3feff0e4ae9a505f50aba1b28b254220

Sharing

Copy URL

Twitter E-mail

General

Target

3feff0e4ae9a505f50aba1b28b254220
Size

240KB
MD5

3feff0e4ae9a505f50aba1b28b254220
SHA1

7872c54f2e03719af732dc03f23a75b469445d82
SHA256

4e1f992fee49a6fd5f991fe8b33d289c839ad941901e012a73f8f3957da8cb73
SHA512

348a2d5ebeca3259ac99ed46cba565a7525ffa59405106dfcfd75142baf8af5238b623be3b01e3968a6184d17337ba40ce27b5cff3a1e9921195ebce4fa201da
SSDEEP

6144:ZR1Ierg40C5kTB+Eme5MAn2YOvwrgrVnVBkBHEBAxH:ZsY0CKQExniKf

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/8UFtp智能扩展服务端/Rar.exe	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8UFtp智能扩展服务端/LaNatNdis.sys
unpack001/8UFtp智能扩展服务端/Rar.exe
unpack001/8UFtp智能扩展服务端/TFtpMangr.exe
unpack001/8UFtp智能扩展服务端/TFtpServr.exe
unpack001/8UFtp智能扩展服务端/XCPTHLR.dll

Files

3feff0e4ae9a505f50aba1b28b254220
.rar
8UFtp智能扩展服务端/FTP.INI
8UFtp智能扩展服务端/LaNatNdis.sys
.sys windows:5 windows x86 arch:x86

5ce5463bb43765b61fbd119070d7e3dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
MmMapLockedPages
IoFreeMdl
RtlCompareUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
KeTickCount
KeBugCheckEx
IofCompleteRequest
KeInitializeSpinLock
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
MmIsAddressValid
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisReadConfiguration
NdisAllocateMemory
NdisFreeMemory
NdisDeregisterProtocol
NdisRegisterProtocol

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8UFtp智能扩展服务端/Rar.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 117KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8UFtp智能扩展服务端/Rarreg.key
8UFtp智能扩展服务端/TFtpMangr.exe
.exe windows:4 windows x86 arch:x86

b6ace14a4e942f5c7a735c19e3610cee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord800
ord609
ord641
ord860
ord540
ord567
ord324
ord825
ord2358
ord2370
ord2302
ord4234
ord6334
ord4710
ord4376
ord2642
ord2582
ord4402
ord3370
ord3640
ord4853
ord693
ord3996
ord4224
ord2820
ord6907
ord3998
ord2818
ord6215
ord6199
ord2086
ord823
ord941
ord6905
ord3301
ord5981
ord2764
ord858
ord5953
ord3097
ord3147
ord939
ord537
ord922
ord924
ord4278
ord4204
ord2915
ord2645
ord3092
ord3874
ord926
ord2379
ord2363
ord5951
ord2587
ord4406
ord3729
ord804
ord4267
ord6785
ord6197
ord6379
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord1205
ord1200
ord1146
ord1168
ord4160
ord2863
ord755
ord470
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord535
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
__CxxFrameHandler
strrchr
atol
_setmbcp
_stricmp
_CxxThrowException
wcslen
sprintf
free
malloc
strncpy
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
_exit
_controlfp

kernel32

GetModuleFileNameA
LocalLock
FreeLibrary
LoadLibraryExA
GetPrivateProfileIntA
WritePrivateProfileStructA
LocalAlloc
GetFullPathNameA
GetModuleHandleA
GetStartupInfoA
lstrlenA
FormatMessageA
InterlockedDecrement
GetPrivateProfileStructA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
CloseHandle
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

GetSystemMenu
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuA
LoadIconA
EnableWindow
SendMessageA
SetForegroundWindow
wsprintfA
SetTimer
KillTimer
GetClientRect

advapi32

OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA

ole32

OleRun
CoCreateInstance

oleaut32

VariantChangeType
SysAllocString
SysFreeString
VariantClear
VariantInit
GetErrorInfo

ws2_32

socket
WSAStartup
inet_ntoa
recv
setsockopt
inet_addr
htons
closesocket
send
connect

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8UFtp智能扩展服务端/TFtpServr.exe
.exe windows:4 windows x86 arch:x86

1f0d11fedd43a7384fb7280c37e3f282

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord5307
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord922
ord1200
ord1576
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord5834
ord6394
ord6383
ord5440
ord5450
ord354
ord5186
ord6385
ord665
ord1979
ord5608
ord2448
ord3903
ord2044
ord6883
ord924
ord356
ord2770
ord2781
ord3178
ord3010
ord668
ord3811
ord3337
ord940
ord825
ord6877
ord2764
ord4277
ord4278
ord6663
ord941
ord4202
ord4129
ord6876
ord1140
ord5607
ord998
ord2107
ord5621
ord1083
ord5600
ord860
ord2841
ord541
ord501
ord2614
ord801
ord773
ord3663
ord823
ord540
ord537
ord858
ord800
ord2818
ord939
ord535
ord3831
ord1168

msvcrt

fopen
__CxxFrameHandler
_strtime
fprintf
fflush
fclose
memmove
_mbscmp
_mbsicmp
atol
??1type_info@@UAE@XZ
strstr
time
strncpy
strrchr
sprintf
_setmbcp
_stricmp
_CxxThrowException
wcslen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__p__fmode
__set_app_type
_except_handler3
atoi

kernel32

CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStructA
GetVersionExA
CreateIoCompletionPort
CreateThread
InterlockedDecrement
InterlockedCompareExchange
GetCurrentThreadId
InterlockedIncrement
InterlockedExchange
CloseHandle
UnmapViewOfFile
GetSystemInfo
CreateFileMappingA
GetLastError
CreateEventA
GetModuleFileNameA
SetEvent
LocalLock
FreeLibrary
LoadLibraryExA
FormatMessageA
DeleteFileA
SetCurrentDirectoryA
LocalAlloc
lstrlenA
WritePrivateProfileStructA
LoadLibraryA
CreateSemaphoreA
ReleaseSemaphore
CreateFileA
DeviceIoControl
GetModuleHandleA
GetStartupInfoA
DeleteCriticalSection
GetExitCodeThread
Sleep
PostQueuedCompletionStatus
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
WritePrivateProfileStringA
InitializeCriticalSection
GetExitCodeProcess
ResumeThread
CreateProcessA
TryEnterCriticalSection
WaitForSingleObject
MapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
LocalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

ole32

CoCreateInstance
OleRun
CoInitializeEx
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocString

ws2_32

select
connect
inet_addr
ioctlsocket
gethostbyname
__WSAFDIsSet
recv
send
WSAStartup
WSASocketA
WSACreateEvent
WSAEventSelect
htonl
htons
bind
listen
closesocket
WSACleanup
socket
getsockname
shutdown
WSASend
WSARecv
WSAGetLastError
inet_ntoa
WSAWaitForMultipleEvents
WSAAccept
WSAEnumNetworkEvents
setsockopt

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8UFtp智能扩展服务端/XCPTHLR.dll
.dll windows:4 windows x86 arch:x86

abeac10176138304cd8d70ddaf111fc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetSystemTime
CreateDirectoryA
GetModuleFileNameA
SetUnhandledExceptionFilter
CloseHandle
SetFilePointer
CreateFileA
GetLastError
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetCommandLineA
GetCurrentDirectoryA
GetLocalTime
WriteFile
VirtualQuery
GetCurrentThread
LocalFree
FlushFileBuffers
LCMapStringW
LCMapStringA
RtlUnwind
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
GetModuleHandleA
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW

dbghelp

SymGetTypeInfo
StackWalk
SymGetModuleBase
SymFunctionTableAccess
SymFromAddr
SymGetLineFromAddr
SymSetContext
SymEnumSymbols
SymInitialize
SymSetOptions
SymCleanup

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8UFtp智能扩展服务端/ftp.mdb
8UFtp智能扩展服务端/说明.txt

Sharing

General

Malware Config

Signatures

Files

5ce5463bb43765b61fbd119070d7e3dc

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 512B - Virtual size: 420B

.data Size: 512B - Virtual size: 84B

INIT Size: 1024B - Virtual size: 846B

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 512B - Virtual size: 412B

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 248KB

.data Size: 6KB - Virtual size: 72KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 40KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

b6ace14a4e942f5c7a735c19e3610cee

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

iphlpapi

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 28KB

1f0d11fedd43a7384fb7280c37e3f282

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 920B

abeac10176138304cd8d70ddaf111fc6

Headers

File Characteristics

Imports

kernel32

dbghelp

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 512B - Virtual size: 84B

INIT
Size: 1024B - Virtual size: 846B

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 117KB - Virtual size: 248KB

.data
Size: 6KB - Virtual size: 72KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 40KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 28KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 920B

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB