dcf32fb202342d45288466a60bef07d1a366a8d659be40cc1e405f8ba96c7525

Sharing

Copy URL

Twitter E-mail

General

Target

dcf32fb202342d45288466a60bef07d1a366a8d659be40cc1e405f8ba96c7525
Size

1.2MB
MD5

9004cef22105246f335942a0bf8f7490
SHA1

91ce67386751ed3875ea4fbb41f47619127acd16
SHA256

dcf32fb202342d45288466a60bef07d1a366a8d659be40cc1e405f8ba96c7525
SHA512

d369ff51da547ff4e9c342545c4fcb1a63ed9bfcf8e12680e4f04c544f003fb524a78cb9daaf5dc332dbbaa51f3d4415684f41bd0dff6635c7515d16aa68dc7c
SSDEEP

24576:r5nJXmCdLsfb1EkjTyyMmH5MXew2MMX1nPaeUlq2ac:Fn/Ls5EkjW/mHSXtonUlq2ac

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

dcf32fb202342d45288466a60bef07d1a366a8d659be40cc1e405f8ba96c7525
.dll windows x86

Code Sign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:00:c8:7f:b0:34:64:50:47:fe:c0:08:23:24:6b:e2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-04-2015 00:00

Not After

26-04-2016 23:59

Subject

CN=OOO DIGITAL VEI,OU=Software Transfer Cloud,O=OOO DIGITAL VEI,POSTALCODE=109451,STREET=UL BRATISLAVSKAYA\, D 21\, KORP 1,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:93:61:6d:1f:52:bf:54:91:a9:92:b7:e6:7d:cb:cb:cc:e2:2c:23
Signer

Actual PE Digest

ec:93:61:6d:1f:52:bf:54:91:a9:92:b7:e6:7d:cb:cb:cc:e2:2c:23

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OOO DIGITAL VEI,OU=Software Transfer Cloud,O=OOO DIGITAL VEI,POSTALCODE=109451,STREET=UL BRATISLAVSKAYA\, D 21\, KORP 1,L=Moscow,ST=Moscow,C=RU

20-10-2022 18:40
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CPlApplet

Sections

UPX0
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

c4:00:c8:7f:b0:34:64:50:47:fe:c0:08:23:24:6b:e2Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

ec:93:61:6d:1f:52:bf:54:91:a9:92:b7:e6:7d:cb:cb:cc:e2:2c:23Signer

Signature Validations

Verification

20-10-2022 18:40 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 244KB

UPX1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 99KB - Virtual size: 99KB

DATA Size: 1.3MB - Virtual size: 1.3MB

BSS Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 74B

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

c4:00:c8:7f:b0:34:64:50:47:fe:c0:08:23:24:6b:e2
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

ec:93:61:6d:1f:52:bf:54:91:a9:92:b7:e6:7d:cb:cb:cc:e2:2c:23
Signer

20-10-2022 18:40
Valid: false

UPX0
Size: - Virtual size: 244KB

UPX1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 99KB - Virtual size: 99KB

DATA
Size: 1.3MB - Virtual size: 1.3MB

BSS
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 74B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB