688905c8764473bd3079c944da3b69cf

Sharing

Copy URL Twitter E-mail

General

Target

688905c8764473bd3079c944da3b69cf
Size

147KB
MD5

688905c8764473bd3079c944da3b69cf
SHA1

527dbc891f37acea7f3c0a8810da3366f0890cbf
SHA256

af041a870c01107dfa11551ec3d922d0f73aaf89d4a5551f614265d4f7988f8a
SHA512

9cdd83d83bddcaca6af5afb57a0b9058e3475f59a7c40e3a105e1ec5eade8ddfaba27ba8c49fad820f913d7fbf2f31312ed3dc5eee36ae1287398d1f0a03e67e
SSDEEP

3072:Z6RUn3C9AETGFa5nwZUDyDnQhZeuFBhCcWvDsO2:kGny9A5eQbQ+PbsF

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Magical Glass.exe	aspack_v212_v242
static1/unpack001/Plug-Ins/RGB Info.dll	aspack_v212_v242
static1/unpack001/fgmagnifier.dll	aspack_v212_v242
static1/unpack001/fgsender.dll	aspack_v212_v242

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Magical Glass.exe
unpack001/Plug-Ins/Grid.dll
unpack001/Plug-Ins/RGB Info.dll
unpack001/Plug-Ins/RGB Info.dll.bak
unpack001/fggetcaretpos.dll
unpack001/fghidecursor.dll
unpack001/fgmagnifier.dll
unpack001/fgsender.dll

Files

688905c8764473bd3079c944da3b69cf
.rar
Magical Glass.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plug-Ins/Grid.dll
.dll windows:4 windows x86 arch:x86

c0c482ebc39e72f89fa0bd25d7099ed3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleFileNameA
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

wsprintfA

Exports

Exports

mgpiFilter
mgpiInit
mgpiRelease

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plug-Ins/RGB Info.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

mgpiFilter
mgpiInit
mgpiRelease

Sections

.text
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plug-Ins/RGB Info.dll.bak
.dll windows:4 windows x86 arch:x86

becad48e376ea47ad0a95fb6ba1d430b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
GetModuleFileNameA
LoadLibraryExA
GetProcAddress
FreeLibrary
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

SetRect
FillRect
ReleaseDC
wsprintfA
GetDC

gdi32

DeleteDC
CreateCompatibleDC
CreatePen
SelectObject
CreateSolidBrush
CreateCompatibleBitmap
GetDeviceCaps
CreateFontA
Ellipse
SetBkColor
SetTextColor
ExtTextOutA
GetObjectA
DeleteObject
GetDIBits

Exports

Exports

mgpiFilter
mgpiInit
mgpiRelease

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plug-Ins/下载说明.htm
.html .js polyglot
fggetcaretpos.dll
.dll windows:4 windows x86 arch:x86

cf97cc9c985c4a11f864b792525822be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
GetLastError
CreateFileMappingA
CloseHandle
UnmapViewOfFile
Sleep

user32

PostMessageA
GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
ClientToScreen
GetCaretPos
GetFocus

Exports

Exports

fgGetCaretPos
fgGetCaretPosInit
fgGetCaretPosRelease

Sections

.text
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 605B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fghidecursor.dll
.dll windows:4 windows x86 arch:x86

dad7a7bfa97190121f1b9a15cd9422b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep

user32

PostMessageA
UnhookWindowsHookEx
EnumWindows
SetWindowsHookExA
CallNextHookEx
ShowCursor

Exports

Exports

fgShowCursor

Sections

.text
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fgmagnifier.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

fgCloseMagnifier
fgCreateMagnifier
fgSetBrightnessMagnifier
fgmgpiGetCursorPos
fgmgpiGetSizePixel

Sections

.text
Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgsender.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

fgDestroySender
fgGetDXVersion
fgGetDisplayDeviceName
fgInitSender
fgRecordError

Sections

.text
Size: 18KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
license.txt
下载说明.htm
.html .js polyglot
汉化说明.TXT

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 20KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 20KB

.rsrc Size: 32KB - Virtual size: 32KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

c0c482ebc39e72f89fa0bd25d7099ed3

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

becad48e376ea47ad0a95fb6ba1d430b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

cf97cc9c985c4a11f864b792525822be

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 800B

.rdata Size: 1024B - Virtual size: 605B

.data Size: 512B - Virtual size: 32B

Shared Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 190B

dad7a7bfa97190121f1b9a15cd9422b8

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 480B

.rdata Size: 512B - Virtual size: 352B

.data Size: - Virtual size: 8B

Shared Size: 512B - Virtual size: 8B

.reloc Size: 512B - Virtual size: 118B

.text
Size: 20KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 20KB

.rsrc
Size: 32KB - Virtual size: 32KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 800B

.rdata
Size: 1024B - Virtual size: 605B

.data
Size: 512B - Virtual size: 32B

Shared
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 512B - Virtual size: 480B

.rdata
Size: 512B - Virtual size: 352B

.data
Size: - Virtual size: 8B

Shared
Size: 512B - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 118B

.text
Size: 21KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB