28fe897cc6a2e0c4084737784f716aaf

Sharing

Copy URL Twitter E-mail

General

Target

28fe897cc6a2e0c4084737784f716aaf
Size

513KB
MD5

28fe897cc6a2e0c4084737784f716aaf
SHA1

9d1374cb2e0675083c4fff01d72ad36dba6aac85
SHA256

298c23868953f13674908955b1d70fe698938c71b0c3f37fb02064a68bd958c0
SHA512

b114096583d2c56c09d13c28ebc69e3d206571e828bc5b010a7977cbd8da444218c26841b6123c7ba6b1d55c7974d300a7b56fc20e35ccac177420830cae720e
SSDEEP

12288:mEpAQrK22VwyzRpb1AR92DzDyCbPILr5dc0lp0Ca+TEqKl:mEpg7bSGzDfPcjkCa+TEJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PClient.exe
unpack003/PServer.exe

Files

28fe897cc6a2e0c4084737784f716aaf
.rar
195212052/About.dcu
195212052/About.ddp
195212052/About.dfm
195212052/About.pas
195212052/About.~ddp
195212052/About.~dfm
195212052/About.~pas
195212052/Client.dcu
195212052/Client.ddp
195212052/Client.dfm
195212052/Client.pas
195212052/Client.~ddp
195212052/Client.~dfm
195212052/Client.~pas
195212052/Connect.dcu
195212052/Connect.ddp
195212052/Connect.dfm
195212052/Connect.pas
195212052/Connect.~ddp
195212052/Connect.~dfm
195212052/Connect.~pas
195212052/PClient.cfg
195212052/PClient.dof
195212052/PClient.dpr
195212052/PClient.rar
.rar
PClient.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
195212052/PClient.res
195212052/PClient.~dpr
195212052/PServer.cfg
195212052/PServer.dof
195212052/PServer.dpr
195212052/PServer.rar
.rar
PServer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
195212052/PServer.res
195212052/PServer.~dpr
195212052/Server.dcu
195212052/Server.ddp
195212052/Server.dfm
195212052/Server.pas
195212052/Server.~ddp
195212052/Server.~dfm
195212052/Server.~pas
195212052/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 524KB - Virtual size: 523KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 35KB - Virtual size: 35KB

.rsrc Size: 34KB - Virtual size: 34KB

Headers

File Characteristics

Sections

CODE Size: 480KB - Virtual size: 480KB

DATA Size: 9KB - Virtual size: 8KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 33KB - Virtual size: 32KB

.rsrc Size: 32KB - Virtual size: 32KB

CODE
Size: 524KB - Virtual size: 523KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 34KB - Virtual size: 34KB

CODE
Size: 480KB - Virtual size: 480KB

DATA
Size: 9KB - Virtual size: 8KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 32KB - Virtual size: 32KB