c144b537edd60371f082e143cce00451

Sharing

Copy URL

Twitter E-mail

General

Target

c144b537edd60371f082e143cce00451
Size

572KB
MD5

c144b537edd60371f082e143cce00451
SHA1

6fa59bbfabe6d0ece7c99bdcdc8f509508605bd3
SHA256

3c97385502fcfa3ff984626eda1461de3af1a9e197c5959583dda8ba401d8581
SHA512

87ba767f7eefb136dfaa2b9965c8785c86512154803a22356ecceb6418bfbf5546b5cf2405abe364392edaad183337e32b3e54b95e940f1a8a14dc80b929c3af
SSDEEP

12288:+dDK+6u9BJLNJ2Z0uBUuLvsczjcxwihlqCrMUR5Tgd5DFkxis:DXIlUCuuubsAjCRhLrz5TOFmv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ValueAdd/Radar.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MathToys.exe
unpack001/MathToysADD.exe
unpack001/Source Code/一元函数求导器/bin/DerivativeM.exe
unpack001/Source Code/一元函数求导器/bin/DerivativeM.vshost.exe
unpack001/Source Code/一元函数求导器/obj/Debug/DerivativeM.exe
unpack001/ValueAdd/Clock.exe
unpack001/ValueAdd/Radar.exe
unpack002/out.upx

Files

c144b537edd60371f082e143cce00451
.rar
Example/下载说明.htm
.html .js polyglot
Example/使用技巧.txt
Example/数学表达式示例/Sample.bmp
MathToys.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MathToysADD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Documents and Settings\Administrator\My Documents\Visual Studio 2005\Projects\Calcite\debug\Calcite.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Readme.htm
.html
Source Code/Procedure.txt
.vbs
Source Code/一元函数求导器/AssemblyInfo.vb
Source Code/一元函数求导器/DerivativeM.sln
Source Code/一元函数求导器/DerivativeM.suo
Source Code/一元函数求导器/DerivativeM.vbproj
Source Code/一元函数求导器/DerivativeM.vbproj.user
Source Code/一元函数求导器/My Project/MyApplication.myapp
.xml
Source Code/一元函数求导器/My Project/MyApplication.vb
Source Code/一元函数求导器/My Project/MyResources.resx
.vbs
Source Code/一元函数求导器/bin/DerivativeM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Calc2003\Setup\Calcite\源代码\一元函数求导器\obj\Debug\DerivativeM.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Source Code/一元函数求导器/bin/DerivativeM.pdb
Source Code/一元函数求导器/bin/DerivativeM.vshost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\beta2\vsproject\vshost\vshostneutral\objr\i386\vshost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Source Code/一元函数求导器/de.vb
.vbs
Source Code/一元函数求导器/derivative.Designer.vb
.vbs
Source Code/一元函数求导器/derivative.resX
.vbs
Source Code/一元函数求导器/derivative.vb
Source Code/一元函数求导器/obj/Debug/DerivativeM.DForm.resources
Source Code/一元函数求导器/obj/Debug/DerivativeM.MyResources.resources
Source Code/一元函数求导器/obj/Debug/DerivativeM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Calc2003\Setup\Calcite\源代码\一元函数求导器\obj\Debug\DerivativeM.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Source Code/一元函数求导器/obj/Debug/DerivativeM.pdb
Source Code/一元函数求导器/obj/Debug/DerivativeM.vbproj.GenerateResource.Cache
Source Code/一元函数求导器/obj/DerivativeM.vbproj.FileList.txt
Source Code/下载说明.htm
.html .js polyglot
Update/CalciteM Update.url
Update/Visual Basic 6.0 Runtime Download.url
Update/下载说明.htm
.html .js polyglot
ValueAdd/Clock.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ValueAdd/Radar.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ValueAdd/下载说明.htm
.html .js polyglot
Wav/0a.wav
Wav/0b.wav
Wav/10a.wav
Wav/10b.wav
Wav/1a.wav
Wav/1b.wav
Wav/2a.wav
Wav/2b.wav
Wav/3a.wav
Wav/3b.wav
Wav/4a.wav
Wav/4b.wav
Wav/5a.wav
Wav/5b.wav
Wav/6a.wav
Wav/6b.wav
Wav/7a.wav
Wav/7b.wav
Wav/8a.wav
Wav/8b.wav
Wav/9a.wav
Wav/9b.wav
Wav/No.wav
Wav/Space.wav
Wav/Win.mid
Wav/point.wav
Wav/shoot.WAV
Wav/shoot.wav.bak
Wav/start.wav
Wav/win.WAV
Wav/下载说明.htm
.html .js polyglot
WhatsNew.txt
下载说明.htm
.html .js polyglot
用户须知.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

code Size: - Virtual size: 1004KB

text Size: 353KB - Virtual size: 356KB

.rsrc Size: 4KB - Virtual size: 8KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 28KB - Virtual size: 25KB

.sdata Size: 4KB - Virtual size: 136B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 28KB - Virtual size: 25KB

.sdata Size: 4KB - Virtual size: 136B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Sections

code Size: - Virtual size: 24KB

text Size: 4KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 45KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

code
Size: - Virtual size: 1004KB

text
Size: 353KB - Virtual size: 356KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 28KB - Virtual size: 25KB

.sdata
Size: 4KB - Virtual size: 136B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 28KB - Virtual size: 25KB

.sdata
Size: 4KB - Virtual size: 136B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 12B

code
Size: - Virtual size: 24KB

text
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 45KB - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB