4eadc0e186912a8e144f012bc4a8c277

Sharing

Copy URL Twitter E-mail

General

Target

4eadc0e186912a8e144f012bc4a8c277
Size

12.2MB
MD5

4eadc0e186912a8e144f012bc4a8c277
SHA1

518bf81f8a815840f05ab8c184913e7632d90d6d
SHA256

13aa4d5c4aaebe3b458a46bdad6d8ed250688e11bcef55f7c4cdbf4b9cb0e3c5
SHA512

a068039f6c299f0a6cd3f7d012767e454f3fcdba3a8a366be466b043c062d3ef4bbd0709c99f5c12e8a760478984b2b7194999c44fa4642e7624a38411d409f8
SSDEEP

393216:eI7I77QA+g3TWgst6WrstkERGzWoZFX9uM:pi8ETWgstnrstkERGzZZFtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ConvService.Exe
unpack001/Riva FLV Player.exe
unpack001/Setup.exe

Files

4eadc0e186912a8e144f012bc4a8c277
.rar
ConvExc.dll
ConvService.Exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

test
Size: - Virtual size: 988KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 625KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data/Data.Mdb
Dos版例子/addData.vbs
.vbs
Dos版例子/例子.bat
Riva FLV Player.exe
.exe windows:4 windows x86 arch:x86

7c55c62ca28c47a486e5be7f437fb773

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GlobalAddAtomA
GetModuleHandleA
GlobalFree
GlobalDeleteAtom
GlobalGetAtomNameA
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
GetVersionExA
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CloseHandle
ReadFile
GetFileSize
CreateFileA
VirtualQueryEx
FindClose
FindFirstFileA
FindFirstFileW
GetModuleFileNameW
GetExitCodeProcess
ReadProcessMemory
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GlobalAlloc
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CompareStringW
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
TerminateProcess
GlobalLock
GlobalUnlock
CreateThread
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GetCommandLineW
GetShortPathNameA

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
CreateWindowExA
GetWindowThreadProcessId
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
PackDDElParam
PostMessageA
IsWindow
RegisterClassA

gdi32

DeleteObject
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreatePalette

Sections

.text
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 36KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

test
Size: - Virtual size: 988KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 625KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
admin/Config.asp
.asp
admin/DL.asp
.vbs
admin/DiagMain.asp
admin/ExecSql.asp
.vbs
admin/Function.asp
.vbs
admin/Help.asp
admin/JavaScript.js
.js
admin/SystemSet.asp
admin/adminMain.asp
admin/css.css
admin/default.asp
.vbs
admin/prototype.js
.js
asp版例子/1.mdb
asp版例子/CallBack.asp
.vbs
asp版例子/default.htm
.html
asp版例子/index.asp
.asp
asp版例子/ok.asp
.vbs
asp版例子/upload_5xsoft.inc
.html .vbs polyglot
toflv.htm
.html
已更新日记.txt
旧版升级到2006-9-15的方法.txt
正版用户升级方法.txt
说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

test Size: - Virtual size: 988KB

data Size: 625KB - Virtual size: 628KB

.rsrc Size: 6KB - Virtual size: 8KB

7c55c62ca28c47a486e5be7f437fb773

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: - Virtual size: 55KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 24KB

.text1 Size: 192KB - Virtual size: 192KB

.adata Size: 52KB - Virtual size: 64KB

.data1 Size: 36KB - Virtual size: 128KB

.pdata Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 28KB - Virtual size: 28KB

Headers

File Characteristics

Sections

test Size: - Virtual size: 988KB

data Size: 625KB - Virtual size: 628KB

.rsrc Size: 6KB - Virtual size: 8KB

test
Size: - Virtual size: 988KB

data
Size: 625KB - Virtual size: 628KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: - Virtual size: 55KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 24KB

.text1
Size: 192KB - Virtual size: 192KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 36KB - Virtual size: 128KB

.pdata
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 28KB - Virtual size: 28KB

test
Size: - Virtual size: 988KB

data
Size: 625KB - Virtual size: 628KB

.rsrc
Size: 6KB - Virtual size: 8KB