508ce134e7a144c71853ba6aa2146b87

Sharing

Copy URL Twitter E-mail

General

Target

508ce134e7a144c71853ba6aa2146b87
Size

6.1MB
MD5

508ce134e7a144c71853ba6aa2146b87
SHA1

139439b2f14f4d0a20bfb0ab3dfa4c533549b2d0
SHA256

f96e08b744ff5b5218abde4df5676370a6f3f156cd43a725b619dcd850d67018
SHA512

2726754dd9603d40cadc91707aa10b4df49a0a63527f8c768491783a39994e5ce588e4b64311e0bd21f0a7095d4856023f22cd67540de35772c4cffb34287c21
SSDEEP

196608:jyk0LAGpwr9WUE5bzR+gME2836QOc4jKADtD1RUC:EAGpc9Wt5bogBVTGKPC

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/FreeForm.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FreeForm.exe

Files

508ce134e7a144c71853ba6aa2146b87
.rar
FreeForm.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.8MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 15KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 341KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Templates/ccar.xls
.xls windows office2003
Templates/client.xls
.xls windows office2003
Templates/employee.xls
.xls windows office2003
Templates/下载说明.htm
.html .js polyglot
Templates/非常世纪资源网.url
.url
data/Metro.htm
.html
data/Phone.htm
.html
data/StarCRMdb.mdb
data/Timeex.htm
.html
data/Worlda.htm
.html
data/calendar.mht
.eml .js polyglot
data/下载说明.htm
.html .js polyglot
data/非常世纪资源网.url
.url
下载说明.htm
.html .js polyglot
使用帮助.chm
.chm
说明.txt
非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 1.8MB - Virtual size: 5.6MB

DATA Size: 15KB - Virtual size: 40KB

BSS Size: - Virtual size: 8KB

.idata Size: 5KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 444KB

.rsrc Size: 341KB - Virtual size: 1.8MB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

CODE
Size: 1.8MB - Virtual size: 5.6MB

DATA
Size: 15KB - Virtual size: 40KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 444KB

.rsrc
Size: 341KB - Virtual size: 1.8MB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB