0b5a1d866406a4b49ae68ea19b2d63e8

Sharing

Copy URL

Twitter E-mail

General

Target

0b5a1d866406a4b49ae68ea19b2d63e8
Size

399KB
MD5

0b5a1d866406a4b49ae68ea19b2d63e8
SHA1

564a4e133f469f84356ca12a434217ffcd0b8c18
SHA256

4b9b8a379f9c8ba1a0d796ccd15b9d6702f8235fe9c695073a4cc5a72eda5e16
SHA512

9113377402338539ebc50ac3dd713dec2a7df90d3c778d90b3845068ecc22965ddecad6b6d6d11d014bc6f60855a07e681279db94e053abd6dd2517e7daf652e
SSDEEP

6144:OOIGqa238ds1va2ZV/9zswpDnfoyr1X0Npc5VzouSkGbvg3W7haZTs:OOJWBa6zf5Qyp8CDzo/nhsTs

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/梦幻精灵-2.4.0.0版/梦幻精灵.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/梦幻精灵-2.4.0.0版/ocx/COMCAT.DLL
unpack001/梦幻精灵-2.4.0.0版/梦幻精灵.exe

Files

0b5a1d866406a4b49ae68ea19b2d63e8
.rar
梦幻精灵-2.4.0.0版/Data/db.mdb
梦幻精灵-2.4.0.0版/ocx/COMCAT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

kernel32

GetModuleFileNameA
lstrlenA
GlobalAlloc
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetUserDefaultLCID
IsBadWritePtr
GlobalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
梦幻精灵-2.4.0.0版/梦幻精灵.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 258KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
梦幻精灵-2.4.0.0版/软件说明.txt

Sharing

General

Malware Config

Signatures

Files

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 1024B - Virtual size: 906B

Headers

File Characteristics

Sections

.text Size: 258KB - Virtual size: 1.5MB

.data Size: 512B - Virtual size: 92KB

.rsrc Size: 12KB - Virtual size: 24KB

.aspack Size: 8KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 1024B - Virtual size: 906B

.text
Size: 258KB - Virtual size: 1.5MB

.data
Size: 512B - Virtual size: 92KB

.rsrc
Size: 12KB - Virtual size: 24KB

.aspack
Size: 8KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB