d5670f41eafd9aaf7dd4814e3c6337f1

Sharing

Copy URL Twitter E-mail

General

Target

d5670f41eafd9aaf7dd4814e3c6337f1
Size

792KB
MD5

d5670f41eafd9aaf7dd4814e3c6337f1
SHA1

cbd4f751a1255851cb8c5d53565e3993098251c9
SHA256

6985795eef5e4a56ce4e7fb51770bebc3ca423fbc33e9ed8081c2e2d532b4b20
SHA512

88e2bc14a7c27e8b625dd5c48fabe13273fb8a8de61ff9b694e51434f892fcd56d6adb9a92c4d2920431cc541eae4bd0dd104d0d7b4ae197b0a8bfba2800747f
SSDEEP

24576:B2fPaYKXCF6F75P1tlxz09Fd6ORr6wDw1q+yOLr950TLyw:kqZCF45709Fd6F+h+BLJSTF

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/MScaner/MDScan.dll	acprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MScaner/MDScan.dll
unpack001/MScaner/MScaner.exe

Files

d5670f41eafd9aaf7dd4814e3c6337f1
.rar
MScaner/MDScan.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

MDScan_Close
MDScan_Init
MDScan_Scan

Sections

xx00
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

00xx
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0xx0
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MScaner/MScaner.exe
.exe windows:5 windows x86 arch:x86

35e11cd4f5209e85803be72a44120a59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyProject\VC\MScaner\Release\MScaner.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetUserDefaultLCID
EnumSystemLocalesA
WriteConsoleA
GetLocaleInfoW
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetConsoleMode
CreateFileW
GetConsoleCP
VirtualFree
HeapCreate
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
HeapFree
FindResourceExA
VirtualProtect
GetProfileIntA
GetTickCount
SearchPathA
GetOEMCP
GetCPInfo
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetCurrentDirectoryA
GlobalFlags
InterlockedIncrement
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LocalAlloc
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
SuspendThread
WaitForSingleObject
SetThreadPriority
GlobalAddAtomA
GetCurrentProcessId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GlobalFree
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetLastError
SetLastError
ResumeThread
CloseHandle
GetCurrentThreadId
WaitForMultipleObjects
ResetEvent
EnterCriticalSection
LeaveCriticalSection
CreateEventA
Sleep
InitializeCriticalSection
GetCurrentThread
SetEvent
lstrcpyA
DeleteFileA
GetTempPathA
OutputDebugStringA
GetModuleFileNameA
WritePrivateProfileStringA
LoadLibraryA
GetTempFileNameA
GetProcAddress
GlobalUnlock
MultiByteToWideChar
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
lstrlenA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
WriteConsoleW
GetConsoleOutputCP
IsValidLocale

user32

IsClipboardFormatAvailable
MapVirtualKeyExA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
SetRect
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
TranslateAcceleratorA
UnregisterClassA
LoadImageA
CopyImage
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
KillTimer
SetTimer
InvalidateRect
IsMenu
SetClassLongA
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
PostThreadMessageA
SetRectEmpty
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindowRect
DestroyMenu
GetMenuItemInfoA
InflateRect
UnhookWindowsHookEx
CharUpperA
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
SetFocus
WinHelpA
SystemParametersInfoA
OffsetRect
MessageBeep
RedrawWindow
IsZoomed
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffA
CopyIcon
SubtractRect
ValidateRect
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
CopyRect
IsWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
GetNextDlgGroupItem
DestroyCursor
GetWindowRgn
MapDialogRect
CreateMenu
GetDoubleClickTime
MapWindowPoints
GetIconInfo
MessageBoxA
ShowOwnedPopups
SetCursor
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
CloseClipboard
GetSystemMenu
ScreenToClient
IsIconic
GetSubMenu
LoadMenuA
LoadIconA
wsprintfA
DrawIcon
GetClientRect
SendMessageA
EmptyClipboard
GetCursorPos
AppendMenuA
PostMessageA
OpenClipboard
GetSystemMetrics
EnableWindow
SetClipboardData

gdi32

ExtTextOutA
CreateHatchBrush
CreateFontIndirectA
GetTextExtentPoint32A
GetDCOrgEx
SetRectRgn
CombineRgn
DPtoLP
GetTextMetricsA
OffsetRgn
GetRgnBox
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
GetTextColor
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
Polyline
Ellipse
Polygon
Rectangle
CreateSolidBrush
CreatePalette
CreatePen
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
TextOutA
RectVisible
PtVisible
RoundRect
GetPixel
BitBlt
GetWindowExtEx
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPaletteEntries
GetDeviceCaps
GetViewportExtEx
GetObjectA
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
CopyMetaFileA
Escape

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

DragFinish
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
ShellExecuteA
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathRemoveFileSpecW

ole32

DoDragDrop
OleGetClipboard
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString

gdiplus

GdiplusShutdown
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI
GdipCloneImage
GdipGetImagePalette
GdiplusStartup

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetQueryDataAvailable

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MScaner/MScaner.ini
MScaner/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

xx00 Size: - Virtual size: 92KB

00xx Size: 42KB - Virtual size: 44KB

0xx0 Size: 1KB - Virtual size: 4KB

35e11cd4f5209e85803be72a44120a59

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 313KB - Virtual size: 313KB

.data Size: 68KB - Virtual size: 97KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 161KB - Virtual size: 160KB

xx00
Size: - Virtual size: 92KB

00xx
Size: 42KB - Virtual size: 44KB

0xx0
Size: 1KB - Virtual size: 4KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 313KB - Virtual size: 313KB

.data
Size: 68KB - Virtual size: 97KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 161KB - Virtual size: 160KB