6f0c8f744b18a0d2faba681ec12381dda4820796536acc3619320a71d841bdd5

Sharing

Copy URL Twitter E-mail

General

Target

6f0c8f744b18a0d2faba681ec12381dda4820796536acc3619320a71d841bdd5
Size

3.5MB
MD5

8eb651256e1858682bc7b4ac94bb81a0
SHA1

33cdfaf096ea179c11ea31280309c6949aada470
SHA256

6f0c8f744b18a0d2faba681ec12381dda4820796536acc3619320a71d841bdd5
SHA512

fd1b9dbfffed1a0e81115290296218273a560bda4e2920e31e5624ed4faf5373b770091a399cf79be6f101e3e7cdb8a0c507e9dd8e6f217cf3e6f1c1a1575ef4
SSDEEP

98304:lRoKmLT1jONcdIgEAFtq8XQRzvPAZlpYqZ0L1UkD60Gf:l/mLtOWd+AXiRzvYbpYDLt+

Score

7^/10

qr link upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Aria2/aria2c.exe	upx

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Aria2/Aria2c启动器.exe
unpack001/Aria2/AriaNg启动器.exe
unpack002/out.upx

Files

6f0c8f744b18a0d2faba681ec12381dda4820796536acc3619320a71d841bdd5
.zip
Aria2/AUTHORS
Aria2/Aria2c启动器.exe
.exe windows:5 windows x64 arch:x64

f9309fff2ca1987b729c2da5521e6655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW

kernel32

LockResource
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
LoadResource
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExW
IsValidCodePage
GetCommandLineA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
QueryDosDeviceW
ReadConsoleW

user32

RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
MapWindowPoints
IsWindowVisible
LoadImageW
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
ClientToScreen
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
RemovePropW
SetPropW
GetPropW
FlashWindow
SetMenu
ExitWindowsEx
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSystemMenu
GetLastInputInfo
SetWindowTextW
GetCursor
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
MessageBeep
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
SetFocus
SetActiveWindow
VkKeyScanExW
EnumChildWindows
CheckMenuItem

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString

Sections

.text
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Aria2/AriaNg/LICENSE
Aria2/AriaNg/favicon.ico
Aria2/AriaNg/favicon.png
.png
Aria2/AriaNg/index.html
.html
Aria2/AriaNg/robots.txt
Aria2/AriaNg/tileicon.png
.png
Aria2/AriaNg/touchicon.png
.png
Aria2/AriaNg启动器.exe
.exe windows:5 windows x64 arch:x64

f9309fff2ca1987b729c2da5521e6655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW

kernel32

LockResource
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
LoadResource
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExW
IsValidCodePage
GetCommandLineA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
QueryDosDeviceW
ReadConsoleW

user32

RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
MapWindowPoints
IsWindowVisible
LoadImageW
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
ClientToScreen
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
RemovePropW
SetPropW
GetPropW
FlashWindow
SetMenu
ExitWindowsEx
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSystemMenu
GetLastInputInfo
SetWindowTextW
GetCursor
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
MessageBeep
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
SetFocus
SetActiveWindow
VkKeyScanExW
EnumChildWindows
CheckMenuItem

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString

Sections

.text
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Aria2/COPYING
Aria2/ChangeLog
Aria2/LICENSE.OpenSSL
Aria2/NEWS
Aria2/README.html
.html
Aria2/README.md
Aria2/README.mingw
Aria2/aria2.conf
Aria2/aria2.exe
.exe windows:4 windows x86 arch:x86

1ad88f29b3f2e97e57f32b98c058b515

Code Sign

67:e5:19:97:92:b3:58:07:7e:77:3d:0f:b7:f7:96:d0:1e:80:73:28
Signer

Actual PE Digest

67:e5:19:97:92:b3:58:07:7e:77:3d:0f:b7:f7:96:d0:1e:80:73:28

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrlenW
lstrcpyW
SetCurrentDirectoryW
GetModuleFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetConsoleWindow
AllocConsole
CloseHandle
ExitProcess
CreateProcessW
Sleep
TerminateProcess
OpenProcess
SetConsoleTextAttribute
GetStdHandle
GetStartupInfoW

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
MessageBoxW
DefWindowProcW
IsWindowVisible
PostQuitMessage
SetWindowTextW
SetTimer
LoadStringW
CreateWindowExW
ShowWindow
UpdateWindow
CreatePopupMenu
AppendMenuW
GetCursorPos
TrackPopupMenu
PostMessageW
SetForegroundWindow
DestroyMenu
LoadIconW
RegisterClassExW

msvcrt

wcschr
memset
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_wtoi
wprintf
_iob
_wfreopen
wcstok
_vsnwprintf
wcsrchr

shell32

Shell_NotifyIconW

psapi

GetProcessMemoryInfo

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Aria2/aria2c.exe
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:cd:17:42:0e:5e:42:ab:8f:c0:9e:7c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

01/03/2019, 06:10

Not After

01/03/2021, 03:03

Subject

CN=Changsha Luojin Information Technology Co.\, Ltd.,OU=项目开发部,O=Changsha Luojin Information Technology Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:7d:92:5c:cb:6e:d7:16:43:64:9a:4d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

01/03/2019, 07:11

Not After

01/03/2021, 07:11

Subject

SERIALNUMBER=91430105MA4Q81A329,CN=Changsha Luojin Information Technology Co.\, Ltd.,OU=项目开发部,O=Changsha Luojin Information Technology Co.\, Ltd.,STREET=开福区四方坪街道双拥路9号长城万富汇大厦9层9038号房（集群注册）,L=Changsha,ST=Hunan,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13084348414e47534841,1.3.6.1.4.1.311.60.2.1.2=#130548554e414e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:d0:85:f8:85:4e:0c:9e:62:a1:2b:d5:4f:0b:f1:07:57:44:1d:6b:08:db:f9:e5:d2:7e:07:ab:39:3e:93:a9
Signer

Actual PE Digest

8f:d0:85:f8:85:4e:0c:9e:62:a1:2b:d5:4f:0b:f1:07:57:44:1d:6b:08:db:f9:e5:d2:7e:07:ab:39:3e:93:a9

Digest Algorithm

sha256

PE Digest Matches

true

82:91:11:60:a8:9e:a0:7b:66:1f:e9:2a:62:e6:cb:d6:3c:a3:db:53
Signer

Actual PE Digest

82:91:11:60:a8:9e:a0:7b:66:1f:e9:2a:62:e6:cb:d6:3c:a3:db:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Aria2/rocket.ico
Aria2/关注公众号：千千软件，可获取网盘高速下载方法.jpg
.jpg
- http://weixin.qq.com/r/LxKPl5jEhMX7rdz090c9

Sharing

General

Malware Config

Signatures

Files

f9309fff2ca1987b729c2da5521e6655

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 779KB - Virtual size: 778KB

.rdata Size: 226KB - Virtual size: 226KB

.data Size: 14KB - Virtual size: 39KB

.pdata Size: 28KB - Virtual size: 27KB

.gfids Size: 512B - Virtual size: 236B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 88KB - Virtual size: 88KB

f9309fff2ca1987b729c2da5521e6655

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 779KB - Virtual size: 778KB

.rdata Size: 226KB - Virtual size: 226KB

.data Size: 14KB - Virtual size: 39KB

.pdata Size: 28KB - Virtual size: 27KB

.gfids Size: 512B - Virtual size: 236B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 70KB - Virtual size: 69KB

1ad88f29b3f2e97e57f32b98c058b515

Code Sign

67:e5:19:97:92:b3:58:07:7e:77:3d:0f:b7:f7:96:d0:1e:80:73:28Signer

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shell32

psapi

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 7KB

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

.text
Size: 779KB - Virtual size: 778KB

.rdata
Size: 226KB - Virtual size: 226KB

.data
Size: 14KB - Virtual size: 39KB

.pdata
Size: 28KB - Virtual size: 27KB

.gfids
Size: 512B - Virtual size: 236B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 88KB - Virtual size: 88KB

.text
Size: 779KB - Virtual size: 778KB

.rdata
Size: 226KB - Virtual size: 226KB

.data
Size: 14KB - Virtual size: 39KB

.pdata
Size: 28KB - Virtual size: 27KB

.gfids
Size: 512B - Virtual size: 236B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 70KB - Virtual size: 69KB

67:e5:19:97:92:b3:58:07:7e:77:3d:0f:b7:f7:96:d0:1e:80:73:28
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 7KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

06:cd:17:42:0e:5e:42:ab:8f:c0:9e:7c
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

63:7d:92:5c:cb:6e:d7:16:43:64:9a:4d
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

8f:d0:85:f8:85:4e:0c:9e:62:a1:2b:d5:4f:0b:f1:07:57:44:1d:6b:08:db:f9:e5:d2:7e:07:ab:39:3e:93:a9
Signer

82:91:11:60:a8:9e:a0:7b:66:1f:e9:2a:62:e6:cb:d6:3c:a3:db:53
Signer

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 1.8MB - Virtual size: 1.8MB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 14KB - Virtual size: 14KB

.rdata
Size: 449KB - Virtual size: 449KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B