6568de75cafc0bd5449fd7745f764282

Sharing

Copy URL

Twitter E-mail

General

Target

6568de75cafc0bd5449fd7745f764282
Size

3.8MB
MD5

6568de75cafc0bd5449fd7745f764282
SHA1

36df83adddf3ef1d34fc0924b22f6761634f92d8
SHA256

a71533d6fa36995887de05fe44ec3750fd4489f029449f40963fd3f0cd130533
SHA512

1f663baa680944ab2ce19cfa45616d73a7456ece9cbf4cdbc436c2e29da5ed685b62d3efb1743c0dd8f2483377bcf8e38bf40a4a8be2ebb5206a9e1b5bd611bb
SSDEEP

98304:vw8tTv6Ns8bF+KMOl+2f3zsUWEVnG+9/lj5K8dZwVf3F:vw8tWNs2UVIsqYil5Y3F

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/YitGNASC.exe
unpack001/YitGNASM.exe
unpack001/YitGNASS.exe
unpack001/netcfg.exe
unpack001/yitgnas.sys

Files

6568de75cafc0bd5449fd7745f764282
.rar
Help.chm
.chm
Setup.exe
.exe windows:1 windows x86 arch:x86

0657f1c54462740149906ec58c1d3de8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoCreateInstance

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

comdlg32

GetOpenFileNameA

Sections

CODE
Size: 402KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WebFiles/btn1.gif
.gif
WebFiles/btn2.gif
.gif
WebFiles/chpasswd.htm
.html
WebFiles/gen.htm
.html
WebFiles/login1.gif
.gif
WebFiles/login2.gif
.gif
WebFiles/login3.gif
.gif
WebFiles/login4.gif
.gif
WebFiles/login5.gif
.gif
WebFiles/login6.gif
.gif
WebFiles/login7.gif
.gif
WebFiles/login8.gif
.gif
WebFiles/loginbg2.gif
.gif
WebFiles/logon.htm
.html
WebFiles/logout.htm
.html
WebFiles/下载说明.htm
.html .js polyglot
YitGNASC.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 543KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reso
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ExeS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
YitGNASM.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 752KB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reso
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ExeS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
YitGNASS.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 240KB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reso
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ExeS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
netFilter.inf
netFilterMP.inf
netcfg.exe
.exe windows:5 windows x86 arch:x86

a2f3b8ca9ae0d2c1e4c3bb2f0ce14718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_c_exit
_exit
_XcptFilter
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
wcslen
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
vwprintf
_iob
fflush
iswprint
wcscpy
exit
wcschr
wprintf
_adjust_fdiv
tolower

kernel32

GetModuleHandleA
GetLastError

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

setupapi

SetupDiGetClassDevsW
SetupCopyOEMInfW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setpath.reg
yitgnas.sys
.sys windows:5 windows x86 arch:x86

777f0f85c919323bf6fc6eeb368a3356

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_purecall
ExAllocatePoolWithTag
ObReferenceObjectByHandle
KeClearEvent
ExFreePool
memmove
KeSetEvent
RtlCompareMemory
IofCompleteRequest
RtlEqualUnicodeString

ndis.sys

NdisOpenProtocolConfiguration
NdisMRemoveMiniport
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisCloseAdapter
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMInitializeDeviceInstanceEx
NdisIMGetDeviceContext
NdisMCancelTimer
NdisMSetPeriodicTimer
NdisUnicodeStringToAnsiString
NdisAllocateSpinLock
NdisFreeSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisQueryBufferSafe
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisFreePacket
NdisQueryAdapterInstanceName
NdisGetCurrentSystemTime
NdisMInitializeTimer
NdisInitUnicodeString
NdisAllocatePacketPool
NdisFreePacketPool
NdisMDeregisterDevice
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisMRegisterDevice
NdisSetEvent
NdisResetEvent
NdisWaitEvent
NdisOpenConfiguration
NdisAllocatePacketPoolEx
NdisCloseConfiguration
NdisDeregisterProtocol
NdisIMDeregisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterAdapterShutdownHandler
NdisRegisterProtocol
NdisIMRegisterLayeredMiniport
NdisIMAssociateMiniport
NdisMRegisterAdapterShutdownHandler
NdisTransferData
NdisGetReceivedPacket
NdisOpenAdapter
NdisTerminateWrapper
NdisInitializeWrapper
NdisInitializeEvent
NdisReadConfiguration
NdisMSleep
NdisPacketPoolUsage
NdisRequest
NdisSend
NdisReturnPackets
NdisMSetAttributesEx
NdisWriteErrorLogEntry

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 128B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STL
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
安装说明.txt
更新说明.txt

Sharing

General

Malware Config

Signatures

Files

0657f1c54462740149906ec58c1d3de8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

comdlg32

Sections

CODE Size: 402KB - Virtual size: 1.3MB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

CODE Size: 543KB - Virtual size: 1.6MB

.reso Size: 169KB - Virtual size: 172KB

ExeS Size: 3KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 752KB - Virtual size: 10.7MB

.reso Size: 25KB - Virtual size: 28KB

ExeS Size: 3KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 240KB - Virtual size: 9.0MB

.reso Size: 9KB - Virtual size: 12KB

ExeS Size: 3KB - Virtual size: 8KB

a2f3b8ca9ae0d2c1e4c3bb2f0ce14718

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ole32

setupapi

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 92B

.rsrc Size: 1024B - Virtual size: 888B

777f0f85c919323bf6fc6eeb368a3356

Headers

File Characteristics

Imports

ntoskrnl.exe

ndis.sys

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 768B - Virtual size: 678B

.data Size: 1.2MB - Virtual size: 1.2MB

.CRT Size: 128B - Virtual size: 20B

.STL Size: 128B - Virtual size: 16B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 4KB

CODE
Size: 402KB - Virtual size: 1.3MB

.rsrc
Size: 11KB - Virtual size: 12KB

CODE
Size: 543KB - Virtual size: 1.6MB

.reso
Size: 169KB - Virtual size: 172KB

ExeS
Size: 3KB - Virtual size: 8KB

CODE
Size: 752KB - Virtual size: 10.7MB

.reso
Size: 25KB - Virtual size: 28KB

ExeS
Size: 3KB - Virtual size: 8KB

CODE
Size: 240KB - Virtual size: 9.0MB

.reso
Size: 9KB - Virtual size: 12KB

ExeS
Size: 3KB - Virtual size: 8KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 1024B - Virtual size: 888B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 768B - Virtual size: 678B

.data
Size: 1.2MB - Virtual size: 1.2MB

.CRT
Size: 128B - Virtual size: 20B

.STL
Size: 128B - Virtual size: 16B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 4KB