16f15a6d33995bff6f64ea6e4a18f20c32661b17c337dfc6614e11641a95ddf2

General

Target

16f15a6d33995bff6f64ea6e4a18f20c32661b17c337dfc6614e11641a95ddf2
Size

1.7MB
MD5

05f1ca5efad1124dac336dec3b492f8f
SHA1

41d04a97fabb4167986e7afa3940af68db6a1060
SHA256

16f15a6d33995bff6f64ea6e4a18f20c32661b17c337dfc6614e11641a95ddf2
SHA512

d42f8fd9f3330b78c6c9222f88dbfe004cf8a4ff3f55d9c6afc4b585368403305597eeb3a51085922644f354d7450c8356a168d0b1acc5f881cfc4c2effe3696
SSDEEP

49152:6qdZxcr2gXvVccDaiFx4+36csGtPT+DO4QXND:/sqg/VccDjFx4+TbPT+EXB

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ntldll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ntldll.dll	upx

Files

16f15a6d33995bff6f64ea6e4a18f20c32661b17c337dfc6614e11641a95ddf2
.rar
csrss.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ntldll.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FiBaseSistema
FuncCaCliente
FuncRelatorio
MoveGate
ShowForm
basesistema

Sections

UPX0
Size: - Virtual size: 24.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 322KB - Virtual size: 322KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24.1MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 6KB - Virtual size: 8KB

CODE
Size: 322KB - Virtual size: 322KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 32KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 24.1MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 6KB - Virtual size: 8KB