Trojan-Ransom[.]Win32[.]Cidox[.]acfq-e8327509c0a22c9b91f12d7336fe17d85924b478fbc8f0dbb3fe2f7b69f12e8c | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Cidox.acfq-e8327509c0a22c9b91f12d7336fe17d85924b478fbc8f0dbb3fe2f7b69f12e8c
Size

45KB
MD5

93b2388b4b0f1ae16b3c2b80aed9aae1
SHA1

acb38b54a7415fc2b473534bfbe18b63bb8e0d6b
SHA256

e8327509c0a22c9b91f12d7336fe17d85924b478fbc8f0dbb3fe2f7b69f12e8c
SHA512

61f2f7b744f5d9d3c01f8820b63f245d85b0e5959967ef30521b5e0e92a344a75e33750f0ca50f16cbf62f2bb9878415b3bf37b12d25b0d8bd93bfcdc658a39d
SSDEEP

768:pH+sItJWsaSyLfU6ivMExRZsmhcKQQ8uxDRx2mV8NlcB6vNIurk:pesItKSIfdExRZsmhclMx2S8NdvNhk

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

Trojan-Ransom.Win32.Cidox.acfq-e8327509c0a22c9b91f12d7336fe17d85924b478fbc8f0dbb3fe2f7b69f12e8c
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ