90e1911785c9dcb695a3bbf52df64bdb3fabdfd5e2f02bb9274751bcfe078bbf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

90e1911785c9dcb695a3bbf52df64bdb3fabdfd5e2f02bb9274751bcfe078bbf
Size

24KB
MD5

8a60433eab0cb617adbf8dad8f98a9ea
SHA1

0339a002b04d20418b11fd38a382c10f6ff0d2dc
SHA256

90e1911785c9dcb695a3bbf52df64bdb3fabdfd5e2f02bb9274751bcfe078bbf
SHA512

c8f64b2ee79c05d1d274a68042e967206c001cd38fb6125916f8321b8ee8906291d6cdf0e7e06ff04dd5d1fdfc607aef10fbde2a502b483a52d960904f0f3b0c
SSDEEP

384:spOmjHo7vNwZprrUWtbMzfpgZt/iLzCsCAh+mNw3Dt5mCMrKShwwlrzRJe7:sTkNI1rUeMzfw/GzCsCAYma3DCyShBL

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

90e1911785c9dcb695a3bbf52df64bdb3fabdfd5e2f02bb9274751bcfe078bbf
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ServiceInstall
ServiceMain

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ