1415317532d5cde16e7358e4a66b70abd59b5b693b5ca67b0577d7a9e6cda5d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1415317532d5cde16e7358e4a66b70abd59b5b693b5ca67b0577d7a9e6cda5d1
Size

7KB
MD5

30b415ab6a32b0b06d320049ee4732e0
SHA1

a90be96571237c0021f13e3715d26da6eddaec5e
SHA256

1415317532d5cde16e7358e4a66b70abd59b5b693b5ca67b0577d7a9e6cda5d1
SHA512

7814fc9d107e27fc9eba413bddc3cecb8964d2d3075a8fe351090f7c16de219289d75d113fe9b87923e9582b9f6cde03e6bb6b487bd74fb819d642d5b816e503
SSDEEP

96:pei6Fo+79Spo+z8Ywthsoezz1xe+tg3qs8nwE2NhczYDIZR+hBXH:pwFT9YZlmGoYejarZmczY0ZRCX

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

1415317532d5cde16e7358e4a66b70abd59b5b693b5ca67b0577d7a9e6cda5d1
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

VDMEnumTaskWOWEx
VDMTerminateTaskWOW
WSPStartup

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ