dc427e59b725ace62c475fa92d1e68320e3d4b0ce1f5d2ba72dfe7df4c404cd5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc427e59b725ace62c475fa92d1e68320e3d4b0ce1f5d2ba72dfe7df4c404cd5
Size

34KB
MD5

0ddcbe12078d06542f29d336257c45d7
SHA1

494005a7961948b5f0e941cc6e32ee0e0180cd62
SHA256

dc427e59b725ace62c475fa92d1e68320e3d4b0ce1f5d2ba72dfe7df4c404cd5
SHA512

2f4456805ac177da45580c763aaee0dfec0685595bb472a7174b1b3dadeb9059aaf509477975c21de1146d549a8dcdad1587aaa739f2b1a64c5a1e4ff4ad9905
SSDEEP

768:NRl6y9NA4IrzfPNyfbIAZRe7MPDeYaxVf/6D4f:Z660rjPm9K7swqD4f

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

dc427e59b725ace62c475fa92d1e68320e3d4b0ce1f5d2ba72dfe7df4c404cd5
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_LOADLIBRARY_DUMMY
_RunAs@16

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ