3cfc10ca26e925320d770f7080d4754e

Sharing

Copy URL Twitter E-mail

General

Target

3cfc10ca26e925320d770f7080d4754e
Size

50KB
MD5

3cfc10ca26e925320d770f7080d4754e
SHA1

01c8c4490a4624c0f6641a3041a7d6d4c76ad7fe
SHA256

dc4afac94d342e8db69a90fec086ed6c2f24b0fe5f917492ee31871e95555314
SHA512

cefec54e7e89aafa4da10a9623956acd40b47b6a07cd3bf80e4e3e0d1c8a98202e77b7b625e56aa07d70954a36d5c88d6c5872543487cc653de56804cacaf841
SSDEEP

768:7mnhtcwB/KNc1Ht3lUihQixXgjbYOUTl04kENMAhzhwo8jCov84ihJbST8ypK8a4:QhSwOAXzWkXmTWMN1Cov8LJbE1aW4aX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Pitaschio_v223_HX/Pitaschio.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Pitaschio_v223_HX/Pitaschio.exe
unpack002/out.upx
unpack001/Pitaschio_v223_HX/pitadll.dll

Files

3cfc10ca26e925320d770f7080d4754e
.rar
Pitaschio_v223_HX/Ignore.txt
Pitaschio_v223_HX/Pitaschio.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Pitaschio_v223_HX/licence.txt
Pitaschio_v223_HX/pitadll.dll
.dll windows:4 windows x86 arch:x86

98a7e6f965b6892ebebacf378f9eaa3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ReleaseCapture
LoadCursorA
DefWindowProcA
GetCursorPos
WindowFromPoint
SetFocus
SetForegroundWindow
BringWindowToTop
GetWindowThreadProcessId
UnhookWindowsHookEx
InvalidateRect
SetCapture
GetDoubleClickTime
CallNextHookEx
GetAsyncKeyState
CreateWindowExA
RegisterClassA
ShowWindow
LoadIconA
GetClassInfoExA
SetSystemCursor
CopyIcon
CallWindowProcA
SystemParametersInfoA
SetLayeredWindowAttributes
RedrawWindow
SetWindowLongA
SetWindowsHookExA
MessageBoxA
RegisterWindowMessageA
FindWindowExA
GetDesktopWindow
GetSystemMetrics
IsWindowVisible
GetActiveWindow
EnumChildWindows
MonitorFromPoint
GetMonitorInfoA
EnumWindows
GetWindowTextA
GetClassNameA
IsZoomed
IsIconic
CopyRect
GetParent
GetClientRect
GetWindowRect
PostMessageA
keybd_event
ExitWindowsEx
GetWindowLongA
ScreenToClient
OffsetRect
MoveWindow
SendMessageA
SetCursor
SetWindowPos
SetCursorPos

winmm

mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerOpen
mixerGetDevCapsA

psapi

GetModuleFileNameExA

shlwapi

StrRChrA

mfc42

ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord5307
ord540
ord4160
ord800
ord1168
ord1146
ord2725
ord3953
ord825
ord561
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord1116
ord4698
ord4079
ord5302
ord5300
ord3346
ord6467
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396

msvcrt

__dllonexit
system
_sleep
__CxxFrameHandler
strstr
strncmp
time
_CIpow
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
_EH_prolog
??2@YAPAXI@Z
sprintf

kernel32

GetTickCount
OpenProcess
lstrcmpA
GetModuleFileNameA
FormatMessageA
lstrlenA
LocalAlloc
LocalFree
CreateProcessA
CloseHandle
GetLastError
GetCurrentProcess
SetSystemPowerState

gdi32

GetStockObject

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA

Exports

Exports

GetMouseCutCmd
GetStatKeyboard
GetStatMouse
GetStatMouseMove
GetStatTotalTime
GetUnAvailable
SetAllowOut
SetAllowSnap
SetAllowSnapInside
SetAllowTaskBar
SetAlpha
SetAutoArrange
SetDeskIconText
SetDeskIconTextBk
SetDeskIconTextColor
SetDisableClose
SetDisableKeyAlt
SetDisableKeyCaps
SetDisableKeyF1
SetDisableKeyHankaku
SetDisableKeyIns
SetDisableKeyKana
SetDisableKeyMenu
SetDisableKeyWin
SetDisableMax
SetDisableMin
SetExpRename
SetExpUp
SetHook
SetIgnore
SetIgnoreExe
SetIgnoreKeyboard
SetIgnoreMouse
SetMouseCut
SetRedirect
SetRedirectActive
SetShowDesk
SetSizeExt
SetSnap
SetSoftLaser
SetStatKeyboard
SetStatMouse
SetStatMouseMove
SetStatTotalTime
SetTaskTray
SetTransparent
SetUnAvailable
SetVD
SetVolume
SetVolumeDelta
SetnIgnore
SetnIgnoreExe
StatClear
UnSetHook

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PITA
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pitaschio_v223_HX/readme_en.txt
Pitaschio_v223_HX/新云软件.url
.url
Pitaschio_v223_HX/汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

98a7e6f965b6892ebebacf378f9eaa3b

Headers

File Characteristics

Imports

user32

winmm

psapi

shlwapi

mfc42

msvcrt

kernel32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 5KB

.PITA Size: 192KB - Virtual size: 188KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 5KB

.PITA
Size: 192KB - Virtual size: 188KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB