7c4bacaf996fcefeeb09a041be405b55560a13253061cd7aa493f5dbe8ae3ce3

Sharing

Copy URL Twitter E-mail

General

Target

7c4bacaf996fcefeeb09a041be405b55560a13253061cd7aa493f5dbe8ae3ce3
Size

9KB
MD5

414e0248719f988f91688f597d351db6
SHA1

f0ee609ab803303b66c7b558861fed41ac7d680a
SHA256

7c4bacaf996fcefeeb09a041be405b55560a13253061cd7aa493f5dbe8ae3ce3
SHA512

de1b831066ebb5eb9b496d886d0d3ab8eddbd03f3e6ae3d8fbb83b1a6c414741c828188c19051791710dfe290c924ff01c138f451bec9aba5915911fefc98951
SSDEEP

192:CsY0cH4uyIMjFaNJhLkwcud2DH9VwGfctbkeW70SMAmVct1TRaA:pY0PuyIkaNJawcudoD7UW50SMlY

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

7c4bacaf996fcefeeb09a041be405b55560a13253061cd7aa493f5dbe8ae3ce3
.dll windows x86

Code Sign

62:c4:19:9e:ce:88:ff:b4:4f:95:00:9c:57:57:7e:d8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

17/10/2009, 16:00

Not After

18/10/2012, 16:00

Subject

CN=Microsoft Corporation

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

30/09/1999, 16:00

Not After

16/07/2036, 16:00

Subject

CN=VeriSign Class 3 Code Signing 2009 CA

97:84:4e:25:f8:7f:1f:89:14:50:83:1d:fb:ed:37:18:b8:0a:2f:6e
Signer

Actual PE Digest

97:84:4e:25:f8:7f:1f:89:14:50:83:1d:fb:ed:37:18:b8:0a:2f:6e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

AddFileSizeToSavingsVar
DisplayAllDllDlgs
DoErrOOMDlg
DoErrWriteDlg
FAddNewPddsNode
FCheckIfTargetIsRemove
FDetectTargetStates
FDetermineCleanupActions
FDoneWithPszFiles
FEarlyAppDetection
FExecuteCleanupActions
FInitOPCDataFileBuf
FIsOtherListEmpty
FIsWord97ReallyWord98
FNoDarwinRemoval
FSetTarget
FreeAllBuffers
FreeTargetAndDirBuffers
GetFileBufRead
HfOpenOpc
InitDetection
MemCopy
OPCAlignInstallStates
OPCCleanPreselectedProperties
OPCCleanUpShortcuts
OPCFixSBTElevated
OPCFixSBTImpersonated
OPCGetShellFolder
OPCMigrateStartFolders
OPCMsiMigWrapper
OPCSetATPInstallState
OPCSetFindFastInstallState
OPCSetRemoveFeatureList
OPCSetStartFoldersMigrationState
OPCSetupDetectOldOffice
OPCSetupRemoveOldOffice
SetCollectPIDKEY
SetMigrationLcid
SetSourceDir
UintDetectAndMigrate
WEP

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

62:c4:19:9e:ce:88:ff:b4:4f:95:00:9c:57:57:7e:d8Certificate

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0Certificate

97:84:4e:25:f8:7f:1f:89:14:50:83:1d:fb:ed:37:18:b8:0a:2f:6eSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 20KB

UPX1 Size: 5KB - Virtual size: 8KB

UPX2 Size: 2KB - Virtual size: 4KB

62:c4:19:9e:ce:88:ff:b4:4f:95:00:9c:57:57:7e:d8
Certificate

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0
Certificate

97:84:4e:25:f8:7f:1f:89:14:50:83:1d:fb:ed:37:18:b8:0a:2f:6e
Signer

01/12/2022, 14:34
Valid: false

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 5KB - Virtual size: 8KB

UPX2
Size: 2KB - Virtual size: 4KB