b61e1dfc3206d94ac938f678f31dd765

Sharing

Copy URL

Twitter E-mail

General

Target

b61e1dfc3206d94ac938f678f31dd765
Size

254KB
MD5

b61e1dfc3206d94ac938f678f31dd765
SHA1

6e114172bc8fb10ef1ff91b99087fd2da305f4e5
SHA256

b144e9277ccc80cf8d43d8148be33f3963bff17171b2aaf47bb5daa7ad5f468b
SHA512

0d9ad5d1d15ab8b326e01e249c2f11a82d21f5108e7f62c1c52ab57ad0d247852ba2dee5b73f4346699d0ec2148b86180284ab97ced6bb93a89afff341764be3
SSDEEP

6144:KoajeIQbZaJW0soyzg9s1BOThVaETrkaYOM0iu1PMtiJD35da:wjeIQboOoC1BckET40EOPq6D3Ta

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/注册机.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SmartUndelete.exe
unpack001/disk32.dll
unpack001/注册机.exe
unpack002/out.upx

Files

b61e1dfc3206d94ac938f678f31dd765
.rar
SmartUndelete.exe
.exe windows:4 windows x86 arch:x86

245e5a2054f09ecd806f2fdc4b28ae44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetFileType
SetStdHandle
CompareStringA
CompareStringW
GetStdHandle
GetProfileStringA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetACP
HeapReAlloc
HeapSize
TerminateProcess
GetTimeZoneInformation
HeapAlloc
HeapFree
RaiseException
ExitProcess
GetStartupInfoA
RtlUnwind
GetTickCount
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetCurrentDirectoryA
GetStringTypeExA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalAlloc
GetCurrentThread
GetThreadLocale
FormatMessageA
lstrcmpA
GlobalFree
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
MulDiv
SetLastError
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FindFirstFileA
FindClose
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVolumeInformationA
lstrcpyA
WinExec
GetCommandLineA
GetVersion
GetShortPathNameA
GetLastError
DeviceIoControl
GetDriveTypeA
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
Sleep
SizeofResource
GetCurrentThreadId
GetProcAddress
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
CreateThread
GetFileAttributesA
CreateDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetTempPathA
DeleteFileA
VirtualAlloc
VirtualFree
GetModuleHandleA
Beep
CloseHandle
CreateFileA
WriteFile
FlushFileBuffers
LocalAlloc
LocalLock
SetFilePointer
LocalFree
ReadFile
LocalUnlock

user32

GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateDialogIndirectParamA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CharUpperA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetCursorPos
FindWindowExA
CallNextHookEx
SetDlgItemTextA
UpdateWindow
SetWindowsHookExA
MessageBoxA
LoadCursorA
CopyIcon
MessageBeep
KillTimer
SetTimer
IsWindow
SetWindowLongA
GetSystemMetrics
LoadIconA
DrawTextA
wsprintfA
LoadBitmapA
DestroyMenu
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
DestroyCursor
GetTabbedTextExtentA
FindWindowA
CopyAcceleratorTableA
GetMenuStringA
EnableWindow
FrameRect
LoadMenuA
GetSysColor
LoadImageA
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
EndDialog
PostThreadMessageA
RegisterClipboardFormatA
GetNextDlgGroupItem
InvertRect
LockWindowUpdate
CreateWindowExA
GetDCEx
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
InsertMenuA
GetSysColorBrush
GetClassNameA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
GetSystemMenu
DeleteMenu
AppendMenuA
IsRectEmpty
SetParent
SetCursorPos
SetCapture
RedrawWindow
IsZoomed
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
GetDesktopWindow
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
PtInRect
SetRect
CallWindowProcA
CharNextA
LoadStringA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
CreateRectRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
CreateSolidBrush
OffsetViewportOrgEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
DPtoLP
GetTextColor
GetBkColor
Rectangle
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDCA
StretchDIBits
GetCharWidthA
GetTextExtentPoint32A
GetTextMetricsA
LPtoDP
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
StartDocA
GetClipBox
CreateFontIndirectA
GetDIBits
SetDIBits
GetObjectA
GetPixel
SetPixel
CreateFontA
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateDIBitmap
GetTextExtentPointA
DeleteObject

comdlg32

PrintDlgA
GetFileTitleA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegCloseKey
RegSetValueA

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
ExtractIconA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetImageCount
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

VariantClear
VariantChangeType
SysFreeString
SysAllocString
VariantCopy
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime

winmm

PlaySoundA

Sections

.text
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
disk.vxd
disk16.dll
disk32.dll
.dll windows:4 windows x86 arch:x86

a0e4f543c8a56bc720eb38d4ccdb60a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStrings
SUnMapLS_IP_EBP_28
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SMapLS_IP_EBP_28
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetEnvironmentStrings
SUnMapLS_IP_EBP_28
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SMapLS_IP_EBP_28
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

CheckInt13Extension32
Disk_ThunkData32
ReadDisk32
WriteDisk32

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.chm
.chm
新云软件.url
.url
注册机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245e5a2054f09ecd806f2fdc4b28ae44

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

winmm

Sections

.text Size: 332KB - Virtual size: 329KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 36KB - Virtual size: 52KB

.rsrc Size: 164KB - Virtual size: 162KB

a0e4f543c8a56bc720eb38d4ccdb60a6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 11KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: 332KB - Virtual size: 329KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 36KB - Virtual size: 52KB

.rsrc
Size: 164KB - Virtual size: 162KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 21KB