c7d66b87e01f06d19c6dba65d6adddd1

Sharing

Copy URL Twitter E-mail

General

Target

c7d66b87e01f06d19c6dba65d6adddd1
Size

4.7MB
MD5

c7d66b87e01f06d19c6dba65d6adddd1
SHA1

7e941800ecfd6c17a4c511a20e459e98e33bb325
SHA256

50affc6a5344a9aa9915e69659f95bb4762f1c459bfbd7cd3dbecc1680e351f1
SHA512

38dc9ec8be00608743c66339f600db9acb4a15378fd33c41179ec24947123c400018d4fa980c8276ac02fcafa8d5fd1c4ec12466556c874904b22cc784cca999
SSDEEP

98304:QbU9k4A5R4XRcsmcREZH7bLm2md+AWRJESXX7GtLjxt9pX+JevG:Z9kl5R4oJZntmd+A9Sn8Ljxt9pOJee

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/513CrossGateOnline/513CrossGate.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/513CrossGateOnline/513CrossGate.exe
unpack002/out.upx
unpack001/513CrossGateOnline/513cg.exe

Files

c7d66b87e01f06d19c6dba65d6adddd1
.rar
513CrossGateOnline/513CrossGate.bat
513CrossGateOnline/513CrossGate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 636KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 759KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

aG[x$q<-
Size: 829KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AX/F;=,t
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

;x;2*78P
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

P>;B,,*w
Size: - Virtual size: 17KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

: M;BR?P
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,5G&^^5%
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

?/`)U?W6
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XGhcDLj%
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

+0N!VGD5
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

giA6YMSc
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

x0e v;RI
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
513CrossGateOnline/513cg.exe
.exe windows:4 windows x86 arch:x86

0d4635d1a64a56c834879eeb032e0eb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

imm32

ImmCreateContext
ImmAssociateContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmGetCompositionStringA
ImmGetCandidateListA
ImmReleaseContext
ImmGetConversionStatus

wsock32

WSAGetLastError
send
socket
inet_ntoa
closesocket
htons
ioctlsocket
gethostbyname
connect
setsockopt
WSACleanup
WSAStartup
select
__WSAFDIsSet
recv

kernel32

FreeLibrary
GetProcAddress
OutputDebugStringA
LoadLibraryA
ExitThread
WaitForMultipleObjects
CreateThread
CreateEventA
CopyFileA
DeleteFileA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseMutex
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileAttributesA
RtlUnwind
GetVersion
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
TerminateProcess
GetFileType
FileTimeToLocalFileTime
Sleep
GetFileSize
MultiByteToWideChar
GlobalHandle
GlobalFree
CreateFileA
WriteFile
CloseHandle
FileTimeToSystemTime
InterlockedIncrement
GlobalAlloc
lstrcpyA
GlobalLock
GlobalUnlock
GetTickCount
FreeEnvironmentStringsA
CompareStringW
CompareStringA
RaiseException
IsBadCodePtr
InterlockedDecrement
GetSystemTime
GetTimeZoneInformation
FlushFileBuffers
PeekNamedPipe
WideCharToMultiByte
SetEvent
InitializeCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
SetEndOfFile
GetLocalTime
ResumeThread
ResetEvent
GetModuleHandleA
GetExitCodeProcess
CreateProcessA
ReadFile
SetFilePointer
WaitForSingleObject
OpenEventA
GetModuleFileNameA
lstrcatA
GetLastError
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
OpenMutexA
TerminateThread
CreateMutexA
GetComputerNameA
lstrlenA
lstrcmpA
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle

user32

GetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
GetAsyncKeyState
GetCursorPos
ScreenToClient
DestroyWindow
PostQuitMessage
SetCursor
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
AdjustWindowRectEx
ShowWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
UpdateWindow
SetSysColors
GetSysColor
LoadIconA
LoadCursorA
RegisterClassA
SetWindowTextA
GetKeyboardState
PostMessageA
ShowCursor
SetRect
ClientToScreen
GetClientRect
OffsetRect
GetDC
ReleaseDC
OpenClipboard

gdi32

GetDIBits
BitBlt
DeleteObject
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetDeviceCaps
SetTextColor
TextOutA
CreateFontA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

dsound

ord1

winmm

timeGetTime
mmioOpenA
mciSendCommandA
mmioDescend
mmioRead
mmioAscend
mmioClose

ws2_32

WSASend

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

advapi32

RegCloseKey
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
RegEnumValueA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
513CrossGateOnline/bin/AnimeAp.bin
.gz
AnimeAp.bin
513CrossGateOnline/bin/AnimeApdd.bin
513CrossGateOnline/bin/AnimeInfoV2_1.Bin
513CrossGateOnline/bin/AnimeInfoV3_11.bin
513CrossGateOnline/bin/AnimeInfoV3_7.bin
513CrossGateOnline/bin/AnimeInfo_7.bin
513CrossGateOnline/bin/AnimeInfo_Joy_12.bin
513CrossGateOnline/bin/AnimeV2_1.Bin
513CrossGateOnline/bin/AnimeV3_11.bin
513CrossGateOnline/bin/AnimeV3_7.bin

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 636KB

UPX1 Size: 759KB - Virtual size: 760KB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Sections

aG[x$q<- Size: 829KB - Virtual size: 829KB

AX/F;=,t Size: 4KB - Virtual size: 3KB

;x;2*78P Size: 19KB - Virtual size: 18KB

P>;B,,*w Size: - Virtual size: 17KB

: M;BR?P Size: 12KB - Virtual size: 11KB

,5G&^^5% Size: - Virtual size: 52B

?/`)U?W6 Size: 512B - Virtual size: 24B

XGhcDLj% Size: 53KB - Virtual size: 52KB

+0N!VGD5 Size: 108KB - Virtual size: 108KB

giA6YMSc Size: 261KB - Virtual size: 260KB

x0e v;RI Size: 53KB - Virtual size: 52KB

0d4635d1a64a56c834879eeb032e0eb6

Headers

File Characteristics

Imports

ddraw

imm32

wsock32

kernel32

user32

gdi32

shell32

ole32

dsound

winmm

ws2_32

wininet

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 244KB - Virtual size: 9.7MB

.rsrc Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 636KB

UPX1
Size: 759KB - Virtual size: 760KB

.rsrc
Size: 8KB - Virtual size: 12KB

aG[x$q<-
Size: 829KB - Virtual size: 829KB

AX/F;=,t
Size: 4KB - Virtual size: 3KB

;x;2*78P
Size: 19KB - Virtual size: 18KB

P>;B,,*w
Size: - Virtual size: 17KB

: M;BR?P
Size: 12KB - Virtual size: 11KB

,5G&^^5%
Size: - Virtual size: 52B

?/`)U?W6
Size: 512B - Virtual size: 24B

XGhcDLj%
Size: 53KB - Virtual size: 52KB

+0N!VGD5
Size: 108KB - Virtual size: 108KB

giA6YMSc
Size: 261KB - Virtual size: 260KB

x0e v;RI
Size: 53KB - Virtual size: 52KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 244KB - Virtual size: 9.7MB

.rsrc
Size: 8KB - Virtual size: 7KB