42ed429709527e7967bb2f30d365b724

Sharing

Copy URL Twitter E-mail

General

Target

42ed429709527e7967bb2f30d365b724
Size

167KB
MD5

42ed429709527e7967bb2f30d365b724
SHA1

99b9274ebacf83e6a0d4502b93a20652a5813c6f
SHA256

7befbfb869082b05cc1042a98252e9a43c9afa19ea10b971727000e0ce99cb11
SHA512

1090a28f4411595ae6ec4cc799e140e62f23cee86e9ba0dd83326882cf24f428414638cfbefbef19d3689e4a98b371ee330bad5ab9387e4c106fee76b3ea0674
SSDEEP

3072:iNpA6XCW0CK5W+V6GhnVHtOjJlO8aMcuNi/hF+yfwbZ8YX0+Cf0X:iNp3XCV5Wy5F0O8PchwpXuw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ha_HotkeyP-v4.5/HotKeyP.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_HotkeyP-v4.5/HotKeyP.exe
unpack002/out.upx
unpack001/ha_HotkeyP-v4.5/hook.dll
unpack001/ha_HotkeyP-v4.5/spy.exe

Files

42ed429709527e7967bb2f30d365b724
.rar
ha_HotkeyP-v4.5/HotKeyP.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_HotkeyP-v4.5/HotKeyP.exe.manifest
.xml
ha_HotkeyP-v4.5/HotKeyPKey.htk
ha_HotkeyP-v4.5/WhatsNew.txt
ha_HotkeyP-v4.5/help.chm
.chm
ha_HotkeyP-v4.5/hook.dll
.dll windows:4 windows x86 arch:x86

0341dd2384a2e495628b0b437c16baad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
CallNextHookEx
SendMessageA
IsWindow
FindWindowA

msvcrt

??3@YAXPAX@Z
sprintf
??2@YAPAXI@Z
strchr
strtol

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

Exports

Exports

_CallWndProc@12
_CallWndProcD@12
_GetMsgProc@12
_KeyboardProc95@12
_MouseProc95@12

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 742B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ha_HotkeyP-v4.5/language/Chinese (Simplified).lng
ha_HotkeyP-v4.5/source/Commands.cpp
ha_HotkeyP-v4.5/source/Hotkeyp.cpp
.vbs
ha_HotkeyP-v4.5/source/Hotkeyp.h
ha_HotkeyP-v4.5/source/ascdesc.bmp
ha_HotkeyP-v4.5/source/down.ico
ha_HotkeyP-v4.5/source/encrypt.obj
ha_HotkeyP-v4.5/source/hdr.h
ha_HotkeyP-v4.5/source/help.cpp
ha_HotkeyP-v4.5/source/hook.cpp
ha_HotkeyP-v4.5/source/hook.rc
ha_HotkeyP-v4.5/source/hotkeyp.rc
ha_HotkeyP-v4.5/source/ico5.ico
ha_HotkeyP-v4.5/source/ico6.ico
ha_HotkeyP-v4.5/source/ico7.ico
ha_HotkeyP-v4.5/source/ico8.ico
ha_HotkeyP-v4.5/source/icons.bmp
ha_HotkeyP-v4.5/source/joystick.cpp
ha_HotkeyP-v4.5/source/keys.cpp
ha_HotkeyP-v4.5/source/keys.ico
ha_HotkeyP-v4.5/source/keys2.ico
ha_HotkeyP-v4.5/source/lang.cpp
ha_HotkeyP-v4.5/source/lang.h
ha_HotkeyP-v4.5/source/resource.h
ha_HotkeyP-v4.5/source/rmdrive.cpp
ha_HotkeyP-v4.5/source/spy/resource.h
ha_HotkeyP-v4.5/source/spy/spy.cpp
ha_HotkeyP-v4.5/source/spy/spy.rc
ha_HotkeyP-v4.5/source/trayicon.cpp
ha_HotkeyP-v4.5/source/trayicon.h
ha_HotkeyP-v4.5/source/up.ico
ha_HotkeyP-v4.5/source/vistavol.h
ha_HotkeyP-v4.5/source/volume.cpp
ha_HotkeyP-v4.5/source/winlirc.cpp
ha_HotkeyP-v4.5/spy.exe
.exe windows:4 windows x86 arch:x86

1a0cab69a69e7def7d5dab0f9a094864

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GlobalLock
GlobalAlloc
GlobalUnlock
CreateToolhelp32Snapshot
GlobalFree
FreeLibrary
LoadLibraryA
GetVersionExA
Process32First
CloseHandle
GetProcAddress
GetCurrentProcessId
Process32Next
GetModuleHandleA
GetStartupInfoA

user32

TranslateMessage
GetMessageA
PostMessageA
ShowWindow
CreateDialogParamA
RegisterClassA
DispatchMessageA
IsDialogMessageA
DefDlgProcA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
DrawTextA
GetWindowTextA
FillRect
PostQuitMessage
SetWindowPos
DestroyWindow
BeginDeferWindowPos
FindWindowA
GetClientRect
GetDlgItem
DeferWindowPos
EndDeferWindowPos
SetWindowsHookExA
GetWindowRect
ScreenToClient
GetWindowThreadProcessId
SetDlgItemTextA
UnhookWindowsHookEx
SendMessageA
GetClassNameA
InvalidateRect
LoadCursorA
LoadIconA
SetWindowLongA

gdi32

DeleteObject
SetBkMode
SetTextColor
CreateSolidBrush

msvcrt

_controlfp
__set_app_type
__p__fmode
_except_handler3
_adjust_fdiv
__setusermatherr
__p__commode
__getmainargs
_acmdln
_initterm
_XcptFilter
_exit
exit
strchr
strlen
sprintf
strcpy
??3@YAXPAX@Z
??2@YAPAXI@Z

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_HotkeyP-v4.5/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 112KB

UPX1 Size: 57KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 24KB - Virtual size: 21KB

0341dd2384a2e495628b0b437c16baad

Headers

File Characteristics

Imports

user32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 742B

.data Size: 4KB - Virtual size: 32B

.rsrc Size: 4KB - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 200B

1a0cab69a69e7def7d5dab0f9a094864

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 57KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 24KB - Virtual size: 21KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 742B

.data
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 200B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB