70dd5c7911ffc8f01f6defb3716e1903

Sharing

Copy URL

Twitter E-mail

General

Target

70dd5c7911ffc8f01f6defb3716e1903
Size

599KB
MD5

70dd5c7911ffc8f01f6defb3716e1903
SHA1

06ef4443de4c0489eb79a63f69ef169f3c5eef71
SHA256

d459e7f18ed952545651117361ee2e6a0aebd0f2e5ad8713b9c620ecc609c90c
SHA512

8dea036810cab4feb68d7975a08f5fb4fccfb91eab162b4faee29dafa1e36b0f4844fb6ad4a4a7bb152e64f9a628ded05e2447442b7021cd42ee2e1382ef38d7
SSDEEP

12288:LH7lk0ety5Bq3UV8aiULBmd7hwCrHiuus4trCwAqRR+Khs8pQyq2Hs:LHZXSyLqUNG7hwCrCbTAEVMyq2Hs

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/tools/RemapKey.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tools/RemapKey.exe
unpack001/跑跑卡丁车辅助工具.exe

Files

70dd5c7911ffc8f01f6defb3716e1903
.rar
tools/0.jpg
.jpg
tools/1.htm
.html
tools/1.jpg
.jpg
tools/1.jpg.jpg
.jpg
tools/10.jpg.jpg
.jpg
tools/11.jpg.jpg
.jpg
tools/2.htm
.html
tools/2.jpg
.jpg
tools/2.jpg.jpg
.jpg
tools/3.jpg
.jpg
tools/3.jpg.jpg
.jpg
tools/4.jpg
.jpg
tools/4.jpg.jpg
.jpg
tools/5.jpg
.jpg
tools/5.jpg.jpg
.jpg
tools/6.jpg.jpg
.jpg
tools/7.jpg.jpg
.jpg
tools/8.jpg.jpg
.jpg
tools/9.jpg.jpg
.jpg
tools/RemapKey.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 97KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/新云软件.url
.url
跑跑卡丁车辅助工具.exe
.exe windows:4 windows x86 arch:x86

41ee72c99c71a24465b57aaf14dd106c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

Sections

CODE
Size: 158KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 97KB - Virtual size: 196KB

.rdata Size: 10KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 36KB

.idata Size: 3KB - Virtual size: 12KB

.rsrc Size: 39KB - Virtual size: 88KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

41ee72c99c71a24465b57aaf14dd106c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

Sections

CODE Size: 158KB - Virtual size: 460KB

.rsrc Size: 11KB - Virtual size: 12KB

.text
Size: 97KB - Virtual size: 196KB

.rdata
Size: 10KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 36KB

.idata
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 39KB - Virtual size: 88KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 158KB - Virtual size: 460KB

.rsrc
Size: 11KB - Virtual size: 12KB