396d860bd34085feb42d7f220adc05ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

396d860bd34085feb42d7f220adc05ce
Size

959KB
MD5

396d860bd34085feb42d7f220adc05ce
SHA1

5cf78a6993d53f13459ffeef0e46d9966287e515
SHA256

5b8f133d595b47fddd5f7b08c94112cea671c4cfdcddfa4c20705b7283178e47
SHA512

c068defe9c274d1651efbf5490821c81cc405131683d079e986824ac64873c394684169f5d48317fd298a6c179dbd538dc3b1b45100f2fa031c911e7b5ca42a0
SSDEEP

24576:OD/D2pjG2fjXjsk2zTguRc9C4EQYt3XcDmdIITTxBS4p+I47:ObD2Ak2zUGdSDmdvXSa+/

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/公路坐标计算系统.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/公路坐标计算系统.exe

Files

396d860bd34085feb42d7f220adc05ce
.rar
S型曲线例子.s
readme.txt
下载说明.htm
.html .js polyglot
公路坐标计算系统.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 297KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 575KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
圆曲线1例子.ci1
圆曲线2例子.ci2
复曲线1例子.fq1
直线例子.li
缓和曲线1例子.hq1
缓和曲线2例子.hq2