56f39772cef3c14dbab8adf892fd0bf6ff8b36361e4faca5d227bd136f4c3339

Sharing

Copy URL Twitter E-mail

General

Target

56f39772cef3c14dbab8adf892fd0bf6ff8b36361e4faca5d227bd136f4c3339
Size

4.1MB
MD5

2f82958f2b59287d8089038586ed405a
SHA1

f493bf3913d4034d136e55cf937a8033c4a306e0
SHA256

56f39772cef3c14dbab8adf892fd0bf6ff8b36361e4faca5d227bd136f4c3339
SHA512

8a8206a1a269a1e58419b2cfa02ddf47a20544766003f4ee6e077b87a8ab03cd273f4c24656dccca5e4a39a885eff30b4f02b08abbd85e36fb057940427d6c5d
SSDEEP

98304:19FPP3/8KS9ViT1E6Z+56/JsGC8miws7lXCOcnjpTMMi+mkh59:19FX/8KS9iE6Z+56CcJ7llOjpTMmpb9

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Usp10.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Usp10.dll	upx

Files

56f39772cef3c14dbab8adf892fd0bf6ff8b36361e4faca5d227bd136f4c3339
.rar
PPSoftSetup.msi
.msi
Usp10.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
DecodePointer
EncodePointer
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpk.dll
.dll windows x86

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcAddress
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

wsprintfW

shell32

ord92
ord64

shlwapi

PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathFindFileNameW
SHRegGetValueW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

111
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows x86

cfa06eb8ecb157d3e1e5170182639085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetNativeSystemInfo
SetFilePointer
HeapSetInformation
CreateEventW
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExW
CompareStringW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GlobalFree
OpenProcess
GetSystemDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
LocalFree
FormatMessageW
ReadFile
GetTimeFormatW
GetDateFormatW
CreateDirectoryW
CopyFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetSystemInfo
GetCurrentProcess
GetEnvironmentVariableW
GetModuleHandleW
GetVersion
CreateFileW
EndUpdateResourceW
Sleep
GetDiskFreeSpaceExW
DeleteCriticalSection
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
SetEndOfFile
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GlobalAlloc
LoadLibraryW
UpdateResourceA
BeginUpdateResourceA
InterlockedCompareExchange
FindResourceA
DeleteFileA
lstrlenA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetProcessHeap
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
GetCurrentThreadId
InterlockedExchange
SwitchToThread
GetLastError
WaitForSingleObject
CloseHandle
GetProcAddress
FreeLibrary
WriteFile
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
LocalAlloc
LoadLibraryA
RaiseException
GetCommandLineW
GetStartupInfoW
RtlUnwind
HeapFree
InterlockedDecrement
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

gdi32

GetStockObject
EnumFontFamiliesExW
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteDC
SelectObject
GetTextMetricsW
GetTextExtentPoint32W

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

MessageBoxA
ShowScrollBar
GetClientRect
SendMessageA
SetClassLongW
SetWindowTextW
LoadCursorW
SetCursor
CreateDialogIndirectParamW
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
ScreenToClient
MoveWindow
LoadIconW
SetDlgItemTextW
SendMessageW
GetDlgItem
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
ShowWindow
SendDlgItemMessageW
GetWindowRect
SystemParametersInfoW
ExitWindowsEx
MessageBoxW
DrawTextW
GetSystemMetrics
GetDC
GetDialogBaseUnits
ReleaseDC
CreateDialogParamW
LoadImageW

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord8
ord150
ord78
ord92

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 79KB - Virtual size: 80KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 10KB - Virtual size: 9KB

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

111 Size: 3KB - Virtual size: 3KB

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 1024B - Virtual size: 700B

cfa06eb8ecb157d3e1e5170182639085

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

secur32

shell32

user32

crypt32

wininet

msi

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 314KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 18KB - Virtual size: 17KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 79KB - Virtual size: 80KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 10KB - Virtual size: 9KB

111
Size: 3KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 1024B - Virtual size: 700B

.text
Size: 314KB - Virtual size: 314KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 18KB - Virtual size: 17KB