79c4ea09c217239f9f2984f2c8b2380d

Sharing

Copy URL

Twitter E-mail

General

Target

79c4ea09c217239f9f2984f2c8b2380d
Size

781KB
MD5

79c4ea09c217239f9f2984f2c8b2380d
SHA1

9a9ca5ed6aebec8090fc89f589fdd0b592ce1916
SHA256

afcf68a07d69614a211f2815e17fb252af56b43f3c4b4e648e5d1fb24309a0b9
SHA512

d12a3b6cad7aaef5b2e9c80de4e1d7e1c7981737fe542c669c76c17eb97fee5ac47648b118a8909e2ab160783c9e1699439b2e0c807596f487f38af8b3bf7829
SSDEEP

12288:SOhtxhLnuA7Dtn6vTBiTfgeSe61nG8nppfHpQaXHlD6rlJigRJ:S+F7uiSCn1CxinigRJ

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/camerarecord/零度摄像头录像软件/LPK.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/camerarecord/零度摄像头录像软件/LPK.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/camerarecord/零度摄像头录像软件/LPK.dll
unpack002/out.upx

Files

79c4ea09c217239f9f2984f2c8b2380d
.rar
camerarecord/PC下载 - 免费软件下载 - www.pcdown.net.url
.url
camerarecord/pcdown说明.txt
camerarecord/零度摄像头录像软件/LPK.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
camerarecord/零度摄像头录像软件/ldsxt.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 92KB

UPX1 Size: 14KB - Virtual size: 16KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 55KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 14KB - Virtual size: 16KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 55KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB