51a17accefd3e10e3c98044ea20b5d27

Sharing

Copy URL Twitter E-mail

General

Target

51a17accefd3e10e3c98044ea20b5d27
Size

200KB
MD5

51a17accefd3e10e3c98044ea20b5d27
SHA1

8e2c6dde8a3f5074b35ea40fb767c5b0713a47ec
SHA256

568730da4425bd4b8d81cc2c65cc13e9237a8f15e574a1f5ab1d39d0f3cc448d
SHA512

5a51e83a7f56b9e062ee5586374494bb44344086526caa368d5b3b7364725ab0907c1cb6985383e0c298a85fb400af0c3988faed3f0a51851a33e69ca1049152
SSDEEP

3072:l7tnnaZdRMnDxriHaHnccDDfFfkxjXODBMCyO0i9PxT8M0JRDRB:lpna7WxOqpfFf4APyMQRDL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xp-AntiSpy.exe

Files

51a17accefd3e10e3c98044ea20b5d27
.rar
xp-AntiSpy.chm
.chm
xp-AntiSpy.exe
.exe windows:4 windows x86 arch:x86

4e62c1d0bfb4ac7ead5163676c676fe3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imagehlp

CheckSumMappedFile

mfc42

ord795
ord641
ord540
ord567
ord324
ord825
ord800
ord2302
ord4234
ord6199
ord4160
ord4710
ord823
ord2818
ord1200
ord860
ord1158
ord537
ord922
ord926
ord535
ord858
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord3573
ord3610
ord656
ord1641
ord3626
ord3663
ord2414
ord4275
ord665
ord1979
ord5442
ord5773
ord5186
ord354
ord939
ord6385
ord941
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3708
ord781
ord616
ord4224
ord3317
ord3874
ord6136
ord3767
ord6070
ord6134
ord4131
ord4130
ord5937
ord2078
ord2380
ord2111
ord4299
ord3920
ord2642
ord6215
ord3742
ord3571
ord3619
ord818
ord2379
ord2864
ord2089
ord1168
ord1146
ord755
ord640
ord5785
ord1640
ord3597
ord2754
ord470
ord2575
ord4396
ord3574
ord609
ord4538
ord3693
ord4123
ord5875
ord2860
ord5787
ord5788
ord2859
ord5953
ord6880
ord6930
ord6928
ord603
ord1969
ord273
ord353
ord3499
ord2515
ord355
ord924
ord2801
ord2393
ord3184
ord3177
ord4202
ord2740
ord6442
ord1233
ord5981
ord3220
ord2753
ord2971
ord4287
ord3873
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord1576
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord6438
ord1134
ord4681
ord4220
ord2584
ord3654
ord2438
ord810
ord686
ord2863
ord2123
ord1644
ord2086
ord6270
ord5572
ord2915
ord6008
ord6889
ord1941
ord4271
ord3297
ord3296
ord3754
ord3398
ord3733
ord384
ord3914
ord4000
ord3290
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3721
ord4424
ord3402
ord5290
ord1776
ord6055
ord323
ord5302

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_setmbcp
__CxxFrameHandler
_EH_prolog
memset
fclose
fopen
strcat
strcmp
rename
strstr
free
malloc
strcpy
atoi
_mbscmp
sscanf
sprintf
memcpy
abs
strlen
_mbsnbcpy
??1type_info@@UAE@XZ
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit

kernel32

lstrcpynA
GetVersionExA
GetWindowsDirectoryA
Sleep
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
UnmapViewOfFile
GetFileSize
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetProcAddress
GetLastError
lstrlenA

user32

GetMenuItemCount
GetMenuItemID
RemoveMenu
InsertMenuA
GetMenuStringA
MessageBeep
ClientToScreen
GetKeyState
SetCursor
SetFocus
IsIconic
GetSystemMetrics
DrawIcon
LoadMenuA
SetMenu
GetMenu
IsWindowEnabled
EnableMenuItem
GetSubMenu
CheckMenuRadioItem
EnableWindow
SendMessageA
InvalidateRect
GetClientRect
LoadIconA
wsprintfA
GetCapture
ReleaseCapture
SetCapture
GetSysColor
GetDC
ReleaseDC
GetFocus
LoadCursorA
SetRect
LoadBitmapA
GetParent
IsWindow
RegisterWindowMessageA
GetWindowRect

gdi32

CreateSolidBrush
CreateFontA
BitBlt
CreateCompatibleDC
Rectangle
CreatePen
SelectObject
PatBlt
Polygon
StretchBlt

advapi32

OpenServiceA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
ChangeServiceConfigA
ControlService
StartServiceA
OpenSCManagerA
EnumServicesStatusA
RegCloseKey
QueryServiceConfigA
CloseServiceHandle
RegEnumValueA
LookupAccountNameA
RegDeleteValueA
RegEnumKeyExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_Create
ord17
_TrackMouseEvent

msvcp60

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xp-AntiSpy.url
下载说明.htm
.html .js polyglot
汉化新世纪.txt
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

4e62c1d0bfb4ac7ead5163676c676fe3

Headers

File Characteristics

Imports

version

imagehlp

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp60

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 156KB - Virtual size: 152KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 156KB - Virtual size: 152KB