26887e05fe738301d386543f4c270ba4

Sharing

Copy URL

Twitter E-mail

General

Target

26887e05fe738301d386543f4c270ba4
Size

2.5MB
MD5

26887e05fe738301d386543f4c270ba4
SHA1

a2f530a0061a022b73ec1a8a9ae7994fc7864145
SHA256

46d50a60519be7018ff2596532d29d16a9a926bc85e6c0f03cd16e77d18bb579
SHA512

e54f8a735e53aca6e03465bb298a2f2b7abd3686ad27f8f5ca4fef4eaf789f5576b195febc3cf3af75eaf672b88fd265c8dfa3a4b451f8e3454acb8a96592abb
SSDEEP

49152:sEfSNWlOT5WX/qZR6JQhAaXkbmVCxVgRgp6RjxdRRENFqGrkFC/oS:VSNWhXiZo1aUKVCxppu7INFqG2CAS

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/PhotoDream_ha/appface.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/PhotoDream_ha/appface.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PhotoDream_ha/appface.dll
unpack001/PhotoDream_ha/iis.dll
unpack001/PhotoDream_ha/soft2cn汉化说明.exe
unpack001/PhotoDream_ha/智库绿化程序.exe

Files

26887e05fe738301d386543f4c270ba4
.rar
PhotoDream_ha/@收藏！.cmd.lnk
.lnk
PhotoDream_ha/Help.CHM
.chm
PhotoDream_ha/appface.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BkCreate
BkDelete
BkDraw
SkinRemove
SkinStart
SkinStartW
SkinThread
SkinWindowSet
SkinWindowSetEx
SkinWindowSetExW

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PhotoDream_ha/iis.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

1
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CanBeDel
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PhotoDream_ha/pic/Thumbs.db
PhotoDream_ha/pic/amazing/1.ssl
PhotoDream_ha/pic/amazing/10.ssl
PhotoDream_ha/pic/amazing/2.ssl
PhotoDream_ha/pic/amazing/3.ssl
PhotoDream_ha/pic/color/1.ssl
PhotoDream_ha/pic/color/2.ssl
PhotoDream_ha/pic/dreama/1.ssl
PhotoDream_ha/pic/dreama/10.ssl
PhotoDream_ha/pic/dreama/2.ssl
PhotoDream_ha/pic/dreamb/1.ssl
PhotoDream_ha/pic/dreamb/10.ssl
PhotoDream_ha/pic/dreamb/2.ssl
PhotoDream_ha/pic/dreamb/3.ssl
PhotoDream_ha/pic/edgea/1.ssl
PhotoDream_ha/pic/edgea/10.ssl
PhotoDream_ha/pic/edgea/2.ssl
PhotoDream_ha/pic/edgea/3.ssl
PhotoDream_ha/pic/edgeb/1.ssl
PhotoDream_ha/pic/edgeb/10.ssl
PhotoDream_ha/pic/edgeb/2.ssl
PhotoDream_ha/pic/edgeb/3.ssl
PhotoDream_ha/pic/gradient/1.ssl
PhotoDream_ha/pic/gradient/10.ssl
PhotoDream_ha/pic/gradient/2.ssl
PhotoDream_ha/pic/gradient/3.ssl
PhotoDream_ha/pic/lighta/1.ssl
PhotoDream_ha/pic/lighta/10.ssl
PhotoDream_ha/pic/lighta/2.ssl
PhotoDream_ha/pic/lighta/3.ssl
PhotoDream_ha/pic/lightb/1.ssl
PhotoDream_ha/pic/lightb/10.ssl
PhotoDream_ha/pic/lightb/2.ssl
PhotoDream_ha/pic/lightc/1.ssl
PhotoDream_ha/pic/lightc/10.ssl
PhotoDream_ha/pic/lightc/2.ssl
PhotoDream_ha/pic/lightc/3.ssl
PhotoDream_ha/pic/star/1.ssl
PhotoDream_ha/pic/star/10.ssl
PhotoDream_ha/pic/star/2.ssl
PhotoDream_ha/pic/star/3.ssl
PhotoDream_ha/pic/texture/1.ssl
PhotoDream_ha/pic/texture/10.ssl
PhotoDream_ha/pic/texture/2.ssl
PhotoDream_ha/pic/texture/3.ssl
PhotoDream_ha/pic/weather/1.ssl
PhotoDream_ha/pic/weather/10.ssl
PhotoDream_ha/pic/weather/2.ssl
PhotoDream_ha/pic/weather/3.ssl
PhotoDream_ha/sample/sample.html
.html
PhotoDream_ha/soft2cn汉化说明.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HH_By_Soft2CN
RefreshDesktop

Sections

.Ray
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ray
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ray
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PhotoDream_ha/使用教程.txt
PhotoDream_ha/智库绿化程序.exe
.exe windows:4 windows x86 arch:x86

d0f4249daabc77e00509a298ecc7633b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 424KB

UPX1 Size: 236KB - Virtual size: 236KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

1 Size: 488KB - Virtual size: 488KB

2 Size: 8KB - Virtual size: 8KB

3 Size: 4KB - Virtual size: 4KB

4 Size: 12KB - Virtual size: 12KB

5 Size: 40KB - Virtual size: 40KB

6 Size: 36KB - Virtual size: 36KB

7 Size: 16KB - Virtual size: 16KB

8 Size: 4KB - Virtual size: 4KB

CanBeDel Size: 20KB - Virtual size: 20KB

Headers

File Characteristics

Exports

Exports

Sections

.Ray Size: - Virtual size: 104KB

.Ray Size: 38KB - Virtual size: 40KB

.Ray Size: 15KB - Virtual size: 16KB

d0f4249daabc77e00509a298ecc7633b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 424KB

UPX1
Size: 236KB - Virtual size: 236KB

.rsrc
Size: 3KB - Virtual size: 4KB

1
Size: 488KB - Virtual size: 488KB

2
Size: 8KB - Virtual size: 8KB

3
Size: 4KB - Virtual size: 4KB

4
Size: 12KB - Virtual size: 12KB

5
Size: 40KB - Virtual size: 40KB

6
Size: 36KB - Virtual size: 36KB

7
Size: 16KB - Virtual size: 16KB

8
Size: 4KB - Virtual size: 4KB

CanBeDel
Size: 20KB - Virtual size: 20KB

.Ray
Size: - Virtual size: 104KB

.Ray
Size: 38KB - Virtual size: 40KB

.Ray
Size: 15KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB