4665788839210c0680136d64c26a9968 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4665788839210c0680136d64c26a9968
Size

173KB
MD5

4665788839210c0680136d64c26a9968
SHA1

c74f672bbc73e984ae005407b1ac814f8591928d
SHA256

6720a476a691ad452bf142b13a984f3e96c69be4172793c9e1c4f13a06e322fa
SHA512

3103af9d6f2aa66fac2c84c4b8f30831c411f6f48959fd69efeb7ee8acd4463908ef9da4e6d912140b37f74597005375cdfbbb22883e4fe9d8e7d24d7fc5cd02
SSDEEP

3072:sczTNJmXeWG3NNmCaNhTVEHlFCPIx9JOqF5LlGBiCAcc+y+FG43O1N268q7TmjjL:scXCexzmjNscPO9AAxlwiCFQCb+TYqmj

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/8399444/Update.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8399444/Update.exe

Files

4665788839210c0680136d64c26a9968
.rar
8399444/StdAfx.cpp
8399444/StdAfx.h
8399444/Update.clw
8399444/Update.cpp
8399444/Update.dsp
8399444/Update.dsw
8399444/Update.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8399444/Update.h
8399444/Update.rc
8399444/UpdateDlg.cpp
.js
8399444/UpdateDlg.h
8399444/res/Update.ico
8399444/res/Update.rc2
8399444/res/left.bmp
8399444/resource.h
8399444/下载说明.htm
.html .js polyglot
8399444/用法.txt