b94e6def1de044726fc8faa86b9cf18b

Sharing

Copy URL Twitter E-mail

General

Target

b94e6def1de044726fc8faa86b9cf18b
Size

1.6MB
MD5

b94e6def1de044726fc8faa86b9cf18b
SHA1

0c035289caa8c91a59fc71a6d124eba42ec38238
SHA256

5db92f615a35fe20642aad2c7ced302dbb7971f076c79bbc719aaf72710315e0
SHA512

295ce48e66e552fb7e5afd9b42bf4d2023a511d46d5b38db45e6be6d12dc5666bf215aa71bceeccff7e9f8e7584e691a6414d1d8016ae1cb4156d374c895a3aa
SSDEEP

24576:Rl0JJxs4jexzlyFrqtbyc/vJFJG/XNIJvhKuWmrpyNRb5v2MoRqryt7EKkw9/9FY:RlgJyZMu3JqFSq952MoPtwKkkn0+dJfA

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack004/out.upx	patched_upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/3565514580/Bin/CSDNExplorer.ZMX	upx
static1/unpack001/3565514580/Bin/LiveUpdate.dll	upx
static1/unpack001/3565514580/upx/UPX.EXE	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3565514580/Bin/CSDNExplorer.ZMX
unpack001/3565514580/Bin/CSDNExplorer.exe
unpack001/3565514580/Bin/IEPlugin.dll
unpack001/3565514580/Bin/LiveUpdate.dll
unpack001/3565514580/upx/UPX.EXE
unpack004/out.upx

Files

b94e6def1de044726fc8faa86b9cf18b
.rar
3565514580/Bin/BuildAll.bat
3565514580/Bin/BuildExplorer.bat
3565514580/Bin/BuildIEPlugin.bat
3565514580/Bin/BuildLiveUpdate.bat
3565514580/Bin/CSDNExplorer.ZMX
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 824KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3565514580/Bin/CSDNExplorer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3565514580/Bin/CSDNExplorer.html
.html
3565514580/Bin/CSDNExplorer.xml
.xml
3565514580/Bin/Config.xml
.xml
3565514580/Bin/Forum.mdb
3565514580/Bin/Forum1.mdb
3565514580/Bin/Help.html
.html
3565514580/Bin/IEPlugin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVersion

Sections

CODE
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3565514580/Bin/IEPlugin.htm
.html .vbs polyglot
3565514580/Bin/IEPluginReg.bat
3565514580/Bin/IEPluginUnreg.bat
3565514580/Bin/LiveUpdate.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3565514580/Bin/MakeRes.bat
3565514580/Bin/MyRes.rc
3565514580/Bin/PackExplorer.bat
3565514580/Bin/PackIEPlugin.bat
3565514580/Bin/PackLiveUpdate.bat
3565514580/Bin/Rooms.xml
3565514580/IEPlugin/BaseCSDNForum.pas
3565514580/IEPlugin/Build.bat
3565514580/IEPlugin/IEPlugin.cfg
3565514580/IEPlugin/IEPlugin.dof
3565514580/IEPlugin/IEPlugin.dpr
3565514580/IEPlugin/IEPlugin.res
3565514580/IEPlugin/IEPlugin.tlb
3565514580/IEPlugin/IEPlugin.~tlb
3565514580/IEPlugin/IEPlugin_TLB.pas
3565514580/IEPlugin/UPlugin_Imple.pas
3565514580/LiveUpdate/Build.bat
3565514580/LiveUpdate/LiveUpdate.cfg
3565514580/LiveUpdate/LiveUpdate.dpr
3565514580/LiveUpdate/LiveUpdate.res
3565514580/LiveUpdate/UMainForm.dfm
3565514580/LiveUpdate/UMainForm.pas
3565514580/LiveUpdate/UTools.pas
3565514580/Resource/star1.gif
.gif
3565514580/Resource/star2.gif
.gif
3565514580/Resource/star3.gif
.gif
3565514580/Resource/star4.gif
.gif
3565514580/Resource/star5.gif
.gif
3565514580/Resource/user1.gif
.gif
3565514580/Resource/user2.gif
.gif
3565514580/Resource/user3.gif
.gif
3565514580/Resource/user4.gif
.gif
3565514580/Resource/user5.gif
.gif
3565514580/Src/About.dfm
3565514580/Src/About.pas
3565514580/Src/Build.bat
3565514580/Src/CSDNExplorer.cfg
3565514580/Src/CSDNExplorer.dof
3565514580/Src/CSDNExplorer.dpr
3565514580/Src/CSDNExplorer.dpr.bak
3565514580/Src/CSDNExplorer.drc
3565514580/Src/CSDNExplorer.res
3565514580/Src/CSDNForum.pas
3565514580/Src/CSDNForum.pas.bak
3565514580/Src/Global.pas
3565514580/Src/IParamsReader.pas
3565514580/Src/Languages.pas
3565514580/Src/Login.dfm
3565514580/Src/Login.pas
3565514580/Src/LoginFace.dfm
3565514580/Src/LoginFace.pas
3565514580/Src/MainForm.dfm
3565514580/Src/MainForm.pas
3565514580/Src/MyRes.res
3565514580/Src/PostNew.dfm
3565514580/Src/PostNew.pas
3565514580/Src/Reply.dfm
3565514580/Src/Reply.pas
3565514580/Src/ReplyBak.dfm
3565514580/Src/ReplyBak.pas
3565514580/Src/SendMsg.dfm
3565514580/Src/SendMsg.pas
3565514580/Src/StringTables.pas
.js
3565514580/Src/StringTables.pas.bak
.js
3565514580/Src/UBaseForum.pas
3565514580/Src/UDM.dfm
3565514580/Src/UDM.pas
3565514580/Src/UMyPageControl.pas
3565514580/Src/URemoteParams.pas
3565514580/Src/UThread.pas
3565514580/Src/UTopicListParse.pas
3565514580/Src/UTopicParse.pas
3565514580/Src/avi.RES
3565514580/upx/UPX-PROT.EXE
3565514580/upx/UPX.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3565514580/upx/cp.bat
3565514580/upx/make.bat
3565514580/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 824KB

UPX1 Size: 438KB - Virtual size: 440KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 1.2MB - Virtual size: 1.2MB

DATA Size: 15KB - Virtual size: 14KB

BSS Size: - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 81KB - Virtual size: 80KB

.rsrc Size: 738KB - Virtual size: 738KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 382KB - Virtual size: 381KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 186B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 24KB - Virtual size: 24KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 344KB

UPX1 Size: 191KB - Virtual size: 192KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 116KB

UPX1 Size: 85KB - Virtual size: 88KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 824KB

UPX1
Size: 438KB - Virtual size: 440KB

.rsrc
Size: 5KB - Virtual size: 8KB

CODE
Size: 1.2MB - Virtual size: 1.2MB

DATA
Size: 15KB - Virtual size: 14KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 738KB - Virtual size: 738KB

CODE
Size: 382KB - Virtual size: 381KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 186B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 24KB - Virtual size: 24KB

UPX0
Size: - Virtual size: 344KB

UPX1
Size: 191KB - Virtual size: 192KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 116KB

UPX1
Size: 85KB - Virtual size: 88KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 5KB