be6c4bd67fec24a354e05b330ed067e3e078a8ba22066e9e014b6c62d50e7897 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be6c4bd67fec24a354e05b330ed067e3e078a8ba22066e9e014b6c62d50e7897
Size

7KB
MD5

5a641205544358d2be36c7250a65c728
SHA1

1dadc01b024a449ba3ffcbfdd0448cf7ca40c3b9
SHA256

be6c4bd67fec24a354e05b330ed067e3e078a8ba22066e9e014b6c62d50e7897
SHA512

4e7a77994124c38d5925b156dc239a0930f8c9c2c09f228f7421fdbc0d6b2c058c057605747b7d06269c7e4f52eec0c9615c03f58d4af5c5ee3a72fe3e944bc9
SSDEEP

192:CK3VhSuBMc+7+8nJ2JCt8NnO5zpcv5Cv6gi+Q8A:CHl7+2wJYsuSxCSY

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

be6c4bd67fec24a354e05b330ed067e3e078a8ba22066e9e014b6c62d50e7897
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

VDMEnumTaskWOWEx
VDMTerminateTaskWOW
WSPStartup

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ