45a2739d4bb4339dd4e54a7d23bc600a

Sharing

Copy URL Twitter E-mail

General

Target

45a2739d4bb4339dd4e54a7d23bc600a
Size

604KB
MD5

45a2739d4bb4339dd4e54a7d23bc600a
SHA1

3afba97833d8cd425bc0167bf4c615df7dc2816d
SHA256

3945a67c619aed72915ef57d580b5f48d59817bed7b551aa730ded05ce3d223e
SHA512

8454b54ed8ac419b130e68948de882d135e3c8eaadc475bb23519f306fff78338fdfaaa3f193b82ce5d57d488ccf9d9a132d8971b7ea7f172f3045def6db2584
SSDEEP

12288:mgYb/0HQqtM+QeX+sqnNJKGBvUNcupPb8NooXla0ojrrfWYI1f33fTH:vSKKeXVGNJd+NzpYNomlrofrOb3fj

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/受控服务器注册组件/syZip.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/受控服务器注册组件/syZip.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/受控服务器注册组件/ASPJpeg.dll
unpack001/受控服务器注册组件/syDLL.dll
unpack001/受控服务器注册组件/syDllBasic.dll
unpack001/受控服务器注册组件/syFtp.dll
unpack001/受控服务器注册组件/syZip.dll

Files

45a2739d4bb4339dd4e54a7d23bc600a
.rar
user/Default.asp
.asp
user/Default_Bak.asp
.vbs
user/License.txt
user/Manager/Default.asp
.asp
user/新云软件.url
.url
优质主机推荐.url
.url
使用帮助.url
.url
升级方法.url
.url
受控服务器注册组件/ASPJpeg.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8aea84690485de1cab67e1a10a7ffb9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
FlushFileBuffers
ReadFile
SetFilePointer
FormatMessageA
CreateFileA
LocalFree
RaiseException
CloseHandle
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
lstrcatA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
InterlockedExchange
LocalAlloc
LCMapStringW
LCMapStringA
lstrlenW
HeapCreate
GetVersionExA
GetStringTypeW
GetStringTypeA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetEnvironmentVariableA
SetHandleCount
GetStdHandle
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
HeapSize

user32

LoadStringA
CharNextA

gdi32

DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateSolidBrush
CreatePen
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkColor
TextOutW
SetTextColor
TextOutA
SetBkMode
AngleArc
Ellipse
Rectangle
MoveToEx
LineTo

advapi32

RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoCreateInstance
ProgIDFromCLSID
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantInit
SafeArrayCreate
SafeArrayDestroy
SysAllocStringLen
VariantChangeType
VariantClear
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
受控服务器注册组件/aspjpeg.reg
受控服务器注册组件/syDLL.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4d64ea291970695e18a061fd0009b366

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
ord693
__vbaVarVargNofree
__vbaFreeVar
ord695
__vbaAptOffset
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
_adj_fprem1
ord518
__vbaVarSetVarAddref
__vbaI2Abs
ord629
__vbaStrCat
__vbaVarCmpNe
ord553
ord661
__vbaHresultCheckObj
ord662
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord593
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord304
ord703
__vbaVarIndexLoad
__vbaForEachCollVar
ord705
ord520
__vbaVargVar
__vbaBoolVarNull
__vbaVarTstLt
__vbaRefVarAry
_CIsin
ord709
__vbaVarZero
__vbaVarCmpGt
ord632
__vbaVargVarMove
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
ord560
__vbaDateR8
__vbaNextEachCollVar
__vbaObjVar
ord561
ord562
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
ord310
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord312
ord711
ord712
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
ord573
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaVerifyVarObj
__vbaVarMod
__vbaVarTstGe
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaUnkVar
ord617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord619
__vbaForEachVar
ord542
ord543
_allmul
__vbaLenVarB
__vbaVarLateMemCallSt
ord544
__vbaLateIdSt
ord545
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
ord547
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 812KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
受控服务器注册组件/syDllBasic.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9ea688d0cc387a8dba9518097123dd00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
ord693
__vbaFreeVar
ord695
__vbaAptOffset
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaVarSetVarAddref
__vbaI2Abs
ord629
__vbaStrCat
__vbaVarCmpNe
ord553
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord593
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
ord520
__vbaBoolVarNull
__vbaVarTstLt
__vbaRefVarAry
_CIsin
ord709
__vbaVargVarMove
__vbaVarCmpGt
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaObjVar
ord561
ord562
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
ord573
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVerifyVarObj
__vbaVarMod
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
ord617
_CIatan
__vbaCastObj
__vbaForEachVar
ord619
ord542
ord543
_allmul
__vbaLenVarB
ord544
ord545
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
ord547
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
受控服务器注册组件/syFtp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

21cf615839d9c9d1abde391fe74b836b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaStrFixstr
ord520
__vbaBoolVarNull
_CIsin
ord632
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord607
__vbaFPException
__vbaInStrVar
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
受控服务器注册组件/syZip.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
受控服务器注册组件/卸载组件.bat
受控服务器注册组件/更新组件.bat
受控服务器注册组件/注册组件.bat
安装说明.txt
用户许可协议.txt
购买方法.url
.url

Sharing

General

Malware Config

Signatures

Files

8aea84690485de1cab67e1a10a7ffb9c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 10KB

4d64ea291970695e18a061fd0009b366

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 812KB - Virtual size: 809KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 45KB

.reloc Size: 56KB - Virtual size: 54KB

9ea688d0cc387a8dba9518097123dd00

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

21cf615839d9c9d1abde391fe74b836b

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 496KB

UPX1 Size: 237KB - Virtual size: 240KB

.rsrc Size: 10KB - Virtual size: 12KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 812KB - Virtual size: 809KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 45KB

.reloc
Size: 56KB - Virtual size: 54KB

.text
Size: 100KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 496KB

UPX1
Size: 237KB - Virtual size: 240KB

.rsrc
Size: 10KB - Virtual size: 12KB