74338df4e5eb69a76edc6395e0739eb47f1e423c54a3f94ebcb2a864659ee2f4 | Triage

Sharing

General

Target

74338df4e5eb69a76edc6395e0739eb47f1e423c54a3f94ebcb2a864659ee2f4
Size

575KB
MD5

a036f8dc60ad7953d407b93103aae912
SHA1

fcf25602e39b25b659d727c9f28749f05c0021c0
SHA256

74338df4e5eb69a76edc6395e0739eb47f1e423c54a3f94ebcb2a864659ee2f4
SHA512

367e86db52ad506862c93dcbc1e5c97988d77c32a4e9d37692c69c51d2bf7e64c24534891d16afeb17017017ccd2ee81c762625b6d64e7fa99ea2c54eaface30
SSDEEP

12288:l0g5CoLElKogS/mmuEydnARYKoRtam9C7rSqe0BnAtF:LFL+KogS/4HVK9Hp1C

Score

7^/10

qr link aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/ıV21.5.9.14.exe	aspack_v212_v242

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ıV21.5.9.14.exe

Files

74338df4e5eb69a76edc6395e0739eb47f1e423c54a3f94ebcb2a864659ee2f4
.zip
软件下载与安装.png
.png
- http://weixin.qq.com/r/_DqGnv7Ee6MErbr992-q
ıV21.5.9.14.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 352KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE