22edac5b6e5bcb0ac530035b3a54ae56

Sharing

Copy URL

Twitter E-mail

General

Target

22edac5b6e5bcb0ac530035b3a54ae56
Size

743KB
MD5

22edac5b6e5bcb0ac530035b3a54ae56
SHA1

bd1d170aae89fe463746dd5761af0bde1bd3f3ac
SHA256

38f455254142b266c253d2a155313200dbe27ed904b838d74b7a6a3cd7e7bce6
SHA512

16c9399e12e2f5a47ac3667849e1305cbdeb4a0fe8fe5405533823ad81fef78ab30d04d17c964fd9bd0d0b296a60ff6f61caf461b013bbced6369485af898f2b
SSDEEP

12288:gPQkzp8htDkoTxdUMkVI7KzsGautEoJOojg8shGmQ3qLFkeALuUIFAHi8fsHnTZr:CugyhiIWzspt2rjdupvOaAHi8f6

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/数学工具4.5.11/mathtool.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/数学工具4.5.11/font/fontsetup.exe
unpack001/数学工具4.5.11/mathtool.exe

Files

22edac5b6e5bcb0ac530035b3a54ae56
.rar
下载说明.htm
.html .js polyglot
数学工具4.5.11/font/fontsetup.exe
.exe windows:4 windows x86 arch:x86

71d70596c67e092b20f0b333150c1bda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
ord526
DllFunctionCall
_adj_fpatan
_CIsqrt
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaStrToAnsi
__vbaVarDup
ord616
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
数学工具4.5.11/font/mathtool.ttf
数学工具4.5.11/font/安装说明.txt
数学工具4.5.11/mathtool.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
数学工具4.5.11/mathtool.ico
数学工具4.5.11/下载说明.htm
.html .js polyglot
数学工具4.5.11/数学工具.dot
.doc .dot windows office2003
数学工具4.5.11/数学工具使用说明.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

71d70596c67e092b20f0b333150c1bda

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 756B

.rsrc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

.text Size: 156KB - Virtual size: 1.7MB

.data Size: 512B - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 4KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 756B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 156KB - Virtual size: 1.7MB

.data
Size: 512B - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 4KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB