4c5cdba1d15ef547f391d6df157c601e | Triage

Sharing

General

Target

4c5cdba1d15ef547f391d6df157c601e
Size

354KB
MD5

4c5cdba1d15ef547f391d6df157c601e
SHA1

be84099464782da50eef8c31257e02496b0dce98
SHA256

dda6744b1f31ea10427f287525bd6c82693763fe6d5073673b8390313b16ad90
SHA512

874d34c44f47144c2c717fa03b166ccde7995e39aaf2932faed01df9d007fead967cc44484c325b2164ff5288f27be0c14175ad9455d3ed35fa8ac36de303b8c
SSDEEP

6144:+CCnUkoZm+fgkjaCYJ9kfdopoCAiVpSnraBIeZ7asjsaA8EoZ2ASF:EUkoZmVgm9i+PrV0nrpYDsa+ovSF

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/宝宝音乐相册.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/宝宝音乐相册.exe

Files

4c5cdba1d15ef547f391d6df157c601e
.rar
宝宝音乐相册.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 238KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url