3f611c1954a288f3e7ae7d2a0d9f48b2

Sharing

Copy URL Twitter E-mail

General

Target

3f611c1954a288f3e7ae7d2a0d9f48b2
Size

1.6MB
MD5

3f611c1954a288f3e7ae7d2a0d9f48b2
SHA1

b3be398f88bc4275bb4b8a7421ff8e7ddc7ee666
SHA256

e588cc2740cb5a07112ba7bab1e8b67a44f469c5839c6ec94bd752a8eafd6aac
SHA512

18c220ee8f29beb0321c605cab1f7a764503e5def7ce9539c826b0063981c6a9f6b803fdd477b147530bc0adec755a7ec41c2213d35095974d319a7369e46d33
SSDEEP

49152:sv8Abjg7h95GgIUP2Lh3cTtu80C4MRIHO:svnbM7hTG/Y2d3QtudCbIHO

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/glow.dll	aspack_v212_v242
static1/unpack001/main.exe	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/glow.dll
unpack001/hook.dll
unpack001/main.exe
unpack001/mumsg.dll
unpack001/ogg.dll

Files

3f611c1954a288f3e7ae7d2a0d9f48b2
.rar
config.ini
glow.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hook.dll
.dll windows:4 windows x86 arch:x86

dba0a86efaee463117715392def45ec2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowsHookExA
MessageBoxA
UnhookWindowsHookEx
ChangeDisplaySettingsA
GetForegroundWindow
GetWindowTextA
GetMenu
SetWindowTextA
GetWindowLongA
ShowCursor
AdjustWindowRectEx
SetWindowPos
SendMessageA
CallNextHookEx
SetWindowLongA
CallWindowProcA
ShowWindow
KillTimer

kernel32

GetEnvironmentStringsW
GetModuleHandleA
InterlockedDecrement
GetStringTypeW
InterlockedIncrement
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetStringTypeA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar

Exports

Exports

About

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARD_DA
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 142.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
message.wtf
mumsg.dll
.dll windows:4 windows x86 arch:x86

6bdd810e99dea218ea8ba34db49abd74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
MessageBoxA

kernel32

HeapDestroy
GetVersionExA
RtlUnwind
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
ReadFile
HeapFree
CloseHandle
InitializeCriticalSection
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
SetEndOfFile
HeapCreate
VirtualFree
WriteFile
SetStdHandle
SetFilePointer
VirtualAlloc
HeapReAlloc
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

??0CMsg@@QAE@XZ
??1CMsg@@QAE@XZ
??4CMsg@@QAEAAV0@ABV0@@Z
?DataFileLoadVer01@CMsg@@AAEXPAU_iobuf@@@Z
?Get@CMsg@@QAEPADH@Z
?LoadWTF@CMsg@@QAEXPAD@Z
?XorBuffer@CMsg@@AAEXPADH@Z
?fnMsg@@YAHXZ
?lMsgFree@CMsg@@AAEXXZ
?lMsgListAdd@CMsg@@AAEHHPAE@Z
?lMsgListInit@CMsg@@AAEHXZ
?lMsgListNew@CMsg@@AAEPAUMSG_STRUCT@@XZ
?lMsgListPrint@CMsg@@QAEXXZ
?nMsg@@3HA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ogg.dll
.dll windows:4 windows x86 arch:x86

6735c42b0686b3434395406c0333d3d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

ogg_packet_clear
ogg_page_bos
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_init
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writeclear
oggpack_writeinit

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 22KB - Virtual size: 40KB

.rdata Size: 3KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.dat Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

dba0a86efaee463117715392def45ec2

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

SHARD_DA Size: 4KB - Virtual size: 28B

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

.text Size: 1.3MB - Virtual size: 142.5MB

.rsrc Size: 1024B - Virtual size: 12KB

.idata Size: 1024B - Virtual size: 1.5MB

.rdata Size: 4KB - Virtual size: 8KB

.dat Size: 13KB - Virtual size: 16KB

.adata Size: - Virtual size: 4KB

6bdd810e99dea218ea8ba34db49abd74

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

6735c42b0686b3434395406c0333d3d6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 40KB

.rdata
Size: 3KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.dat
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

SHARD_DA
Size: 4KB - Virtual size: 28B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1.3MB - Virtual size: 142.5MB

.rsrc
Size: 1024B - Virtual size: 12KB

.idata
Size: 1024B - Virtual size: 1.5MB

.rdata
Size: 4KB - Virtual size: 8KB

.dat
Size: 13KB - Virtual size: 16KB

.adata
Size: - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB