1d9e0d7078e56d1803e062afd5b6449a

Sharing

Copy URL Twitter E-mail

General

Target

1d9e0d7078e56d1803e062afd5b6449a
Size

16.8MB
MD5

1d9e0d7078e56d1803e062afd5b6449a
SHA1

5e91f135850f8a011e224b48681f891ae82aaa23
SHA256

4d74172c94bd1ce00ef93856c202a8a1ef0ceb60465c8614d740fea80fdd6056
SHA512

1a93a6e64d405fdb51bd674240c879a08f28016ecd17bac477f9a26975431555ef7d3f3d96e3e4e5c2e193f36c65bdfca3c137f81756601b190e94a226598384
SSDEEP

393216:i4Os2miTFRV0FeIFVQRaVVxkOuWVtdnfzlog++ghlYMFs:QqnwIFa2IiLWvPs

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/BMP.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BMP.exe
unpack001/setup_blazemp.exe

Files

1d9e0d7078e56d1803e062afd5b6449a
.rar
BMP.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup_blazemp.exe
.exe windows:4 windows x86 arch:x86

2504766638fe11b4c0e06283c1d3235c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateThread
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
CompareStringA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
lstrlenA
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
FormatMessageA
LocalFree
FormatMessageW
SetFileAttributesA
RemoveDirectoryA
SetCurrentDirectoryA
GetWindowsDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
GetShortPathNameW
GetShortPathNameA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
SetLastError
FindFirstFileW
FindNextFileA
CreateFileA
CreateFileW
GetFileSize
SetFilePointer
ReadFile
SetFileTime
WriteFile
SetEndOfFile
CreateEventA
EnterCriticalSection
LeaveCriticalSection
Sleep
GetCommandLineW
CreateProcessA
GetExitCodeProcess
IsBadReadPtr
SetUnhandledExceptionFilter
RaiseException
GetSystemInfo
VirtualProtect
GetLocaleInfoA
IsBadCodePtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
RtlUnwind
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess

user32

PostMessageA
ShowWindow
DestroyWindow
KillTimer
SetTimer
SetDlgItemTextA
EndDialog
IsDlgButtonChecked
GetDlgItem
MessageBoxW
DialogBoxParamA
GetDesktopWindow
SetForegroundWindow
GetWindowLongA
SetWindowLongA
SetWindowTextW
GetWindowTextA
GetWindowTextLengthA
SetWindowTextA
SendMessageA
LoadStringW
LoadStringA
CharPrevA

oleaut32

VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 6.3MB

.data Size: 1KB - Virtual size: 2.8MB

.rsrc Size: 143KB - Virtual size: 1.7MB

.idata Size: 1KB - Virtual size: 28KB

.aspack Size: 173KB - Virtual size: 176KB

.adata Size: - Virtual size: 4KB

2504766638fe11b4c0e06283c1d3235c

Headers

File Characteristics

Imports

comctl32

kernel32

user32

oleaut32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 3KB - Virtual size: 26KB

.rsrc Size: 108KB - Virtual size: 107KB

.text
Size: 1.2MB - Virtual size: 6.3MB

.data
Size: 1KB - Virtual size: 2.8MB

.rsrc
Size: 143KB - Virtual size: 1.7MB

.idata
Size: 1KB - Virtual size: 28KB

.aspack
Size: 173KB - Virtual size: 176KB

.adata
Size: - Virtual size: 4KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 3KB - Virtual size: 26KB

.rsrc
Size: 108KB - Virtual size: 107KB