36c83ed6596cf17fc97733f88e76db2796459237e320e01d86a9dcf4426395e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36c83ed6596cf17fc97733f88e76db2796459237e320e01d86a9dcf4426395e5
Size

68KB
MD5

ea1d7eaf0d08ae48e875a64276a85c10
SHA1

ad0344bfddaa338008a3f464437dddc9565cc562
SHA256

36c83ed6596cf17fc97733f88e76db2796459237e320e01d86a9dcf4426395e5
SHA512

4700d2c5d6c552c0e899ac567314c5db43108fe6a870326323d3ad9ba18df2eb7a183ca73b40fe34f55e353af74a7dbc379a4200a02dc0195ac7033f0b8b91e9
SSDEEP

1536:bemy3s2w+o1abWMx7YqyKbfVL4FxHK90rfneDcFIiEH:7I3oURVyifVWucSEIpH

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

36c83ed6596cf17fc97733f88e76db2796459237e320e01d86a9dcf4426395e5
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

WSHAddressToString
WSHEnumProtocols
WSHGetBroadcastSockaddr
WSHGetProviderGuid
WSHGetSockaddrType
WSHGetSocketInformation
WSHGetWSAProtocolInfo
WSHGetWildcardSockaddr
WSHGetWinsockMapping
WSHIoctl
WSHJoinLeaf
WSHNotify
WSHOpenSocket
WSHOpenSocket2
WSHSetSocketInformation
WSHStringToAddress

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll .js windows x86