48fc89a9c0584f4166549efe6f4e3a84

Sharing

Copy URL Twitter E-mail

General

Target

48fc89a9c0584f4166549efe6f4e3a84
Size

662KB
MD5

48fc89a9c0584f4166549efe6f4e3a84
SHA1

e3ca36cc18350e854e603948db49525155abb65b
SHA256

bf6d93a3092989410073158db3c0f2e5158e3bf603c93e710b85b8e4f8e2ff65
SHA512

5543152660cd3319ccdcfece2a8b691dfba09ac2a138ae6d9cf85ff2d355d00f21d4e55bc8278927e1236f399962ca6848a2bace7c27fcb1cfadefe7321b43c6
SSDEEP

12288:ezVRTw6tcy6TuRNqezcuteoayPDLJW1OK/Nrz5S46FIiwwWioj8UbfzHv:eRR1a6NqwcE93JW1T/JvuIRwWi1+Hv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SoftAutoInstaller.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SoftAutoInstaller.exe
unpack002/out.upx
unpack001/softs/CoralExplorer.exe

Files

48fc89a9c0584f4166549efe6f4e3a84
.rar
SoftAutoInstaller.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoftConf.ini
SoftConf[公布].ini
SoftConf[最简].ini
pics/ADPIC_00.JPG
.jpg
pics/ADPIC_01.JPG
.jpg
pics/ADPIC_02.JPG
.jpg
pics/ADPIC_03.JPG
.jpg
pics/ADPIC_04.JPG
.jpg
pics/BigOEMLOGO.JPG
.jpg
pics/SoftICO7.ico
pics/新云软件.url
.url
softs/CoralExplorer.au3
softs/CoralExplorer.exe
.exe windows:4 windows x86 arch:x86

76ff84ab9bc3205bf672693e1378c426

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHGetFileInfoW
SHBrowseForFolderW

kernel32

SetCurrentDirectoryW
CreateProcessW
CloseHandle
GetCurrentDirectoryW
LocalFree
SetFileApisToOEM
GetCurrentThread
SetThreadPriority
GetLastError
SetPriorityClass
GetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
GetFileAttributesW
FormatMessageW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
InterlockedExchangeAdd
FindFirstFileW
FindClose
FindNextFileW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
GetFileSize
ReadFile
GetCurrentThreadId
ResumeThread
Sleep
GetACP
MultiByteToWideChar
WideCharToMultiByte
MoveFileW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetFullPathNameW
GetTempFileNameW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
FindResourceW
FileTimeToSystemTime
ExpandEnvironmentStringsW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetModuleFileNameW
GetLongPathNameW
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
CreateThread
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError

user32

GetActiveWindow
LoadStringW
GetDesktopWindow
GetMessageW
IsDialogMessageW
CreateDialogParamW
PostQuitMessage
DispatchMessageW
EnableWindow
LoadIconW
TranslateMessage
SetTimer
KillTimer
DestroyIcon
IsWindow
SendMessageW
MessageBoxW
ShowWindow
PostMessageW
DialogBoxParamW
GetSystemMetrics
GetWindowRect
SetWindowPos
EndDialog
GetWindowTextW
SetWindowTextW
GetDlgItem
IsWindowVisible
ScreenToClient

gdi32

DeleteObject
CreateSolidBrush

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
softs/CoralExplorer.txt
软件自动安装器配置文件说明[公布].txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 472KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 37KB - Virtual size: 36KB

76ff84ab9bc3205bf672693e1378c426

Headers

File Characteristics

Imports

comctl32

shell32

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 16KB - Virtual size: 40KB

.rsrc Size: 75KB - Virtual size: 75KB

UPX0
Size: - Virtual size: 472KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 16KB - Virtual size: 40KB

.rsrc
Size: 75KB - Virtual size: 75KB