bab77e1d38039e61f1dcb692cf0933a3

Sharing

Copy URL Twitter E-mail

General

Target

bab77e1d38039e61f1dcb692cf0933a3
Size

4.8MB
MD5

bab77e1d38039e61f1dcb692cf0933a3
SHA1

bdbc897b3ce6678f23aa63266e85c6a44410c520
SHA256

11dac78ae274387b2d286ca73875c67f2b5ac99357ea484374c0aefb8859ce54
SHA512

92b49b1827844331bada5fe1067c125577ecba11012801bcc869defbadd2be9da914990a073c8688a59719374a3768b18caf71538038fd946ea6e071e8c30ec9
SSDEEP

98304:TaRqRX+fgGhYpldyXvioKP78ghqHwIOjKgrHTFYS7/X+Py/K0ywOZ:yqZSgGmld3zhqHzgriSzBVy

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/csdict/潮汕词典.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/csdict/潮汕词典.exe

Files

bab77e1d38039e61f1dcb692cf0933a3
.rar
csdict/Data.db
csdict/sound/偏枯.wav
csdict/sound/大头好脸.wav
csdict/sound/拜老爷.wav
csdict/sound/排比.wav
csdict/sound/爱炊圆.wav
csdict/sound/白仁.wav
csdict/sound/窝做.wav
csdict/sound/食父仔.wav
csdict/微软TTS5.1语音引擎(中文).msi
.msi
csdict/潮汕词典.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 716KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 716KB - Virtual size: 2.1MB

.itext Size: 3KB - Virtual size: 8KB

.data Size: 10KB - Virtual size: 28KB

.bss Size: - Virtual size: 24KB

.idata Size: 5KB - Virtual size: 16KB

.didata Size: 512B - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 184KB

.rsrc Size: 165KB - Virtual size: 460KB

.aspack Size: 164KB - Virtual size: 164KB

.adata Size: - Virtual size: 4KB

.text
Size: 716KB - Virtual size: 2.1MB

.itext
Size: 3KB - Virtual size: 8KB

.data
Size: 10KB - Virtual size: 28KB

.bss
Size: - Virtual size: 24KB

.idata
Size: 5KB - Virtual size: 16KB

.didata
Size: 512B - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 184KB

.rsrc
Size: 165KB - Virtual size: 460KB

.aspack
Size: 164KB - Virtual size: 164KB

.adata
Size: - Virtual size: 4KB