58d682393f04ece0d8e61f480cebb2e094766348da4542604bb8263a27724380 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58d682393f04ece0d8e61f480cebb2e094766348da4542604bb8263a27724380
Size

225KB
MD5

5e16a5d27e3873cbf522e38a7ebd5cc0
SHA1

a4cca419e47fb86d2336971ca77daa9c695a3ab3
SHA256

58d682393f04ece0d8e61f480cebb2e094766348da4542604bb8263a27724380
SHA512

9cf9f090a001a449993df3a489ce9eb23e8f3ca64545ec239e411e0e2fc5ba3961023b6a7c402530d5d2dc8d6d88b744e7581f790e8a50f04c0a4144c4fa779d
SSDEEP

6144:K46xVPmiY2E2bckJX4oiGaB4gNKwIf72FicI6n+EJYv:KPxRmAjbckt4LB48OfdHEJYv

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

58d682393f04ece0d8e61f480cebb2e094766348da4542604bb8263a27724380
.dll regsvr32 windows x86

Code Sign

60:26:6e:4a:4e:54:15:d9:93:cf:23:86:c8:df:ab:f0:b9:ea:96:fd
Signer

Actual PE Digest

60:26:6e:4a:4e:54:15:d9:93:cf:23:86:c8:df:ab:f0:b9:ea:96:fd

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE