ee2ab2357
SSDEEP

12288:oweS6lcdberK3w3Jhdct+8qngDfG2AiXIkivhoZp6neYNcn0U87D70dyRE6qFQWW:klyQVZ7vgDe1kYaZ4zDoIE6SV+J

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/data/skins/skin.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/data/skins/skin.dll	upx
static1/unpack001/百度图片疯狂下载.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack003/out.upx	autoit_exe

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/data/skins/skin.dll
unpack001/百度图片疯狂下载.exe
unpack003/out.upx

Files

041748b817e5c30960e344e380a63442
.rar
data/about/about.htm
.html
data/about/logo.gif
.gif
data/advanced/advancedsearch.htm
.html
data/advanced/bottombj.htm
data/advanced/help.png
.png
data/advanced/help_hover.png
.png
data/advanced/images/diy.gif
.gif
data/advanced/title.ico
data/config/config.htm
.html
data/config/download.png
.png
data/config/title.ico
data/download/desktop/desktop.ini
data/download/desktop/slicer.ico
data/download/download_complete.wav
data/js/common.js
.js
data/js/iepngfx.js
.js
data/language/english.conf
data/language/简体中文.conf
data/main.conf
data/shutdown/shut_down.png
.png
data/shutdown/shutdown.htm
.html .js polyglot
data/skins/QQ2009.sh
data/skins/black.sh
data/skins/skin.conf
data/skins/skin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data/style/common.css
data/数据目录，请勿随意修改！
data/新云软件.url
.url
官方/作者博客.URL
官方/常见问题帮助.URL
官方/软件主页.URL
百度图片疯狂下载.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 716KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
软件截图.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 716KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 278KB - Virtual size: 280KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 281KB - Virtual size: 280KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 716KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 278KB - Virtual size: 280KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 281KB - Virtual size: 280KB