5b1bfc071c2d27ecc1f94c2dde86eec091b3973e972b8d2914e920733bc262f9

Sharing

Copy URL

Twitter E-mail

General

Target

5b1bfc071c2d27ecc1f94c2dde86eec091b3973e972b8d2914e920733bc262f9
Size

310KB
MD5

fbd722087f7f1f10e2c481b0b36152d3
SHA1

1ed0f81941b3085a5b90021135dc0be8d5ce68f1
SHA256

5b1bfc071c2d27ecc1f94c2dde86eec091b3973e972b8d2914e920733bc262f9
SHA512

702737233162cca37eb9773b01d9722348247a026054c2c230f419b2f8241c51300d1f7104cc8a5530e8e64b9bf593dea6f382bd3d1534e043b3d667a6a818a1
SSDEEP

6144:z+Jouqo4iF5mPh56iVT1PdL+jItWdYj1PTD/EAW:zDbJA5mp5Z1DjNP/E

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5b1bfc071c2d27ecc1f94c2dde86eec091b3973e972b8d2914e920733bc262f9
unpack001/out.upx

Files

5b1bfc071c2d27ecc1f94c2dde86eec091b3973e972b8d2914e920733bc262f9
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Api_AddBotKeyWord
Api_AddFriend
Api_AddQQ
Api_ApplyFriendEvent
Api_ApplyGroupEvent
Api_ApplyGroupEventEx
Api_AuthorizationLogin
Api_Boom
Api_BotIsShutUp
Api_BrowseQzone
Api_CationQrcode
Api_ChannelSet_totalSilence
Api_CloseGroupPay
Api_CreatGroupFloder
Api_CreateGroup
Api_CreateGroupPay
Api_DecryptRedPackData
Api_DelFriend
Api_DelGroup
Api_DelPhotoWall
Api_Delete
Api_EncryptRedPackData
Api_GetAllQQ
Api_GetAnonId
Api_GetAudioUrl
Api_GetBotStatus
Api_GetClientkey
Api_GetCookies
Api_GetDomainPskey
Api_GetFriendCard
Api_GetFriendFileDownUrl
Api_GetFriendMsg
Api_GetFriendOnlineStatus
Api_GetFriends
Api_GetGroupAtAllNum
Api_GetGroupFileCapacity
Api_GetGroupFileDownUrl
Api_GetGroupFileInfo
Api_GetGroupFileList
Api_GetGroupFileNum
Api_GetGroupInfo
Api_GetGroupLaunchNewEx
Api_GetGroupMemberCard
Api_GetGroupMembers
Api_GetGroupMerRank
Api_GetGroupMsg
Api_GetGroupName
Api_GetGroupNotice
Api_GetGroupPayDetail
Api_GetGroupPayIsOk
Api_GetGroupSetInfo
Api_GetGroupTempSessionEx
Api_GetGroupUrl
Api_GetGroups
Api_GetGuildChannelList
Api_GetGuildHead
Api_GetGuildPreGrapToken
Api_GetGuildSelfId_cache
Api_GetGuildUserHome
Api_GetGuildUserName
Api_GetJoinGuildTime
Api_GetManager
Api_GetMsgRandom
Api_GetMsgReq
Api_GetNickCache
Api_GetNick_Acquisition
Api_GetOfflineQQ
Api_GetOnlineQQ
Api_GetPhotoWall
Api_GetPicLink
Api_GetPskey
Api_GetPublicNick
Api_GetQrcode
Api_GetRedPackDetail
Api_GetRedPackMsgNo
Api_GetRedPackVskey
Api_GetSessionkey
Api_GetSign
Api_GetSkey
Api_GetUploadInfo
Api_GetUrlIsSafe
Api_GetVer
Api_GrantCheckToGroup
Api_Groupclock
Api_InviteGroup_other
Api_Like
Api_Login
Api_Logout
Api_Mp3ToAmr
Api_MultiMsg_ApplyDown_Group
Api_Output
Api_PBGroupNotic
Api_Passtheequipmentverification
Api_PbMsgWithDraw_ChannelGuild
Api_PbMsgWithDraw_Friend
Api_PbMsgWithDraw_Group
Api_PublishVote_A
Api_PublishVote_B
Api_QueryBalance
Api_QueryMusicInfo_fcg_music_get_song_info_batch
Api_QueryMusicInfo_fcg_music_search
Api_Quit
Api_QuitGuild
Api_RedPack_Exclusive
Api_RedPack_KeyWord
Api_RedPack_Log
Api_RedPack_Luck
Api_RedPack_Ordinary
Api_Reload
Api_RemoveMember
Api_SendFriendMsg
Api_SendFriendXMLMsg
Api_SendGroupJson
Api_SendGroupMemberMsg
Api_SendGroupMsg
Api_SendGroupPayMsg
Api_SendGroupXMLMsg
Api_SendGuildMsg
Api_SendPacket
Api_SetGroupAnonClose
Api_SetGroupAnonOpen
Api_SetGroupBatchSession
Api_SetGroupCard
Api_SetGroupFrankly
Api_SetGroupInvite
Api_SetGroupMemberCard
Api_SetGroupName
Api_SetGroupRecType
Api_SetGroupSpeakSpeed
Api_SetGroupTempSession
Api_SetJoinGroupType
Api_SetManager
Api_SetNick
Api_SetRank
Api_SetRobotGuildNick
Api_SetShieldedFriend
Api_SetSign
Api_SetSpecialCare
Api_ShutUp
Api_ShutUpAll
Api_TakeFriendsOnline
Api_TakeFriendsPic
Api_TakeGroup
Api_TopGroup
Api_TransferAccounts
Api_UnTopGroup
Api_UpFlieGroup
Api_UpPhotoWall
Api_UploadFriendAudio
Api_UploadFriendAudioEx
Api_UploadFriendPic
Api_UploadFriendPicEx
Api_UploadGroupAudio
Api_UploadGroupAudioEx
Api_UploadGroupPic
Api_UploadGroupPicEx
Api_UploadHead
Api_UploadHeadEx
Api_UploadLitleVideo
Api_WavToAmr
Api_aa
Api_deflate
Api_draw_lucky_gift
Api_getAllIsShutup
Api_getMeIsShutup
Api_getOthIsShutup
Api_gzcompress
Api_gzuncompress
Api_inflate
Api_vip_pub_subbutton_qiandao
Api_vip_qiandao_web
Api_��

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 297KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 500KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 540KB

UPX1 Size: 297KB - Virtual size: 300KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 500KB - Virtual size: 498KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 72KB - Virtual size: 134KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 72KB - Virtual size: 68KB

UPX0
Size: - Virtual size: 540KB

UPX1
Size: 297KB - Virtual size: 300KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 500KB - Virtual size: 498KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 72KB - Virtual size: 134KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 72KB - Virtual size: 68KB