3d2153841087a872ff2f5d187105004b

Sharing

Copy URL Twitter E-mail

General

Target

3d2153841087a872ff2f5d187105004b
Size

816KB
MD5

3d2153841087a872ff2f5d187105004b
SHA1

07945e20920023fac8b2bab0ece5512929936570
SHA256

400b7c2df8ca6f8d76701354f56b024d35f165055c9f202ec0439fda96047154
SHA512

c5626e6ce1fde7352f84f793a737acc230aa5a7798741b7fdda0bfd955f07db5020ace98e41602154ea4563c4b547e4c627ac66944875fe76330661cae38da19
SSDEEP

24576:pTeQNsE6lQMKUauDFWP184wKoUYfG0oSnxWiyol:M1QbfuFi7wu/SnxWyl

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/jwtss/Online.dll	aspack_v212_v242

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jwtss/Online.dll
unpack001/jwtss/StartAgent.exe
unpack001/jwtss/舞步编辑工具/SetPas.exe

Files

3d2153841087a872ff2f5d187105004b
.rar
jwtss/Ctrl.ini
jwtss/Error.wav
jwtss/Language.ini
jwtss/Online.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstallShellHook
UninstallShellHook

Sections

Size: 128KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6657
Size: 142KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jwtss/Set.ini
jwtss/StartAgent.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 122KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6657
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jwtss/Version.rec
jwtss/舞步编辑工具/Pas/H.O.T步.8K
jwtss/舞步编辑工具/Pas/MM步.8K
jwtss/舞步编辑工具/Pas/侧身步.8K
jwtss/舞步编辑工具/Pas/地板诱惑.8K
jwtss/舞步编辑工具/Pas/怪态步.8K
jwtss/舞步编辑工具/Pas/慢步.8K
jwtss/舞步编辑工具/Pas/摇头步.8K
jwtss/舞步编辑工具/Pas/木偶步.8K
jwtss/舞步编辑工具/Pas/机械步.8K
jwtss/舞步编辑工具/Pas/死步.8K
jwtss/舞步编辑工具/Pas/淑女步.8K
jwtss/舞步编辑工具/Pas/炫步.4k
jwtss/舞步编辑工具/Pas/绚烂舞步.8K
jwtss/舞步编辑工具/Pas/诱惑步.8K
jwtss/舞步编辑工具/Pas/蹲蹲步.8K
jwtss/舞步编辑工具/Pas/转转舞.8K
jwtss/舞步编辑工具/Pas/迈克步.8K
jwtss/舞步编辑工具/Pas/随心步.8K
jwtss/舞步编辑工具/Pas/露背舞.8K
jwtss/舞步编辑工具/Pas/飞舞玲玲.8K
jwtss/舞步编辑工具/SetPas.exe
.exe windows:4 windows x86 arch:x86

c718030697dd12194e9591bebfbb6764

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
IsBadWritePtr
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
TerminateProcess
GetFileType
HeapAlloc
HeapFree
FindNextFileW
RtlUnwind
ExitProcess
GetStartupInfoW
GetTickCount
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFindAtomW
LoadLibraryA
lstrcatW
GetVersionExA
InterlockedDecrement
GetLastError
FormatMessageW
lstrcpynW
LocalFree
GlobalFree
FreeResource
CloseHandle
GlobalAddAtomW
GlobalUnlock
MulDiv
GetModuleHandleA
SetLastError
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleFileNameW
VirtualAlloc
VirtualFree
GetCPInfo
lstrlenA
lstrlenW
lstrcmpiW
GetVersion
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP

user32

SetParent
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
CharUpperW
ReleaseCapture
LoadCursorW
SetCapture
KillTimer
SetTimer
SetRectEmpty
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PtInRect
UnhookWindowsHookEx
GetMenuStringW
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
EndDialog
SetMenuItemBitmaps
GetFocus
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetLastActivePopup
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
PostQuitMessage
GetMenuItemInfoW
SystemParametersInfoW
GetSysColorBrush
DrawIconEx
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
ModifyMenuW
RegisterClipboardFormatW
LockWindowUpdate
GetDCEx
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuW
CreatePopupMenu
CreateMenu
DrawEdge
LoadBitmapW
SetRect
DestroyCursor
LoadImageW
GetSysColor
GetIconInfo
GetDC
CreateIconIndirect
ReleaseDC
GetClassInfoW
PostMessageW
SetCursor
IsMenu
DestroyIcon
GetWindowLongW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
DrawFocusRect
FrameRect
OffsetRect
InflateRect
CopyRect
DrawStateW
GetWindowRect
SetWindowRgn
FillRect
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
IsIconic
SendMessageW
DrawIcon
UnregisterClassW

gdi32

ExtSelectClipRgn
CreatePatternBrush
SetRectRgn
GetMapMode
DPtoLP
StretchDIBits
GetCharWidthW
CreateFontW
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
CreateDIBSection
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextExtentPoint32W
PatBlt
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreateSolidBrush
Ellipse
GetBkMode
GetDeviceCaps
CreateFontIndirectW
CreatePen
GetObjectW
GetPixel
SetPixel
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
GetStockObject
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
FrameRgn
FillRgn
PtInRegion
CombineRgn
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

shell32

ShellExecuteExW

comctl32

ImageList_GetImageCount
ord17
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_Destroy
ImageList_Create
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
CoGetClassObject
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRevokeClassObject

oleaut32

SysFreeString
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 128KB - Virtual size: 268KB

Size: 64KB - Virtual size: 64KB

Size: 8KB - Virtual size: 36KB

Size: 4KB - Virtual size: 4KB

.rsrc Size: 14KB - Virtual size: 48KB

Size: 13KB - Virtual size: 44KB

.6657 Size: 142KB - Virtual size: 144KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 122KB - Virtual size: 248KB

Size: 23KB - Virtual size: 60KB

Size: 8KB - Virtual size: 32KB

.rsrc Size: 13KB - Virtual size: 48KB

.6657 Size: 165KB - Virtual size: 168KB

.adata Size: - Virtual size: 4KB

c718030697dd12194e9591bebfbb6764

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 52KB - Virtual size: 49KB

.rsrc
Size: 14KB - Virtual size: 48KB

.6657
Size: 142KB - Virtual size: 144KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 13KB - Virtual size: 48KB

.6657
Size: 165KB - Virtual size: 168KB

.adata
Size: - Virtual size: 4KB

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 52KB - Virtual size: 49KB