3ec7edff323c7d736ed9c6fcb79849a3

Sharing

Copy URL Twitter E-mail

General

Target

3ec7edff323c7d736ed9c6fcb79849a3
Size

79KB
MD5

3ec7edff323c7d736ed9c6fcb79849a3
SHA1

b44a24de4a553b2f9fa7024bcaf8a305179220ba
SHA256

45e2a7c3f95eeaa2399518ceb5f84f56d00a73a811440798d74924e555904e47
SHA512

0f2d19a62fa47e4f802812cbd83d45689b2bbf0ad4f19016e7fca5275f5d739b7796fef056761f55ef1cbc5556d1a7c0181a27d82224419a715d2eaa23a255a2
SSDEEP

1536:5DA8S49syd1ldNdK5S6+o4RVkc8eOvJRIxGhu9vE/kjPlVMf4:xpz9bvK5S6+NRVkcCvID9s/Oa4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/源码保护伞CodeSafe v1.0 测试版/EnWeb.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/源码保护伞CodeSafe v1.0 测试版/CodeSafe.dll
unpack001/源码保护伞CodeSafe v1.0 测试版/EnWeb.exe

Files

3ec7edff323c7d736ed9c6fcb79849a3
.rar
源码保护伞CodeSafe v1.0 测试版/CodeSafe.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetFilterVersion
HttpFilterProc
TerminateFilter

Sections

CODE
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
源码保护伞CodeSafe v1.0 测试版/EnWeb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XQ
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
源码保护伞CodeSafe v1.0 测试版/下载说明.htm
.html .js polyglot
源码保护伞CodeSafe v1.0 测试版/说明.txt
.vbs
源码保护伞CodeSafe v1.0 测试版/非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 96KB - Virtual size: 96KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 130B

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 6KB - Virtual size: 6KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 16KB - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 8KB

.XQ Size: 2KB - Virtual size: 8KB

CODE
Size: 96KB - Virtual size: 96KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 130B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 8KB

.XQ
Size: 2KB - Virtual size: 8KB