b2e01ffcb1db1030cd903c8d59eae9ea3c25eb3d95171164fe96e4dffa6f667b | Triage

Sharing

General

Target

b2e01ffcb1db1030cd903c8d59eae9ea3c25eb3d95171164fe96e4dffa6f667b
Size

313KB
MD5

5686725ebd78d06c86ee0bfc39e731d0
SHA1

1479658580859b4f9bdfac0a274fa674f42a981a
SHA256

b2e01ffcb1db1030cd903c8d59eae9ea3c25eb3d95171164fe96e4dffa6f667b
SHA512

8db7e5c536c397b8315d6f62f1e1ddcfafa61224bc102c808614d306e1455e4f1cd0ec35796979933ac6804d85292dce57ad7d678915473e803d37d80ab8a1eb
SSDEEP

6144:pBSoYu7lTHcVk+KTmGEM6ZBweqtAMJZ+XBq4aQc8dLutBnCpI:pBewHTj6Z9qttJZ+xhueutBnP

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.

Processes:

resource yara_rule

sample acprotect
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

b2e01ffcb1db1030cd903c8d59eae9ea3c25eb3d95171164fe96e4dffa6f667b
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

��װ��Ӻ��
ж�ع��Ӻ��

Sections

UPX0
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 305KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ