1fb8ba2c41ec25b1632022e66a6a0f83

Sharing

Copy URL Twitter E-mail

General

Target

1fb8ba2c41ec25b1632022e66a6a0f83
Size

398KB
MD5

1fb8ba2c41ec25b1632022e66a6a0f83
SHA1

e5ca521a2b8ecfc194be9a70afe81441a5b71419
SHA256

8288efd490ada6023132216278cca2e425ffacb428cabc2c964c3b1c60a0ab30
SHA512

7a48b6ba1fc151cb2f4bc14ee306b6d1f174c89b248fb73ea09bf3ba18287e4bf6ae14ea243eb9e993c69ddfdc316b95ea8b462bf59436fe6ec4b648777eb400
SSDEEP

6144:keKYrvAbq65ne1hCHIbudor6QqZQt6G+R1YmLSeqdr841sjntE:R/vy5eGIRjqZSH+omLSJr841sRE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/POWERDLL.dll	acprotect
static1/unpack001/POWERDLL2.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Demo1.exe	upx
static1/unpack001/POWERDLL.dll	upx
static1/unpack001/POWERDLL2.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Demo1.exe
unpack001/POWERDLL.dll
unpack001/POWERDLL2.dll
unpack004/out.upx

Files

1fb8ba2c41ec25b1632022e66a6a0f83
.rar
Demo/Demo1/Clean.bat
Demo/Demo1/Demo1.cfg
Demo/Demo1/Demo1.dof
Demo/Demo1/Demo1.dpr
Demo/Demo1/Demo1.res
Demo/Demo1/MainUnit.ddp
Demo/Demo1/MainUnit.dfm
Demo/Demo1/MainUnit.pas
Demo/Demo1/POWERDLL.pas
Demo/Demo1/POWERDLL.pas.bak
Demo/Demo2/Clean.bat
Demo/Demo2/Demo2.cfg
Demo/Demo2/Demo2.dof
Demo/Demo2/Demo2.dpr
Demo/Demo2/Demo2.res
Demo/Demo2/MainUnit.ddp
Demo/Demo2/MainUnit.dfm
Demo/Demo2/MainUnit.pas
Demo/下载说明.htm
.html .js polyglot
Demo1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
POWERDLL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddHotKey
AddMuter
AddToFile
AppendText
AutoRun
BmpToJpg
ChangeExeIcon
CheckParentProc
CheckState
ClearCmosPassword
CloseWindow
CreateLnk
CreateLnk2
DESDecryStr
DESEncryStr
DefaultAll
DefaultIE
DeleteDir
DeleteMe
DeleteRegValue
DownloadFile
DriveType
ExitWindows
FileCopy
FindProcess
FunctionDeclare
FunctionList
FunctionType
GetCPUID
GetCursorPosText
GetDateTime
GetDiskNumber
GetFileSize
GetIPAddress
GetOSInfo
GetProcessFilePath
GetScreen
GetScreenWH
GetSysDir
GetWinDir
HideDesktop
HideHarddisk
HideTaskbar
InstallIcon
IsWin32
JpgToBmp
KillPopup
KillProcess
LinkTxtType
LoadFromFile
LockFile
LockReg
MD5File
MD5String
OpenCDROM
POWERDLLAbout
PlayMusic
RegActiveX
RunFile
SendEMail
SetFileTime
SetRegValue
SetWallPaper
ShutDown
StreamCompression
StreamDecompression
WriteReg

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
POWERDLL.txt
POWERDLL2.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddHotKey
AddMuter
AddToFile
AppendText
AutoRun
ChangeExeIcon
CheckParentProc
CheckState
ClearCmosPassword
CloseWindow
CreateLnk
CreateLnk2
DESDecryStr
DESEncryStr
DefaultAll
DefaultIE
DeleteDir
DeleteMe
DeleteRegValue
DownloadFile
DriveType
ExitWindows
FileCopy
FindProcess
FunctionDeclare
FunctionList
FunctionType
GetCPUID
GetCursorPosText
GetDateTime
GetDiskNumber
GetFileSize
GetIPAddress
GetOSInfo
GetProcessFilePath
GetScreen
GetScreenWH
GetSysDir
GetWinDir
HideDesktop
HideHarddisk
HideTaskbar
InstallIcon
IsWin32
KillPopup
KillProcess
LinkTxtType
LoadFromFile
LockFile
LockReg
MD5File
MD5String
OpenCDROM
POWERDLLAbout
PlayMusic
RegActiveX
RunFile
SendEMail
SetFileTime
SetRegValue
SetWallPaper
ShutDown
StreamCompression
StreamDecompression
WriteReg

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 292KB

UPX1 Size: 165KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 220KB

UPX1 Size: 134KB - Virtual size: 136KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 176KB

UPX1 Size: 92KB - Virtual size: 92KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 196KB - Virtual size: 196KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 8KB

.idata Size: 6KB - Virtual size: 5KB

.edata Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.rsrc Size: 6KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 292KB

UPX1
Size: 165KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 220KB

UPX1
Size: 134KB - Virtual size: 136KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 176KB

UPX1
Size: 92KB - Virtual size: 92KB

.rsrc
Size: 3KB - Virtual size: 4KB

CODE
Size: 196KB - Virtual size: 196KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 6KB - Virtual size: 5KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 6KB - Virtual size: 6KB