bdef282895fb1c1a08881919b3ce98b0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdef282895fb1c1a08881919b3ce98b0
Size

512KB
MD5

bdef282895fb1c1a08881919b3ce98b0
SHA1

eda2b5deeb8f395a8da4bd2cb014ab02e5fa7dd6
SHA256

2b9e4a6acab4387a7e1aab8e30c7ff32b2b74982dc60e3514b7cd59826a7c1f9
SHA512

4bb3f6f40c8a289eb052c43a2f77e3038884d1f099dc4db4a16c5897b3644c563a9a6b137ee694852d9e2919a228c28ddb210a8dfc00701f0468f7d67a5bb999
SSDEEP

12288:Do91y5Mf5ZYLF0u+yeQ/HN7ejW8OOZ1rj6yMioRPg:qIMf5ZYB0u+yestsWoTj/YBg

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/qq家园超人-1.09/QQ家园1.09.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qq家园超人-1.09/QQ家园1.09.exe

Files

bdef282895fb1c1a08881919b3ce98b0
.rar
qq家园超人-1.09/QQ家园1.09.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 396KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
qq家园超人-1.09/use.edb
qq家园超人-1.09/新云软件.url
.url
qq家园超人-1.09/更新日志-7-14.txt