b32ec81f2616317c870524ee9d5a23e3[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b32ec81f2616317c870524ee9d5a23e3.bin
Size

1.3MB
MD5

b32ec81f2616317c870524ee9d5a23e3
SHA1

a5b30ad58988f7b1894a387a5bf4c83c16fa5a1c
SHA256

dda8dbb86425ea73b9ff11c109ea0e207b2c40745c5c20e9dad86230828c5ddd
SHA512

b43d512a0aec583e089a0de90ae7b417c13f949e1fb44d3488234904f74d41e3bafb40f18535f202ed785f87ef364d5c12475e8b8ba23fae587675f00a70181f
SSDEEP

24576:SvBvVFJ6Q5vbCN7YxHIHjdVh3ltYvexWBYMPJ69x/3GxFyCaqEnfxsNYZmYl0j6:SvBvDRQ7xDz3txUBYi+x/wFy1y6Blw6

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/FSMaxView/fsplugin02.dll	aspack_v212_v242

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FSMaxView/FSMVIcons.db
unpack001/FSMaxView/MaxView.exe
unpack001/FSMaxView/fsplugin01.dll
unpack001/FSMaxView/fsplugin02.dll

Files

b32ec81f2616317c870524ee9d5a23e3.bin
.rar
FSMaxView/FSMVIcons.db
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSMaxView/FSMVSettings.db
FSMaxView/MaxView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 837KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 137KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FSMaxView/Tips.db
.gif
FSMaxView/fsplugin01.dll
.dll windows:4 windows x86 arch:x86

933368af2946af8f4bc77ab0457ed8f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateFileW
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDefaultLangID
GetThreadLocale
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

wsock32

htonl
htons
ntohl
ntohs

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Utils2@Finalize
@@Utils2@Initialize
@@Utils@Finalize
@@Utils@Initialize
IEX_AddParameter
IEX_ExecuteRead
IEX_ExecuteTry
IEX_ExecuteWrite
IEX_Finalize
IEX_GetInfo
IEX_Initialize
IEX_SetCallBacks
IEX_SetInfo
___CPPdebugHook

Sections

.text
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FSMaxView/fsplugin02.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Andrew
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FSMaxView/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 4KB - Virtual size: 3KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 702B

.reloc Size: 512B - Virtual size: 432B

.rsrc Size: 145KB - Virtual size: 145KB

Headers

File Characteristics

Sections

Size: 837KB - Virtual size: 2.2MB

Size: 137KB - Virtual size: 1.0MB

Size: 1024B - Virtual size: 44KB

.rsrc Size: 76KB - Virtual size: 452KB

.aspack Size: 32KB - Virtual size: 36KB

.adata Size: - Virtual size: 4KB

933368af2946af8f4bc77ab0457ed8f1

Headers

File Characteristics

Imports

advapi32

kernel32

wsock32

user32

oleaut32

Exports

Exports

Sections

.text Size: 289KB - Virtual size: 292KB

.data Size: 34KB - Virtual size: 464KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 8KB

.reloc Size: 22KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 55KB - Virtual size: 104KB

.rdata Size: 3KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 28KB

.Andrew Size: 4KB - Virtual size: 4KB

.adata Size: - Virtual size: 4KB

CODE
Size: 4KB - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 702B

.reloc
Size: 512B - Virtual size: 432B

.rsrc
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 76KB - Virtual size: 452KB

.aspack
Size: 32KB - Virtual size: 36KB

.adata
Size: - Virtual size: 4KB

.text
Size: 289KB - Virtual size: 292KB

.data
Size: 34KB - Virtual size: 464KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 22KB - Virtual size: 24KB

.text
Size: 55KB - Virtual size: 104KB

.rdata
Size: 3KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 28KB

.Andrew
Size: 4KB - Virtual size: 4KB

.adata
Size: - Virtual size: 4KB