b52ee4d3558942d62cefd3c39e5a6680

Sharing

Copy URL

Twitter E-mail

General

Target

b52ee4d3558942d62cefd3c39e5a6680
Size

1.9MB
MD5

b52ee4d3558942d62cefd3c39e5a6680
SHA1

008d104dbb7562a4954cc31c3d779cb21fbe5914
SHA256

6273d0d3bcdd9f880c3da07b970fe34bf6f002f3fb8712e8162b980899bd69f8
SHA512

9ec8627f71c71f6a19393de9768498603a5ce948b6c83cfda664fd795fdfec90566e0978cc023633a016c529f9e82a5d3269e36df493be0870c14f33b01b4112
SSDEEP

49152:FE/oV6Umm3K1/e4r/jd8Co51hI1Zp75G+:FE/c53KH/jdGX+1zFG+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/鸿言文章创作系统.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HongYan.exe
unpack001/鸿言文章创作系统.exe
unpack002/out.upx

Files

b52ee4d3558942d62cefd3c39e5a6680
.rar
HongYan.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

test
Size: - Virtual size: 988KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 625KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HongYan.ini
HongYan/Data/hongyan.hd
HongYan/Img/01.gif
.gif
HongYan/Img/02.gif
.gif
HongYan/Img/03.gif
.gif
HongYan/Img/04.gif
.gif
HongYan/Img/05.gif
.gif
HongYan/Img/06.gif
.gif
HongYan/Img/201012141940475345.jpg
.gif
HongYan/Img/201012141940481931.jpg
.gif
HongYan/Img/201012141940483793.jpg
.gif
HongYan/Img/201012141940489974.jpg
.gif
HongYan/Img/201012141940491444.jpg
.gif
HongYan/Img/201012141940492285.jpg
.gif
HongYan/Img/201012141940497555.jpg
.gif
HongYan/Img/201012141940503387.jpg
.gif
HongYan/Img/201012141940503625.jpg
.gif
HongYan/Img/201012141940503978.jpg
.gif
HongYan/Img/201012141940506691.jpg
.gif
HongYan/Img/201012141940509559.jpg
.gif
使用说明.txt
新云软件.url
.url
鸿言文章创作系统.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 227KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

test Size: - Virtual size: 988KB

data Size: 625KB - Virtual size: 628KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 408KB

UPX1 Size: 227KB - Virtual size: 228KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 60KB - Virtual size: 145KB

.rsrc Size: 24KB - Virtual size: 22KB

test
Size: - Virtual size: 988KB

data
Size: 625KB - Virtual size: 628KB

.rsrc
Size: 6KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 408KB

UPX1
Size: 227KB - Virtual size: 228KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 60KB - Virtual size: 145KB

.rsrc
Size: 24KB - Virtual size: 22KB