fa0e99fd8e080dc3d5ea289928d8a00dc540c027ebc3e42b7bcbddfc3c9b7d8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa0e99fd8e080dc3d5ea289928d8a00dc540c027ebc3e42b7bcbddfc3c9b7d8a
Size

62KB
MD5

776d2c67b0316754f21b178156f99e48
SHA1

fb6fd71a1c026e52c68d86e75ae3817ea79dbd97
SHA256

fa0e99fd8e080dc3d5ea289928d8a00dc540c027ebc3e42b7bcbddfc3c9b7d8a
SHA512

da398a7ba32e226de75d7c29aa6f0a99feb1e915a02373bf57587e8f0c672f07507a639e74a8bc833541209f69c8006909932e548102bbc606ee026b0b36e342
SSDEEP

1536:68C3PjhLO5hMPNlsAdGID5AA/IvpfUfsCQboHrZ4PcH:68APjjFGAdGkAaIhusCHF4EH

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

fa0e99fd8e080dc3d5ea289928d8a00dc540c027ebc3e42b7bcbddfc3c9b7d8a
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CancelDll
LoadDll

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

htomaota
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ