494b058ae243deb0796b5e2cf0ac1e16

Sharing

Copy URL

Twitter E-mail

General

Target

494b058ae243deb0796b5e2cf0ac1e16
Size

183KB
MD5

494b058ae243deb0796b5e2cf0ac1e16
SHA1

fa6d4834bbe6e6c8eae1047b82454dbf0f7fecdf
SHA256

512a1ccc247d2e91058e3d4102a797885b0149835e4152f86648033fadbe86d6
SHA512

3f0a7531dfd9e9aa7b6002a33a7229107cf870263c75c818a960ba64e8cb5d7338fc58de5c7a6038578ded2ef8b6e21c8aedd8137c3415fa7c762fe87dc5a30e
SSDEEP

3072:WimNn7RPev1slrieGiNumYTUSE+nweo7SRiiYzBMsbURGBe9XjdHUJsmZCQj3+1:WiY7R2NsQeGiNunwe46iiKBMgUB9XiqX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ajwawabansu-v1.0/变速娃娃.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ajwawabansu-v1.0/HookDLL.dll
unpack001/ajwawabansu-v1.0/变速娃娃.exe

Files

494b058ae243deb0796b5e2cf0ac1e16
.rar
ajwawabansu-v1.0/HookDLL.dll
.dll windows:5 windows x86 arch:x86

870cd82918b29074489f8170b1078388

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
CreateMutexA
WriteProcessMemory
VirtualProtect
VirtualQuery
GetProcAddress
ReleaseMutex
FreeLibrary
GetLocaleInfoA
GetCurrentProcess
GetLastError
LoadLibraryA
CloseHandle
GetStringTypeW
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA

user32

SetTimer
GetMessageTime
UnhookWindowsHookEx
MessageBoxA
GetWindowThreadProcessId
SetWindowsHookExA
CallNextHookEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

winmm

timeSetEvent
timeGetTime

Exports

Exports

RemoveHook
SetSpeed
SetupHook
UnHook

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ajwawabansu-v1.0/使用说明.txt
ajwawabansu-v1.0/变速娃娃.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ajwawabansu-v1.0/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

870cd82918b29074489f8170b1078388

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winmm

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.mydata Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 1012B

.reloc Size: 4KB - Virtual size: 3KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 424KB

UPX1 Size: 149KB - Virtual size: 152KB

.rsrc Size: 14KB - Virtual size: 16KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.mydata
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1012B

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 424KB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 14KB - Virtual size: 16KB