796646846a41997b7451155e4a9e1512

Sharing

Copy URL Twitter E-mail

General

Target

796646846a41997b7451155e4a9e1512
Size

803KB
MD5

796646846a41997b7451155e4a9e1512
SHA1

889a2fa823bfdcaa06068eadc04d470adcdc09bd
SHA256

c3041bd0ae53dc700085a7d733737e320a788127fb88e0a9ded9e8199aa55c9a
SHA512

def366fe993be925216ee168610c2bccec10ac93b3b21f06eba5045444a936b03c091fc111168ab2ba5e59510af2735b7fe1e9b2b0af6482c9508456d661a0a7
SSDEEP

12288:/UTeSnlcdberK3w3Jhdct+8qngDfG2AiXIkivhoZp6neYNcn0U87D7CSndE64FQz:ilyQVZ7vgDe1kYaZ4zDucE6wVPxQ

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/bpbd/data/skins/skin.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bpbd/data/skins/skin.dll	upx
static1/unpack001/bpbd/百度图片疯狂下载.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack003/out.upx	autoit_exe

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bpbd/data/skins/skin.dll
unpack001/bpbd/百度图片疯狂下载.exe
unpack003/out.upx

Files

796646846a41997b7451155e4a9e1512
.rar
bpbd/data/about/about.htm
.html
bpbd/data/about/logo.gif
.gif
bpbd/data/advanced/advancedsearch.htm
.html
bpbd/data/advanced/bottombj.htm
bpbd/data/advanced/help.png
.png
bpbd/data/advanced/help_hover.png
.png
bpbd/data/advanced/images/diy.gif
.gif
bpbd/data/advanced/title.ico
bpbd/data/config/config.htm
.html
bpbd/data/config/download.png
.png
bpbd/data/config/title.ico
bpbd/data/download/desktop/desktop.ini
bpbd/data/download/desktop/slicer.ico
bpbd/data/download/download_complete.wav
bpbd/data/js/common.js
.js
bpbd/data/js/iepngfx.js
.js
bpbd/data/language/english.conf
bpbd/data/language/简体中文.conf
bpbd/data/main.conf
bpbd/data/shutdown/shut_down.png
.png
bpbd/data/shutdown/shutdown.htm
.html .js polyglot
bpbd/data/skins/QQ2009.sh
bpbd/data/skins/black.sh
bpbd/data/skins/skin.conf
bpbd/data/skins/skin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bpbd/data/style/common.css
bpbd/data/数据目录，请勿随意修改！
bpbd/百度图片疯狂下载.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 716KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bpbd/软件截图.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 716KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 278KB - Virtual size: 280KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 281KB - Virtual size: 280KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 716KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 278KB - Virtual size: 280KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 281KB - Virtual size: 280KB