2366d8e84b04e3b297bf1ac39b97d422

Sharing

Copy URL

Twitter E-mail

General

Target

2366d8e84b04e3b297bf1ac39b97d422
Size

353KB
MD5

2366d8e84b04e3b297bf1ac39b97d422
SHA1

2a5b83da56ce8fac8a2262a1234c84da0af6ea71
SHA256

b1ebb8a39d5ff37da77206816d3cc10d1ef2bf2f240467805c5564391b5d53d8
SHA512

74d7bcb699fd9ed1506be7eb0bcb5a4c7500fe766c2acbfb951c0097ba9e1e9f86f18ebe11e6350882918ae70b74e160dc0637342a27007b5abce80990e96aa6
SSDEEP

6144:OBTthnmqzDRgPhvlo0yVKYSySPkNgOUjlDSmgNiBaZ36mVzVRpq:OrhbDRgPhv+3VkySPkUjlWH97npq

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/梦幻精灵.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ocx/COMCAT.DLL
unpack001/梦幻精灵.exe

Files

2366d8e84b04e3b297bf1ac39b97d422
.rar
Data/db.mdb
Data/新云软件.url
.url
ocx/COMCAT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

kernel32

GetModuleFileNameA
lstrlenA
GlobalAlloc
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetUserDefaultLCID
IsBadWritePtr
GlobalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
梦幻精灵.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 227KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
软件说明.txt

Sharing

General

Malware Config

Signatures

Files

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 1024B - Virtual size: 906B

Headers

File Characteristics

Sections

.text Size: 227KB - Virtual size: 1.4MB

.data Size: 512B - Virtual size: 88KB

.rsrc Size: 512B - Virtual size: 8KB

.aspack Size: 8KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 1024B - Virtual size: 906B

.text
Size: 227KB - Virtual size: 1.4MB

.data
Size: 512B - Virtual size: 88KB

.rsrc
Size: 512B - Virtual size: 8KB

.aspack
Size: 8KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB