498e7509e8dea9650d707493632a7049[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

498e7509e8dea9650d707493632a7049.rar
Size

1.2MB
MD5

498e7509e8dea9650d707493632a7049
SHA1

a51191b94d62888f4a2394c80a83f3706fae34dd
SHA256

29a8cb4885b1e964d8f2e7ded940c8125261e7f43e2e3b3223ce6377d9b5e9e6
SHA512

dbb90b52995bdc6fe8efe11c28411e0758e6f4101eaac9e7daef7be9ea7c2fc348640cc3c7910fa68048f13fd4e2383af919ba1c482754d07123bce43791bca9
SSDEEP

24576:QvwgF+MY/58UIajJDNunuPdzLIwsRAo/I2vC21WRr/j/ZB9UEdC1quwLcMkCsy2F:Qo6++ruPBsRAeUvrL1mqFLUU/+Jn

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/401.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/small.exe	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/08.exe
unpack001/10204.exe
unpack001/401.exe
unpack001/52.exe
unpack001/9.exe
unpack001/ClickerAgent(yz0001).exe
unpack001/rj.exe
unpack001/setup1548.exe
unpack001/small.exe
unpack002/out.upx
unpack001/woshou1.exe
unpack001/yoyo1172.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/yoyo1172.exe	nsis_installer_2

Files

498e7509e8dea9650d707493632a7049.rar
.rar
08.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

nsp0
Size: - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsp1
Size: 213KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
10204.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 312KB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
401.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 83KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
52.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.Upack
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9.exe
.exe windows:4 windows x86 arch:x86

371b407e79d74950c1b838d0660632d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
SetTimer
SendMessageA
PostThreadMessageA
PostMessageA
MessageBoxA
MessageBeep
LoadStringA
KillTimer
GetWindowTextA
GetTopWindow
GetSystemMetrics
GetWindow
GetMessageA
GetInputState
GetDesktopWindow
GetClassNameA
FindWindowA
EnumWindows
DispatchMessageA
CharNextA
CharLowerBuffA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WinExec
VirtualQuery
TerminateProcess
Sleep
SetFileAttributesA
OpenProcess
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetThreadLocale
GetSystemDirectoryA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
FreeLibrary
EnumCalendarInfoA
DeleteFileA
CreateThread
CreateMutexA
CreateDirectoryA
CopyFileExA
CloseHandle
Sleep

netapi32

Netbios

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ntdll

ZwDuplicateObject

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Safe0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Safe1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClickerAgent(yz0001).exe
.exe windows:4 windows x86 arch:x86

8532f1a3eb899a7480cf25292585d9e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
MoveFileExA
GetModuleHandleA
GetWindowsDirectoryA
CopyFileA
InterlockedExchange
GetModuleFileNameA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SizeofResource
Sleep
CreateThread
LockResource
DeleteFileA
Process32First
FindResourceA
OpenProcess
GetSystemDirectoryA
CloseHandle
CreateFileA
Process32Next
TerminateProcess
OutputDebugStringA
CreateProcessA
LoadResource
WriteFile
GetTickCount
CreateToolhelp32Snapshot
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSection
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
RaiseException
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
HeapSize
VirtualAlloc
HeapReAlloc

user32

GetProcessWindowStation
CloseWindowStation
PostMessageA
FindWindowA
GetUserObjectInformationA

advapi32

ControlService
RegSetValueExA
ChangeServiceConfigA
StartServiceA
QueryServiceConfigA
DeleteService
StartServiceCtrlDispatcherA
OpenSCManagerA
CreateServiceA
RegCloseKey
QueryServiceStatusEx
CloseServiceHandle
RegisterServiceCtrlHandlerExA
OpenServiceA
RegOpenKeyA
SetServiceStatus
RegQueryValueExA

shlwapi

PathFileExistsA

wininet

InternetConnectA
HttpQueryInfoW
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetReadFile

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rj.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 4KB - Virtual size:

Size: 1.1MB - Virtual size: 4B
setup1548.exe
.exe windows:4 windows x86 arch:x86

9c0ac15742fab698ca1ab1d3d9b82062

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy

kernel32

GetStartupInfoA
LoadLibraryA
VirtualProtect
GetModuleFileNameA

user32

CharUpperA
MessageBoxA

advapi32

QueryServiceConfigA

shell32

ShellExecuteA

netapi32

NetScheduleJobAdd

Exports

Exports

j�IE��F�oF�� ܊��D��h ��Q%�@.�o��.a}��W2s�|�Z<��y� �.%G�I��VJ=�.�j�/ܔ,W5]��A�[�#��[°�o��[�Dhw�/^e�ݓhj�8�"��LW�)�`a�#�L (�J�?��Q�I�q��E<qh*�O��|��Br�]c/�l{&��Ӄv��K��c��D�1�}y�T��W>I☩�X�,�{ջd:��q!ќ��+�)��:Cٶ�N'�JB̿��G�zs��2Ƀ��PL�b��'�c�wD_��#̶�7��t�&��v�JT��o��H1\g��Ա�NC˞�4��O�{>��<2>"D_��b��n�˱�D1d�!HiK�ٷ�Z�cyZ'��D�?+v��f��@#�5��<4�b�̒� 9�^h8�Y�G��M��j��7��C��*��7�.zGa'q>��Ay�/Z$^@B0�"��?��60�^XH��0D��f��κ�L�9�,z؈��/��D%��1Ħ�^>�=�'�Ld��תN��/�a��Ԅ�@~��g��о��^G4�[�8,y쫀��,��@@U+ןc��2�Ë��W>s��m��ۭ9�s��/��Z�Nww=�tbR��>��1Q��4�[��Sݡ��ü@ș�� `J�K'n��>��3+�d�c^-aw��I�^ש�u�~j)�Z]Sf=��}X��L}�@Y��U��7�A5��P�.C|�� [��>��<��p��F��$Mo4�vx�'��c �Բ��?��hX1bB*�K�5+�~aI鐩@�̲[�A�R�8/1��ł�Fa��*ѹ�qi��?��Q7E��|�&;��⋌6d!��X��0��)Z*��/��2uTSm-��-8��.$F��1޹Ƞ��RŇdPPO}؏b��#�;��Ц�oZ��G(�z� ��:#��\�2�,� י!]��7��֒�A��P/��*O��:��;�>K#V��X��v�{a 0ys�J�t�v�0��%��"��6D�巠j�Ns��E�}���%)��gԓ��f � �~zR�:�9xОf5=ҿ��?��{��٤Rc�iͧ�}��_I��SO�|�|W�@3A��2$��OD�0y2�� I� xe_ad�[��4W�_�C*[��<�QB�m�u��ω��¸��#��?n�C.(��?a�߆��i�:�X4�L�߼��㌸ڰ�i33�(ȷm�V�3>'7[�:�ibܲ6:�ZgV�~]�=D�ϞO0�o�u��Nfm�%q�.��*|��!��=�C��|�<Cx�4֛Be��)�V$�y�2M�s04QprpŪH��in��|='�{TFG�!E��Rvj0swZ� ��G�;�Ea�I5�|1��aC/��&��9e� ̸�(��3g$%(��ᎆ�Ե�H��O(��Rc߬(��"ek��#��<2k��TX��v�-��"1��pL��ߣ��M�(�W��þZ��L~�l��%�-�h��ӕ`[i5�N��7��T��@qyU�v{��Hݴ�I҇`��5��{m�W ��/{kH5�f��_��[;ac�au��t�"��M&��0�t��k\�yV��v-@L��H<`��ߑ5�&^�~�� L9X��K�hEgfX�j��ʠ��䕒�9n�H�|Uq� ��Ʉd^<<��ٰ��$K�D)Ǡq_�"_R��P�J�˂��|OcO�N�Ӽ��ח��XG맬X�I|2"}��G��N#CN H�b��}8�C�Y��Y%�y�� 9`��H��ʭ�a��_駤��U�7�X��j=B�Zc9��B:�� 3��7>T^T��i3u�*�Շ�\x�D��G��һ_):7�k�ce��̴.�K��Ph�q` ��SkV�O��tԐ&k�C��ژCC%"27��_o�O�2�Z*��dV$��[VYb��r��q��[T��[��y��L�5b��@�ĥ�蠞y��Nd>;��C)]z7��,��Y��v�ӑ$��g��܇>"+Õ��O�b�F��8�T��-��|�|��"D��0��&��9W�N)5R��q��<Zy7:_k8��.��D��yM�ˤ�F� ;�o�)�ۦ��Q�=w��cG=�+�P��ԃÜv&nNXй�d�L��N��$�5�:+ (>w��y��OBk��tF�hg~mlxL':�w&��+��qv�Ɠy�+i��]@��rpm��C@�3�ރ�ӏ�s��Nx&N_غ�u:G��8q�N,}��⁙�P�Ef�RP_�\.zf�x��Жp�lﳙG흺ٸ�k� ��ְ�}�X?SDER1S��O��ζ�6�Wܯ�ā;��80x��W�:e*� � l8�� yP�� ;,0��r}�x�)b��+��e :#��q�|�� bR�)t~��>l��x1T�HU%ͤ��:��3��]ȅ��E�-��9�� e��T�=��j�{%�"eʮe#JN�`!�i��&c!X��~~��OM)��$�Z�GmN%�=o4��P�,�Ijk@$�D"w\i0��+M�c��>�=�k��}B{я�L�c�5O��>��D#HD�!�B�sd�� L��_��2��#��F�Hfc@��n��8��iÖ�v�:=�t��s�;�;l�u��*��YH��w��szHƺo��;��L��qD[�VNW��»d�a�Jb(6�x��7a��M��U͔ �\�^XPŧ��Hqkh�yXnʉ�*i��b

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bad0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bad1
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
small.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.tInt2
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt16
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt7
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tFind
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt65
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tIntp4
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tInti4
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt18
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tIntu4
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt13
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tIntt4
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt99
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt76
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt87
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt39
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tInt21
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togf73
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.togt67
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tInt4
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tInt14
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
woshou1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
yoyo1172.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

nsp0 Size: - Virtual size: 676KB

nsp1 Size: 213KB - Virtual size: 217KB

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 312KB - Virtual size: 4B

���� Size: - Virtual size:

Headers

File Characteristics

Sections

CODE Size: 83KB - Virtual size: 212KB

DATA Size: 2KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 16KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.Upack Size: - Virtual size: 164KB

.rsrc Size: 55KB - Virtual size: 84KB

371b407e79d74950c1b838d0660632d8

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

netapi32

wininet

ntdll

Sections

.text Size: 53KB - Virtual size: 53KB

.itext Size: 1024B - Virtual size: 772B

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

Safe0 Size: 4KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 3KB

Safe1 Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

8532f1a3eb899a7480cf25292585d9e2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Sections

 Size: 4KB - Virtual size:

Size: 1.1MB - Virtual size: 4B

9c0ac15742fab698ca1ab1d3d9b82062

Headers

File Characteristics

Imports

nsp0
Size: - Virtual size: 676KB

nsp1
Size: 213KB - Virtual size: 217KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

CODE
Size: 83KB - Virtual size: 212KB

DATA
Size: 2KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 16KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.Upack
Size: - Virtual size: 164KB

.rsrc
Size: 55KB - Virtual size: 84KB

.text
Size: 53KB - Virtual size: 53KB

.itext
Size: 1024B - Virtual size: 772B

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

Safe0
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 3KB

Safe1
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 8KB - Virtual size: 5KB

Size: 4KB - Virtual size:

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 86KB

.rsrc
Size: 4KB - Virtual size: 320B

.bad0
Size: - Virtual size: 32KB

.tls
Size: 4KB - Virtual size: 24B

.bad1
Size: 144KB - Virtual size: 140KB

.reloc
Size: 4KB - Virtual size: 136B

UPX0
Size: - Virtual size: 372KB

UPX1
Size: 51KB - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 4KB

.tInt2
Size: 4KB - Virtual size: 304B

.togt16
Size: 4KB - Virtual size: 320B

.text
Size: 4KB - Virtual size: 1KB

.togt7
Size: 4KB - Virtual size: 176B

.tFind
Size: 4KB - Virtual size: 80B

.togt65
Size: 4KB - Virtual size: 160B

.tIntp4
Size: 4KB - Virtual size: 320B

.tInti4
Size: 4KB - Virtual size: 320B

.togt18
Size: 4KB - Virtual size: 160B

.tIntu4
Size: 4KB - Virtual size: 176B

.togt13
Size: 4KB - Virtual size: 160B

.tIntt4
Size: 4KB - Virtual size: 336B

.togt99
Size: 4KB - Virtual size: 64B

.togt76
Size: 4KB - Virtual size: 608B

.togt87
Size: 4KB - Virtual size: 272B

.togt39
Size: 4KB - Virtual size: 240B

.tInt21
Size: 4KB - Virtual size: 288B

.togf73
Size: 4KB - Virtual size: 144B

.togt67
Size: 4KB - Virtual size: 96B

.tInt4
Size: 4KB - Virtual size: 192B

.tInt14
Size: 4KB - Virtual size: 16B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 324KB - Virtual size: 321KB

CODE
Size: 39KB - Virtual size: 38KB

DATA
Size: 512B - Virtual size: 220B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 274KB - Virtual size: 274KB